Confidentiality - SuperCROSS
The confidentiality feature is used to hide or disguise sensitive or confidential data. There are two types of confidentiality:
- Server-side confidentiality is applied by SuperSERVER during cross tabulation. Cell values that do not meet the confidentiality rule are either changed to a different value or replaced with a string such as ..C. Server side confidentiality is configured by the system administrator using the Data Control API. Learn more about configuring confidentiality at the server level, using the Data Control API.
- Client-side confidentiality can be activated in the SuperCROSS client. For example you can apply rounding rules, and manually conceal cells.
Server-Side Confidentiality
Changes to SuperCROSS Functionality
When confidentiality has been implemented at the server level, the behaviour of the following SuperCROSS features will be modified.
Feature | Changes due to Confidentiality |
---|---|
Summation Options | The Confidentiality section of the Define Recode window for Summation Options is disabled. |
Record View | Depending on the configuration, any or all of the following features may be disabled:
|
Derivations | Concealed cells are treated as zero in the derivation |
Save As | When you export to PC Axis format, SuperCROSS will export concealed cells as zero. For all other formats, concealed cells will be exported using the confidentiality string. |
ColourMatrix and Maps | These functions will be disabled when the table includes concealed cells. |
Client-Side Confidentiality
Rounding Rules
To apply client-side confidentiality to your table, you can use the rounding rules built into SuperCROSS; these are available by default without any configuration required. These rules can help to protect against accidentally disclosing information about your table by adding an element of random rounding. The exact rounding methodology depends on the rule you apply, but this is typically used to randomly round very small values up or down.
To apply client-side confidentiality in SuperCROSS, you need to recode your summation options:
- Go to the Fields window and select the Summation Options.
- Click Recode. The Define Recode window displays.
- Select the summation options you want to apply confidentiality to, and add them to the Recode Values list.
- Select each summation option in the Recode Values list in turn and select the confidentiality rule from the drop-down list. For full details on how each rule works, see Recode Reference - SuperCROSS.
- Click OK to create your recode, then add your recoded summation options to the table to apply the confidentiality rules.
Concealment Rules
It is also possible to apply concealment rules in SuperCROSS. Cells that meet the criteria of the rule will automatically be suppressed.
Concealment rules are applied in the same way as rounding rules (by selecting from the Rule drop-down list when recoding the summation options). However, the concealment rules do not appear in this list by default: you need to create a confid.ini configuration file that defines the rules you want to use.
Location of the confid.ini File
The location of the confid.ini file that you need to create is defined by settings in the ssii.ini configuration file:
- If the database you are working with has a
[DBPath]
defined in the ssii.ini file, then the confid.ini file will be loaded from this directory. Any databases that you have added to the local SuperCROSS catalogue will automatically have the[DBPath]
set to the directory containing the SXV4 file, so in practice, this means that if you want to use concealment rules with local databases, you will need to create a confid.ini file for each one in the same directory as its SXV4 file. - If a database does not have a
[DBPath]
setting, then SuperCROSS will look for a confid.ini file in the[DefaultDBPath]
directory. You can check and configure this setting in SuperCROSS under File > Configuration > SXV4 and Local Access > SXV4 Default DBPath.
Databases loaded from SuperSERVER will not have a [DBPath]
set for them automatically. This means that you need to create a confid.ini file in the [DefaultDBPath]
/ SXV4 Default DBPath directory, and these settings will be used for all SuperSERVER databases. If you want to apply different settings on a per database basis for SuperSERVER databases, then you would need to manually add a [DBPath]
setting to ssii.ini for each of the SuperSERVER databases, and create specific confid.ini files in the relevant directories.
If a database has a [DBPath]
defined in ssii.ini, and there is no confid.ini file in this directory, then no concealment rules will be available for this database. This applies regardless of whether the [DefaultDBPath]
is set or whether there is a confid.ini file in the [DefaultDBPath]
directory.
Defining the Concealment Rules
Once you have determined the correct location, create a new text file called confid.ini in this directory and define your rules. See confid.ini for full details on how to define the rules. Once you have defined your rules, they will appear in the drop-down list in the Define Recode window for the Summation Options. For example:
You will need to reopen the database in SuperCROSS if you make changes to confid.ini in order to see these changes reflected in the Define Recode window.
Manually Conceal Cells
You can manually conceal cells in the SuperCROSS client:
- Select the cell or cells.
- Either:
- Select Edit > Data Area > Conceal Cells > Conceal Selected Cells; or
- Right-click and select Conceal Cells > Conceal Selected Cells.
Use the Conceal Cells > Reveal Selected Cells option to show the cell values again.
Modify Confidentiality String
By default, confidential values are replaced with the string ..C. You can change this string as follows:
- Select Edit > Options.
- Select the Data tab.
- Change the value for Confidentiality String.
- Click OK.