commands

^

Invoke-DbaDbPiiScan

Author Sander Stad (@sqlstad, sqlstad.nl)
Availability Windows, Linux, macOS

 

Synopsis

Command to return any columns that could potentially contain PII (Personal Identifiable Information)

Description

This command will go through the tables in your database and assess each column. It will first check the columns names if it was named in such a way that it would indicate PII. The next thing that it will do is pattern recognition by looking into the data from the table. Custom scan definitions can be specified using the formats seen in \bin\datamasking\pii-knownnames.json and \bin\datamasking\pii-patterns.json.

Syntax

Invoke-DbaDbPiiScan
    [[-SqlInstance] <DbaInstanceParameter[]>]
    [[-SqlCredential] <PSCredential>]
    [[-Database] <String[]>]
    [[-Table] <String[]>]
    [[-Column] <String[]>]
    [[-Country] <String[]>]
    [[-CountryCode] <String[]>]
    [[-ExcludeTable] <String[]>]
    [[-ExcludeColumn] <String[]>]
    [[-SampleCount] <Int32>]
    [[-KnownNameFilePath] <String>]
    [[-PatternFilePath] <String>]
    [-ExcludeDefaultKnownName]
    [-ExcludeDefaultPattern]
    [-EnableException]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db1

Scan the database db1 on instance sql1

Example: 2
PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1, sql2 -Database db1, db2

Scan multiple databases on multiple instances

Example: 3
PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db2 -ExcludeColumn firstname

Scan database db2 but exclude the column firstname

Example: 4
PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db2 -CountryCode US

Scan database db2 but only apply data patterns used for the United States

Example: 5
PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db1 -PatternFilePath  c:\pii\patterns.json

Scans db1 on instance sql1 with additional custom patterns

Example: 6
PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db1 -PatternFilePath  c:\pii\patterns.json -ExcludeDefaultPattern

Scans db1 on instance sql1 with additional custom patterns, excluding the default patterns

Optional Parameters

-SqlInstance

The target SQL Server instance or instances.

Alias
Required False
Pipeline false
Default Value
-SqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-Database

Databases to process through

Alias
Required False
Pipeline false
Default Value
-Table

Table(s) to process. By default all the tables will be processed

Alias
Required False
Pipeline false
Default Value
-Column

Column(s) to process. By default all the columns will be processed

Alias
Required False
Pipeline false
Default Value
-Country

Filter out the patterns and known types for one or more countries

Alias
Required False
Pipeline false
Default Value
-CountryCode

Filter out the patterns and known types for one or more country code

Alias
Required False
Pipeline false
Default Value
-ExcludeTable

Exclude certain tables

Alias
Required False
Pipeline false
Default Value
-ExcludeColumn

Exclude certain columns

Alias
Required False
Pipeline false
Default Value
-SampleCount

Amount of rows to sample to make an assessment. The default is 100

Alias
Required False
Pipeline false
Default Value 100
-KnownNameFilePath

Points to a file containing the custom known names. Custom scan definitions can be specified using the format seen in \bin\datamasking\pii-knownnames.json.

Alias
Required False
Pipeline false
Default Value
-PatternFilePath

Points to a file containing the custom patterns. Custom scan definitions can be specified using the format seen in \bin\datamasking\pii-patterns.json.

Alias
Required False
Pipeline false
Default Value
-ExcludeDefaultKnownName

Excludes the default known names

Alias
Required False
Pipeline false
Default Value False
-ExcludeDefaultPattern

Excludes the default patterns

Alias
Required False
Pipeline false
Default Value False
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False

 

Want to see the source code for this command? Check out Invoke-DbaDbPiiScan on GitHub.
Want to see the Bill Of Health for this command? Check out Invoke-DbaDbPiiScan.