Invoke-DbaDbPiiScan

Want to see the source code for this command? Check out Invoke-DbaDbPiiScan on GitHub.
Want to see the Bill Of Health for this command? Check out Invoke-DbaDbPiiScan.

Synopsis

Command to return any columns that could potentially contain PII (Personal Identifiable Information)

Description

This command will go through the tables in your database and assess each column.
It will first check the columns names if it was named in such a way that it would indicate PII.
The next thing that it will do is pattern recognition by looking into the data from the table.
Custom scan definitions can be specified using the formats seen in \bin\datamasking\pii-knownnames.json and \bin\datamasking\pii-patterns.json.

Syntax

Invoke-DbaDbPiiScan
    [[-SqlInstance] <DbaInstanceParameter[]>]
    [[-SqlCredential] <PSCredential>]
    [[-Database] <String[]>]
    [[-Table] <String[]>]
    [[-Column] <String[]>]
    [[-Country] <String[]>]
    [[-CountryCode] <String[]>]
    [[-ExcludeTable] <String[]>]
    [[-ExcludeColumn] <String[]>]
    [[-SampleCount] <Int32>]
    [[-KnownNameFilePath] <String>]
    [[-PatternFilePath] <String>]
    [-ExcludeDefaultKnownName]
    [-ExcludeDefaultPattern]
    [-EnableException]
    [<CommonParameters>]

Examples

Example: 1

PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db1

Scan the database db1 on instance sql1

Example: 2

PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1, sql2 -Database db1, db2

Scan multiple databases on multiple instances

Example: 3

PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db2 -ExcludeColumn firstname

Scan database db2 but exclude the column firstname

Example: 4

PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db2 -CountryCode US

Scan database db2 but only apply data patterns used for the United States

Example: 5

PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db1 -PatternFilePath  c:\pii\patterns.json

Scans db1 on instance sql1 with additional custom patterns

Example: 6

PS C:\> Invoke-DbaDbPiiScan -SqlInstance sql1 -Database db1 -PatternFilePath  c:\pii\patterns.json -ExcludeDefaultPattern

Scans db1 on instance sql1 with additional custom patterns, excluding the default patterns

Optional Parameters

-SqlInstance

The target SQL Server instance or instances.

-SqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.

-Database

Databases to process through

-Table

Table(s) to process. By default all the tables will be processed

-Column

Column(s) to process. By default all the columns will be processed

-Country

Filter out the patterns and known types for one or more countries

-CountryCode

Filter out the patterns and known types for one or more country code

-ExcludeTable

Exclude certain tables

-ExcludeColumn

Exclude certain columns

-SampleCount

Amount of rows to sample to make an assessment. The default is 100

-KnownNameFilePath

Points to a file containing the custom known names. Custom scan definitions can be specified using the format seen in \bin\datamasking\pii-knownnames.json.

-PatternFilePath

Points to a file containing the custom patterns. Custom scan definitions can be specified using the format seen in \bin\datamasking\pii-patterns.json.

-ExcludeDefaultKnownName

Excludes the default known names

-ExcludeDefaultPattern

Excludes the default patterns

-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.