Data Masking in Frappe Framework (v15): Complete Documentation
1. Introduction & Context
Data Masking in Frappe Framework v15 is a privacy feature that protects sensitive information by masking field values for specific users or roles. Instead of exposing the actual value, the system displays a masked representation such as *****, partial values, or a predefined mask format.
This helps teams comply with security standards like GDPR, HIPAA, and industry-specific data-governance policies.
2. What Is Data Masking in Frappe?
Data masking replaces the original field data with a non-identifiable placeholder, ensuring only authorized users can view sensitive information.
Frappe v15 supports masking for:
- Personal data (email, phone numbers, addresses)
- Financial identifiers (PAN, bank accounts)
- Internal confidential fields
- Custom DocType-specific sensitive fields
3. Why Use Data Masking?
Data masking prevents unauthorized access to sensitive data by hiding actual field values. It ensures data security, helps organizations follow privacy laws, and reduces risk during audits or when giving limited access to employees.
4. How Data Masking Works in Frappe v15
Frappe applies masking rules through:
Field-Level Masking
Masking is enabled directly within a field’s configuration.
Role-Based Mask Logic
Users with specific roles (e.g., “System Manager”) can be exempt from masking.
Document Privacy Settings
Masking can be applied conditionally based on the DocType’s Personal Data Fields list.
Runtime Masking (Server-Side)
Masking is enforced at database-request level to ensure consistent protection for list views, form views, reports, APIs, and exports.
5. Configuration & Setup
5.1 Enable Data Masking on a Field
You can add masking to any field via:
Desk → DocType → Select DocType → Fields → Enable “Mask”
Once enabled, Frappe masks the value for all non-privileged users.
Available Masking Options:
| Mask Type | Description |
| Mask Entire Value | Replaces field with ******** |
| Partial Masking | Shows partial values, e.g., 98******21 |
| Custom Mask Format | Define your own pattern using literals |
| Last / First n Characters Visible | Common for phone numbers, IDs |
5.2 Understanding the “Mask Type” Field
Frappe provides configuration options such as:
- Mask all characters
- Show last 4 digits
- Show first 2 letters
- Replace with custom character
Back-end implementation validates masking at field render time.
5.3 Role Exceptions
In Frappe v15, masking is overridden when:
- User has “View Sensitive Data” privilege
- User is a System Manager
- Doctype defines custom access rules
6. Implementation Details (Developer-Level)
6.1 Backend Architecture
values are computed via:
frappe.utils.data_masking.apply_mask()
Internal masking logic is applied:
- Before returning data to client
- Before generating reports
- When sending API responses
- When exporting data
Masking occurs after database retrieval but before serialization, ensuring consistent protection across UI and APIs.
6.2 Python API: Applying Mask Manually
Developers may apply masking programmatically:
from frappe.utils.data_masking import apply_data_masking
masked_value = apply_data_masking(fieldname="mobile_no", value="9876543210", df=field_def)
6.3 Client-Side Mask Enforcement
Masked data is never transmitted in raw form to the browser UI.
Frappe ensures masking is handled on the server to prevent tampering.
7. User Guidance: When Should You Mask Fields?
Appropriate fields for masking:
- Phone numbers
- Bank accounts
- Passport / Aadhaar numbers
- Email addresses
- Personal salary components
- Internal system identifiers
Not advisable to mask:
- Primary keys such as name
- Workflow routing fields
- Mandatory relational fields
8. Best Practices & Tips
Keep masking simple
Overly complex patterns may confuse users.
Use partial masking for business operations
E.g., show last 3 digits for verification.
Avoid masking fields essential for user decisions
Mask only sensitive content, not operational data.
Combine masking with permission rules
Masking is not a replacement for Role Permission Manager.
Document masked fields
Include masking rules in project documentation for developers and auditors.
9. Advanced Topics
9.1 Masking in Custom Apps
Custom apps can embed masking configurations in:
doctype.json
Via:
"mask": 1,
"mask_type": "last_4"
9.2 Masking in Reports
Masked fields remain masked in:
- Query Reports
- Script Reports
- List Views
- Dashboards
Unless the report is accessed by a privileged role.
9.3 Masking in API Calls
REST API returns masked values:
/api/resource/Lead
unless:
- User has permission to view original values
- Field is explicitly marked as non-sensitive
Example masked API output:
{
"email_id": "sa*****@mail.com"
}
10. Troubleshooting
| Problem | Reason | Solution |
| Masking not applied | Browser cache or role override | Clear cache or verify user roles |
| Masked field visible to lower roles | Incorrect permissions | Review Role Permission Manager |
| Mask pattern incorrect | Wrong mask type | Change mask type in field settings |
| API returning full data | Custom endpoint bypassing masking | Apply masking API manually |
11. Real-World Example
A company needs to mask employee mobile numbers for HR staff but not for HR Managers.
Steps:
- Open Employee DocType.
- Find field “cell_number”.
- Enable “Mask”.
- Set mask rule: Show last 4 digits.
- Ensure HR Manager role has “View Sensitive Data”.
- Save & Reload.
12. Cross-References
- DocType Permissions
- User Roles & Permission Rules
- Sensitive Data Fields
- Frappe Personal Data Deletion Framework
Summary
Data Masking in Frappe v15 ensures confidential information is protected across forms, reports, and APIs. With flexible masking rules, role-based exemptions, and backend-level enforcement, it offers a robust privacy framework suitable for any ERPNext or Frappe-based implementation.
