Blind Query
Unlike other TripleBlind operations Blind Query is not an inherently privacy-preserving operation. Blind Query allows you to intentionally expose content to a requesting third party while maintaining visibility into the request and the capability to deny unauthorized access before the query executes. This is useful in special situations such as:
- The asset is a database view which is known to be privacy preserving (e.g. an SQL report that outputs summaries of classes of records)
- The asset is a safe output which you wish to make available to the other party
Blind Query is a Safe with Care operation (see Privacy Assurances and Risk in the Getting Started section of the User Guide), and has the potential for misuse. TripleBlind has a number of safeguards for its use:
- Blind Query is disabled by default at our strictest security levels.
- Unless an Agreement has been established permitting auto-approval of requests, all Blind Query operations require an informed Asset Owner approval through an Access Request. The Access Request for Blind Query contains information on any SQL statements that are invoked in the operation.
k-Grouping
is respected in the Blind Query operation as a minimum record threshold on the output; a query that would result in fewer thank
records would automatically fail with a warning message.
Operation
- When using
create_job()
to query a dataset asset, useOperation.BLIND_QUERY
for theoperation
parameter. - When using
add_agreement()
to permit a counterparty to query your dataset directly, useOperation.BLIND_QUERY
for theoperation
parameter. Permissive agreements (without usage restrictions) are not recommended for use with this operation.
⚠️Blind Query is NOT recommended for HIPAA applications.
Parameters
See examples/Data_Munging/2a_run_report.py
for usage.
operation: BLIND_QUERY
- Blind Query is requested by a data user on a specific
DatasetAsset
using theBLIND_QUERY
operation increate_job()
.
dataset: DatasetAsset
- This asset will be returned to the user after applying preprocessing.
Limitations
SELECT *
is not permitted insql_transform
preprocessors upstream of Blind Query and Blind Join. Useget_column_names()
to request a list of column names and list them explicitly in the query. This empowers the data owner to make an informed approval decision within any Access Requests against their dataset.
Wed May 15 2024 03:21:05 GMT-0400 (Eastern Daylight Time)