Hiding/Masking userid in log files for specfic user group
We have a requirement where we need to hide the SSN (Social Security Number) in log files for Applicants and replace the SSN with StakeholderID or mask the last 4-digits SSN. We are not supposed to display the SSN as per the GDPR guidelines.
Applicants are a set of users who apply for loans etc. In addition to applicants, we have other user groups like FrontOffice, BackOffice, Administrators, who do not use SSN to login. So, for these users, the logs should come as usual. We use the OperatorID for debugging the logs etc.
One option was to remove the userid from the log pattern in the log4j2.xml but doing that will impact all the users including the FrontOffice, BackOffice, Administrators and Developers. So, it will be very difficult to know the exact requestor context for a log error or exception.
So, we are looking for a solution that will replace or mask the SSN for Applicants and at the same time will not impact other users.