This topic describes how to customize de-identification rules in Data Security Guard so that DataWorks can dynamically de-identify the results of ad hoc queries.
Go to the Data Masking page
- Go to the DataStudio page.
- Log on to the DataWorks console.
- In the left-side navigation pane, click Workspaces.
- In the top navigation bar, select the region where your workspace resides, find the workspace, and then click Data Analytics in the Actions column.
- On the DataStudio page, click the icon in the upper-left corner and choose .
- Click Try now to go to the Data Security Guard homepage.
- In the left-side navigation pane, choose .The Data Masking page has two tabs: Data Masking and Whitelist.
Customize de-identification rules in Data Security Guard
- On the Data Masking page, set the Masking Scene parameter to Global Config(_default_scene_code).
- Create a de-identification rule.
- On the Data Masking tab, click Create Rule in the upper-right corner.
- In the Create Rule dialog box, set the Masking Rule, Owner, and Method parameters.The de-identification method varies based on the de-identification rule. You can select a de-identification method based on your needs.
This method replaces the text of a data record with an artificial pseudonym of the same data type. If you select this method, you must specify whether to enable Data watermark and select a security domain from the Domain drop-down list. Different pseudonyms are generated for the same data record based on the same de-identification rule that is configured with different security domains.
If you select HASH, you must specify whether to enable Data watermark and select a security domain from the Domain drop-down list. Different hash values are generated for the same data record based on the same de-identification rule that is configured with different security domains.
- Masking OutThis method uses asterisks (*) to mask specified parts of a data record. This is a commonly used method.
Parameter Description Recommended You can select recommended policies to mask data of common types such as ID card numbers and bank card numbers. Custom You can flexibly specify whether to mask the specified number of characters at the first, middle, or last part of a data record.
- Click Save.
- On the Data Masking tab, set the status of the created de-identification rule to Active or Inactive as needed.You can click the icon in the Actions column of the de-identification rule to test whether it works.
- Configure a whitelist.
- Click the Whitelist tab.
- On the Whitelist tab, click Add Account in the upper-right corner.
- In the Add Account dialog box, set the Rule, Account, and Effective From parameters.Note If you query data beyond the time range that is specified for the whitelist, the query results are still de-identified.