Sensitive Data Discovery and Protection (SDDP) can de-identify and protect sensitive data in your data assets. This topic shows you how to create and query de-identification tasks.
Prerequisites
Background information
SDDP supports both static and dynamic de-identification. Compared with static de-identification, dynamic de-identification is more flexible and allows you to de-identify specified sensitive data. The size of sensitive data that can be dynamically de-identified at a time must be less than 2 MB. For more information about dynamic de-identification, see Perform dynamic de-identification.
Create a de-identification task
Specify a partition
Partition | Format | Example |
---|---|---|
N weeks after the specified date | Custom partition field=$[yyyymmdd+7*N] | time=$[20190710+7*1]. It indicates that the data generated in the week after July 10, 2019 is to be de-identified. |
N weeks before the specified date | Custom partition field=$[yyyymmdd-7*N] | time=$[20190710-7*3]. It indicates that the data generated in the three weeks before July 10, 2019 is to be de-identified. |
N days after the specified date | Custom partition field=$[yyyymmdd+N] | time=$[20190710+2]. It indicates that the data generated in the two days after July 10, 2019 is to be de-identified. |
N days before the specified date | Custom partition field=$[yyyymmdd-N] | time=$[20190710-5]. It indicates that the data generated in the five days before July 10, 2019 is to be de-identified. |
N hours after the specified time | Custom partition field=$[hh24mi:ss+N/24] | time=$[0924mi:ss+N/24]. It indicates that the data generated in the two hours after 09:00 in the 24-hour clock is to be de-identified. |
N hours before the specified time | Custom partition field=$[hh24mi:ss-N/24] | time=$[0924mi:ss-1/24]. It indicates that the data generated in the hour before 09:00 in the 24-hour clock is to be de-identified. |
N minutes after the specified time | Custom partition field=$[hh24mi:ss+N/24/60] | time=$[0924mi:ss+2/24/60]. It indicates that the data generated in the two minutes after 09:00 in the 24-hour clock is to be de-identified. |
N minutes before the specified time | Custom partition field=$[hh24mi:ss-N/24/60] | time=$[0924mi:ss-2/24/60]. It indicates that the data generated in the two minutes before 09:00 in the 24-hour clock is to be de-identified. |
Query de-identification tasks


Troubleshoot failures to run de-identification tasks
Error message | Description |
---|---|
The desensitization task does not exist. The task may have been deleted or closed. | The error message returned because the de-identification task is deleted or disabled. If the switch in the Actions column is turned off for the de-identification task, the task is disabled. |
Incorrect recurrence configuration of the scheduled task. | The error message returned because the time specified for running the de-identification task daily is invalid. |
The desensitization source instance does not exist. | The error message returned because the instance that contains the source table does not exist. |
The desensitization target instance does not exist. | The error message returned because the instance is deleted or the permission to access the instance is revoked. |
The desensitization source table does not exist. | The error message returned because the table is deleted or the permission to access the instance that contains the table is revoked. |
Incorrect desensitization algorithm parameter. | The error message returned because the parameters of the de-identification algorithm are incorrectly configured. |
Empty source table list. | The error message returned because no data exists in the partition column of the source table. |
Failed to write data to the target table. | The error message returned because SDDP fails to write data to the destination table that you specify. |
Failed to query the source table. | The error message returned because the specified data is not found in the source table. |
Failed to create the target table. | The error message returned because the destination table does not exist in the specified location. |
No primary key has been found. | The error message returned because the primary key is missing in the ApsaraDB RDS source table. For more information about primary keys, see How can I view the primary key of an ApsaraDB RDS for MySQL table? |
Incorrect ODPS partition field configured for the task. | The error message returned because the source or destination partition is incorrectly configured when you create the de-identification task. |