Sensitive Data Discovery and Protection (SDDP) allows you to create desensitization tasks to desensitize your sensitive data in MaxCompute projects, Relational Database Service (RDS) databases, and Object Storage Service (OSS) buckets. In this way, you can protect sensitive data in your data assets.

Based on desensitization algorithms, SDDP masks, encrypts, or replaces sensitive data to desensitize it. In this way, SDDP guarantees that sensitive data can be used while it is safely protected. Currently, SDDP supports only static desensitization.

Note Currently, you can only desensitize sensitive data identified in MaxCompute projects and RDS databases. You cannot desensitize sensitive data identified in OSS buckets.

Prerequisites

SDDP is authorized to access your MaxCompute projects, RDS databases, or OSS buckets. For more information, see Authorization configuration.

Procedure

  1. Log on to the SDDP console.
  2. Create a desensitization task.

    In the left-side navigation pane, choose Sensitive Data Desensitization > Static Desensitization. On the page that appears, click Add Desensitization Task in the upper-right corner to create a custom desensitization task.

    Add Desensitization Task
    1. Enter basic task information, including the task name and remarks, and click Next.
      Note You can specify a custom task name.
      Basic Task Information
    2. Configure the data to be desensitized and click Next.Desensitization Source Configuration
      Parameter Description
      Source Product The Alibaba Cloud service that contains the sensitive data to be desensitized.
      Note Currently, you can only desensitize sensitive data identified in MaxCompute projects and RDS databases. You cannot desensitize sensitive data identified in OSS buckets.
      Project Required. The project or database that contains the table for storing the sensitive data to be desensitized.
      Table Name Required. The table that stores the sensitive data to be desensitized.
      Source Partition Optional. The partition that contains the sensitive data to be desensitized. For more information about specify a partition, see Specify a partition.
      Note This parameter is only available when you set the Source Product parameter to MaxCompute.

      Partition: You can configure partitions when creating a MaxCompute table. Partitions define different logical divisions of a table to help you efficiently query specific content.

      Note If you leave this parameter unspecified, SDDP desensitizes sensitive data in all partitions of the table.
      Sample SQL Optional. The SQL statement that specifies the data to be desensitized.
      Note This parameter is only available when you set the Source Product parameter to RDS.
    3. Configure the desensitization algorithm and click Next.

      In the field list, turn on the Desensitization switch for each field that needs to be desensitized and select a desensitization algorithm as needed. For more information about the desensitization algorithms, see Configure desensitization algorithms.

      Desensitization algorithm configuration
      Note A field is desensitized only after the Desensitization switch is turned on for this field.
    4. Specify the destination location for storing the desensitized data and click Next.
    5. Configure the processing logic.
      Parameter Description
      Select Trigger Method The mode in which the desensitization task is run. Valid values:
      • Manual Only: You must manually run the desensitization task on the Static Desensitization page.
      • Scheduled Only: The desensitization task is automatically run at the specified time hourly, daily, or monthly.
      • Manual + Scheduled: You can manually run the desensitization task. The desensitization task is also automatically run at the specified time hourly, daily, or monthly.
      Table Name Conflict Resolution The handling method if a table exists with the same name as the specified destination table. Valid values:
      • Delete the target table and create a new table with the same name
      • Insert new data to the target table: We recommend that you select this option.
      Row Conflict Resolution
      • Keep conflicting rows in the target table and discard the new data: We recommend that you select this option.
      • Delete conflicting rows in the target table and insert the new data
    6. Click Submit to create the desensitization task.
  3. Run the desensitization task.
    After the desensitization task is created, it appears in the desensitization task list. Find the desensitization task, turn on the turn on switch, and click Start in the Actions column to run the desensitization task.Start

    You can modify or delete a desensitization task after it is created. A running desensitization task cannot be deleted.

  4. In the Task Execution Query section, view the running progress and status of the desensitization task.

    You can know whether the desensitization task is run successfully by checking the value in the Status column. For more information about the failure causes, see Troubleshooting.

    After a desensitization task is started, you must click Global Task Execution Search to update the status of the desensitization task. If you do not click the button, the desensitization task may not be found in the Task Execution Query section.

    Global Task Execution Search

Specify a partition

Partition Format Example
N weeks after the specified date Custom partition field=$[yyyymmdd+7*N] time=$[20190710+7*1]. It indicates that the data generated in the week after July 10, 2019, is to be desensitized.
N weeks before the specified date Custom partition field=$[yyyymmdd-7*N] time=$[20190710-7*3]. It indicates that the data generated in the three weeks before July 10, 2019, is to be desensitized.
N days after the specified date Custom partition field=$[yyyymmdd+N] time=$[20190710+2]. It indicates that the data generated in the two days after July 10, 2019, is to be desensitized.
N days before the specified date Custom partition field=$[yyyymmdd-N] time=$[20190710-5]. It indicates that the data generated in the five days before July 10, 2019, is to be desensitized.
N hours after the specified time Custom partition field=$[hh24mi:ss+N/24] time=$[0924mi:ss+N/24]. It indicates that the data generated in the two hours after 09:00 in the 24-hour clock is to be desensitized.
N hours before the specified time Custom partition field=$[hh24mi:ss-N/24] time=$[0924mi:ss-1/24]. It indicates that the data generated in the hour before 09:00 in the 24-hour clock is to be desensitized.
N minutes after the specified time Custom partition field=$[hh24mi:ss+N/24/60] time=$[0924mi:ss+2/24/60]. It indicates that the data generated in the two minutes after 09:00 in the 24-hour clock is to be desensitized.
N minutes before the specified time Custom partition field=$[hh24mi:ss-N/24/60] time=$[0924mi:ss-2/24/60]. It indicates that the data generated in the two minutes before 09:00 in the 24-hour clock is to be desensitized.

Query desensitization tasks

On the Static Desensitization page, you can query desensitization tasks. In the Desensitization Tasks section, click the ID of a desensitization task in the Task ID column to view the task details.View Task Details
To modify a desensitization task, copy the task ID, paste it in the search bar in the Desensitization Tasks section, and then click Desensitization Task Search. The target desensitization task appears. Click Modify in the Actions column to modify the desensitization task.modify the desensitization task

Troubleshooting

Error message Description
The desensitization task does not exist. The task may have been deleted or disabled. The error message returned because the desensitization task is deleted or disabled. If the switch in the Actions column is turned off for the desensitization task, the task is disabled.
Incorrect recurrence configuration of the scheduled task. The error message returned because the time specified for running the desensitization task daily is invalid.
The desensitization source instance does not exist. The error message returned because the instance containing the source table does not exist.
The desensitization target instance does not exist. The error message returned because the instance is deleted or the permission to access the instance is revoked.
The desensitization source table does not exist. The error message returned because the table is deleted or the permission to access the instance containing the table is revoked.
Incorrect desensitization algorithm parameter. The error message returned because the parameters of the desensitization algorithm are incorrectly configured.
Empty source table column. The error message returned because no data exists in the partition column of the source table.
Failed to write data to the target table. The error message returned because the system fails to write data to the destination table that you specify.
Failed to query the source table. The error message returned because the specified data is not found in the source table.
Failed to create the target table. The error message returned because the destination table does not exist in the specified location.
No primary key has been found. The error message returned because the primary key is missing in the RDS source table. For more information about primary keys, see How to view the primary key fields of a table in apsaradb for MySQL.
Incorrect MaxCompute partition field configured for the task. The error message returned because the source or destination partition is incorrectly configured when you create the desensitization task.