All Products
Search
Document Center

DataWorks:Risk identification rule management (old version)

Last Updated:Aug 16, 2023

The risk identification rule management feature allows you to configure risk identification rules to identify risks in daily data access activities. You can also enable AI-based risk identification rules to implement automatic identification of data risks.

The Data Risks page displays the identified data risks and allows users to tag the data risks as secure or risky. In the View Details dialog box that is displayed after you click View Details in the Actions column of a data access record on the Data Activities page, you can view the risk identification rules that correspond to the identified data risks.

  1. Log on to the DataWorks console. In the left-side navigation pane, choose Data Modeling and Development > DataStudio. On the page that appears, select the desired workspace from the drop-down list and click Go to DataStudio.

  2. Click the Icon icon in the upper-left corner and choose All Products > Data governance > Data Security Guard.

  3. Click Try now. The Data Security Guard homepage appears.

  4. In the left-side navigation pane, choose Rule Change > Custom Identification Rules. On the Custom Identification Rules page, you can create, copy, modify, and delete risk identification rules. You can also configure AI-based risk identification rules. Risk identification rule management

Rule Settings tab

  • Create a rule

    Click Create Rule in the upper-right corner. In the Create Rule dialog box, configure the Rule Name, Owner, and Description parameters and click OK.

  • Copy a rule

    Find the rule that you want to copy and click the Copy icon in the Actions column. A new rule with the same settings is created. Copy

    By default, the status of the new rule is Inactive. You can change the status of the rule based on your business requirements.

  • Modify configurations of a rule

    To modify an existing rule, perform the following steps:

    1. Set the status of the rule to Inactive.

    2. Click the Edit icon in the Actions column of the rule.

    3. In the Change panel on the right, modify the parameters in the Basic Settings and Rule Settings sections. Modify configurations of a rule

    4. Click Save.

    5. After you confirm the settings, set the status of the rule to Active.

  • Delete a rule

    To delete a rule, find the rule and click the Delete icon in the Actions column. In the message that appears, click Delete.

AI-based Identification Rules tab

On the Custom Identification Rules page, click AI-based Identification Rules. On the AI-based Identification Rules tab, you can view only an AI-based risk identification rule that is used to identify highly similar SQL statements. AI-based Identification Rules tab

To enable the AI-based risk identification rule, set the status of the rule to Active.

Note
  • After the rule is activated, the SQL statements that meet the rule are displayed on the Data Risks page on the next day.

  • You can disable the rule by changing its status to Inactive. After you disable the rule, the data risks that have been identified based on the rule are not removed.

Comparison of the entries to configure parameters for a risk identification rule in the old and new risk identification rule management features

The following table describes the entries for you to configure parameters for a risk identification rule in the old and new risk identification rule management features.

Note

For more information about the configurations of a risk identification rule in the new risk identification rule management feature. For more information about the configurations of a risk identification rule in the old risk identification rule management feature, see Rule Settings tab.

No.

Configuration item

Position in the old version

Position in the new version

1

Rule name

Basic Settings > Rule Name

Basic information > Rule name

2

Rule owner

Basic Settings > Owner

By default, the owner of the rule is the current Alibaba Cloud account.

This configuration item does not exist. DataWorks records the owner of the rule.

3

Rule description

Basic Settings > Description

Basic information > Description information

4

Compute engine instance for which the rule takes effect

Rule Settings > Engine

To specify a compute engine instance in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location from the drop-down list.

5

Project for which the rule takes effect

Rule Settings > Project

To specify a project in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location from the drop-down list.

6

Data category for the data risk that you want to identify

Rule Settings > Classification

In the Conditions section of the rule definition step, click Select condition and select Data property. Select Data classification as a property category.

7

Sensitivity level of the data risk that you want to identify

Rule Settings > Level

In the Conditions section of the rule definition step, click Select condition and select Data property. Select Data grading as a property category.

8

Sensitive field type for the data risk that you want to identify

Rule Settings > Sensitive field type

In the Conditions section of the rule definition step, click Select condition and select Data property. Select Sensitive field type as a property category.

9

Type of the operation that is performed on data

Rule Settings > Export Type

Valid values:

  • All Export

  • Download Via Tunnel

  • Table Activity

Basic information > Rule Type

Valid values:

  • Data Access Risk

  • Data Export Risk

  • Data Operation Risk

  • Others

10

Table for which the rule takes effect

Rule Settings > Table Name

To specify a table in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location.

11

Field for which the rule takes effect

Rule Settings > Field

To specify a field in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location.

12

Users for which a risk identification rule is triggered when the users access data that is specified in the rule

Rule Settings > Visitors

To specify an information category in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select User information.

13

Maximum number of data records that are specified in a risk identification rule

Rule Settings > Operated Data Volume

In the Conditions section of the rule definition step, click Select condition and select a condition. In the Threshold comparison section for the selected condition, select Data volume in a threshold comparison condition.

14

Time range that is specified in a risk identification rule

Rule Settings > Date

To specify a time range, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Operation time.

15

Alert notification method for a risk identification rule

Not supported

In the Alert Notification Method section of the Alert Settings step, select an alert notification method.