Sensitive Data Discovery and Protection (SDDP) allows you to query all the sensitive data that has been detected in your data assets. You can specify one or more types of sensitive data to query and view the distribution of the queried sensitive data across your data assets. This topic describes how to query sensitive data.

Procedure

  1. Log on to the SDDP console.
  2. In the left-side navigation pane, choose Sensitive Data Identification > Sensitive Data Search.
  3. On the Sensitive Data Search page, set filters as required.Sensitive Data Search
    SDDP supports the following filters:
    • Hit Data: the type of sensitive data. You can select multiple types at a time, for example, email address and mobile number.
    • Enter file name to search/Enter table name to search: the name of the object or table with sensitive data detected. Fuzzy match is supported.
    • Region: the region where the data asset resides.
    • Bucket/Instance/Project: the name of the bucket, database, instance, or project with sensitive data detected.
    • Time range: the beginning and end of the time range to query.
    Note If you set multiple filters, SDDP searches for and displays the sensitive data that meets all the specified filters.
  4. Click Search.

Related operations

  • Query sensitive data by risk level

    On the OSS-file tab, you can set the Sensitivity Level parameter to query sensitive data at the specified risk level in your OSS buckets.

  • Sort sensitive data based on the total number of rows or sensitive fields in ascending or descending order
    On a specific tab such as the RDS-table tab, you can click Sort icon next to Total Number of Rows or Sensitive Column to sort sensitive data based on the total number of rows or sensitive fields in ascending or descending order. The data is sorted in descending order after you click the icon for the first time, and will be sorted in ascending order the next time you click the icon.

What to do next

On the Sensitive Data Search page, view the distribution of the queried sensitive data across your data assets. You can switch to different tabs to view sensitive data in data assets of specific types. To view the details of sensitive data detected in a data asset, find the target data asset and click Details or Column Details in the Operation column. The Hit Query pane appears if the target data asset is an Object Storage Service (OSS) bucket, and the Column Details pane appears if the target data asset is a table. In the Hit Query or Column Details pane, you can view the following information about the sensitive data detected in the data asset:
  • Column Name: the name of the sensitive field detected in the table.
    Note This parameter is available only in the Column Details pane for a table in a Relational Database Service (RDS) database, Tablestore instance, user-created database hosted on an Elastic Compute Service (ECS) instance, PolarDB-X database, or PolarDB database. The Hit Query pane for an OSS bucket does not display this parameter.
  • Hit Rules: the type and name of the sensitive data detection rule that is hit.
  • Sensitivity level: the risk level of the detected sensitive data.
  • Number of Hits: the number of times that the sensitive data detection rule is hit in the OSS bucket.
    Note This parameter is available only in the Hit Query pane for an OSS bucket.
  • Data Sampling: the samples collected from the data asset. You can specify the number of samples to be collected by setting the Sensitive Data Sampling parameter on the Cloud Hosting page. You can set this parameter to 0, 5, or 10. Then, SDDP displays the collected samples based on the configuration.
Hit Query pane