Sensitive Data Discovery and Protection (SDDP) provides the dynamic de-identification feature. You can call the ExecDatamask operation to dynamically de-identify sensitive data.

Background information

You can call the ExecDatamask operation to dynamically de-identify sensitive data. When you call this operation, you must specify the ID of a de-identification template. De-identification templates can be used for both static de-identification and dynamic de-identification. You can view template IDs on the Desensitization Template page in the SDDP console. SDDP allows you to create custom de-identification templates. Desensitization Template page

Limits

When you call the ExecDatamask operation to dynamically de-identify sensitive data, the size of the sensitive data that is specified by the Data parameter must be less than 2 MB.

View the call history of the ExecDatamask operation

On the Dynamic Desensitization page in the SDDP console, you can view the call history of the ExecDatamask operation. Each record includes the name of the API operation, the UID of the Alibaba Cloud account or Resource Access Management (RAM) user that was used to call the API operation, the IP address of the user who initiated the API call, the time when the API operation was first and last called, and the total number of API calls.Dynamic desensitization
Note Only one record is generated for API calls that were initiated by the same Alibaba Cloud account or RAM user from the same IP address. In this case, the accumulated number of API calls is recorded.