If a database contains sensitive data, you can enable the sensitive data protection feature for the database. This way, Data Management (DMS) can scan the metadata in the database, and detect, de-identify, and manage the sensitive data. This topic describes how to enable the sensitive data protection feature. This topic also describes how to create a scan task to scan metadata.

Prerequisites

  • You are a DMS administrator, a database administrator (DBA), or a security administrator.
    Note To view the role of your account, move the pointer over the 5租户头像 icon in the upper-right corner of the DMS console.
  • The database is supported by the sensitive data protection feature. The following types of databases are supported:
    • Relational databases: MySQL, SQL Server, PostgreSQL, MariaDB, Oracle, Dameng (DM), PolarDB O Edition, PolarDB-X, OceanBase, and Db2
    • Data warehouses: AnalyticDB for MySQL, AnalyticDB for PostgreSQL, Data Lake Analytics (DLA), ClickHouse, and MaxCompute
  • The quota on the number of instances for which sensitive data protection can be enabled is purchased and not used up.
    Note To view the number of available instances for which sensitive data protection can be enabled, move the pointer over the 5售卖 icon and select DMS Renewal and Upgrade.

Procedure

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Security and Specifications. In the left-side navigation pane, choose Sensitive Data > Sensitive Data Dashboard.
  3. On the Sensitive Data Dashboard tab, click the Not opened tab in the Instance List section.
  4. Find the instance for which you want to enable the sensitive data protection feature and click Enable Now in the Operation column.
    Note
    • If an instance is managed in Security Collaboration mode, you can click Try for Free in the Operation column to experience the de-identification of three sensitive fields.
    • Only instances for which the sensitive data protection feature is disabled appear on this tab.
  5. In the Enable Sensitive Data Protection dialog box, click OK.
  6. Grant access to the instance. After you grant access to an instance, sensitive data in the instance can be automatically detected. You must grant access to an instance before you configure a scan task for the instance.
    1. On the Enabled tab, find the instance to which you want to grant access and click Account Authorization in the Actions column.
    2. In the Account Authorization dialog box, enter the username and password that are used to connect to the database.
    3. Click OK.
  7. Configure a scan task for the instance.
    1. On the Enabled tab, find the instance for which you want to configure a scan task and click Configure Scan Task in the Operation column.
    2. In the Configure Scan Task dialog box, select the scan method and click OK. If you select Scheduled Task or Periodic Task for the Scan Method parameter, you must set more parameters as required.
      Scan method Description
      Immediate Task After you configure an immediate task, DMS immediately scans the metadata in the specified database and marks sensitive data.
      Scheduled Task Specify a specific date and point in time. DMS automatically scans the metadata in the specified database and marks sensitive data as scheduled.
      Periodic Task Specify the time and interval to run the scan task. DMS automatically scans the metadata in the specified database and marks sensitive data on a regular basis.
    3. To view the information of the scan task, click Task details in the Operation column. On the Identification Tasks tab, you can view the owner, the status, and the scan results of the scan task, and the time when the scan task was created, started, and completed.