You can create data identification rules to efficiently identify sensitive data under a tenant. This topic describes how to create and set data identification rules.

Go to the Data Recognition Rules page

  1. Log on to the DataWorks console. Find the required workspace and click Data Analytics.
  2. Click the More icon in the upper-left corner and choose All Products > Data Security Guard.
  3. Click Try now. The Data Recognition page appears.
  4. In the left-side navigation pane, choose Rule Change > Data Recognition Rules. On the Data Recognition Rules page, you can create, copy, modify, and delete rules.

Create a rule

  1. Click Create Rule in the upper-right corner.Create Rule
  2. In the Set Basic Info step, set the parameters as required and click Next.
    You can create a template-based rule or a custom rule.Set Basic Info
    Parameter Description
    Data Type The category of the rule. You can select Add By Template or Custom.
    • If you select Add By Template, you can further select Personal Information, Merchant Information, or Company Information.
    • If you select Custom, you can enter a data category.
    Data Name
    • If you select Add By Template, you can select a template from the following built-in sensitive data identification templates: Name, Email, Seat Number, Mobile Phone Number, IP, Mac Address, Car No, Address, Post Code, Id Card, Bank Card, and Company.
    • If you select Custom, you can enter a data name.
    Note A custom rule that is used to identify sensitive data must have a unique name.
    Owner The user who sets the rule.
    Description The description of the rule. The description can be up to 128 characters in length.
  3. In the Specify Details step, set the Level and Data Recognition Rules parameters and click Next.
    Parameter Description
    Level The security level of the data to which the rule is applied. If the existing levels do not meet your needs, go to the Data Level Management page and create levels as needed. For more information, see Manage data security levels.
    Content Scanning Specifies whether to enable content scanning. You can use the content that is specified by the selected template or select Regex Express.
    • If you create a template-based rule, you cannot change the content to be scanned. However, you can manually correct the data identification results of the rule. For more information, see Manually correct data.
    • If you select Regex Express, you can customize the identification rule.
    Field Scanning Specifies whether to enable field scanning. You can use exact match or fuzzy match to specify one or more field names to be identified by the rule. The rule is applied if data matches one of the specified field names.
  4. After you confirm the settings, click Save.Save
Note After the data identification rule is created, the data identification results of the rule are displayed on the next day.

After the data identification rule is created, you can view the data identification results of the rule on the Data Recognition, Data Activities, and Data Risks pages.

Copy a rule

Find a rule and click the Copy icon. A new rule with the same settings is created.

By default, the status of the new rule is Inactive. You can modify the rule and enable it as needed.

Modify a rule

To modify an existing rule, perform the following steps:
  1. Set the status of the rule to Inactive.
  2. Click the Rule Configuration icon.
  3. In the panel that appears, modify the parameters in the Basic Settings, Advanced Settings, Change, and Exception Rule sections.Rule Configuration
  4. Click Save.
  5. After you confirm the settings, set the status of the rule to Active.

Delete a rule

To delete a rule, find the rule and click the Delete icon. In the message that appears, click OK.