You can create data identification rules to efficiently identify sensitive data within a tenant. This topic describes how to create and configure data identification rules.
Go to the Data Recognition Rules tab
- Log on to the DataWorks console. Find the workspace that you want to manage and click Data Analytics.
- Click the icon in the upper-left corner and choose .
- Click Try now. The Data Security Guard homepage appears.
- In the left-side navigation pane, choose . On the Data Recognition Rules tab, you can create, copy, modify, and delete rules.
Create a rule
- Click Create Rule in the upper-right corner.
- In the Set Basic Info step, set the parameters as required and click Next.
You can create a template-based rule or a custom rule.
Parameter Description Data Type The category of the rule. You can select Add By Template or Custom.
- If you select Add By Template, you can further select Personal Information, Merchant Information, or Company Information.
- If you select Custom, you can enter a data category.
Note A custom rule that is used to identify sensitive data must have a unique name.
- If you set the Data Type parameter to Add by Template, you can select one of the 31 built-in templates that DataWorks provides for sensitive data identification, such as VIN, imsi, Bank Card, Hong Kong And Macao Pass, Email, Name, Nation, PEM File, Seat Number, MEID, Alipay Unique ID, Address, and Id Card.
- If you set the Data Type parameter to Custom, you can enter a rule name.
Owner The user who configures the rule. Description The description of the rule. The description can be up to 120 characters in length.
- In the Specify Details step, set the Level and Data Recognition Rules parameters and click Next.
Parameter Description Level The security level of the data to which the rule is applied. If the existing levels do not meet your needs, go to the Data Level Management page and create levels as needed. For more information, see Manage data security levels. Content Scanning Specifies whether to enable content scanning. You can use the content that is specified by the selected template or select Regex Express. Multiple data identification templates are provided.
- If you create a template-based rule, you cannot change the content to be scanned. However, you can manually correct the data identification results of the rule. For more information, see Manually correct data.
- If you select Regex Express, you can customize the identification rule.
Field scanning Specifies whether to enable field scanning. You can use exact match or fuzzy match to specify one or more field names to be identified by the rule. The rule is applied if data matches one of the specified field names.
- After you confirm the settings, click Save.
After the data identification rule is created, you can view the data identification results of the rule on the Data Recognition, Data Activities, and Data Risks pages.
Copy a rule
By default, the status of the new rule is Inactive. You can modify the rule and enable it as needed.
Modify a rule
- Set the status of the rule to Inactive.
- Click the icon in the Actions column.
- In the panel that appears, modify the parameters in the Basic Settings, Advanced Settings, Change, and Exception Rule sections.
- Click Save.
- After you confirm the settings, set the status of the rule to Active.
Delete a rule
To delete a rule, find the rule and click the icon in the Actions column. In the message that appears, click OK.