All Products
Search

This Product

    Bastionhost:Data masking policy

    Document Center

    Bastionhost:Data masking policy

    Last Updated:Nov 24, 2025

    Audit data generated during Operations and Maintenance (O&M) can contain sensitive information, such as ID card numbers and mobile phone numbers. You can configure data masking policies on a bastion host to mask the audit records. This helps reduce the risk of sensitive information leakage. This topic describes how to create and manage data masking policies.

    Create a data masking policy

    You can create a data masking policy to mask audit data generated during O&M.

    1. Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.

    2. In the list of Bastionhost instances, find the target instance and click Manage.

    3. In the navigation pane on the left, click System Settings, and then click the Data Masking Policies tab.

    4. Click Create Data Masking Policy. In the Create Data Masking Policy panel, configure a data masking policy for database or host events, specify a Name and a Regular Expression, set the Status to Enable, and set the Filter Scope. Then, click Create.

      Note

      For example, if you want to mask eight consecutive characters starting from the seventh position of the string a1s2d34567890sss, you need to specify a regular expression, set the start position to 7, and set the masking length to 8. The masked result is a1s2d3*******ss.

      image

    Manage data masking policies

    After data masking policies are created, you can modify the configuration items of a data masking policy, delete the data masking policy that is no longer in use, or enable or disable a data masking policy. This ensures that the data security requirements of O&M audit are met.

    1. Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.

    2. In the list of Bastionhost instances, find the target instance and click Manage.

    3. In the navigation pane on the left, click System Settings, and then click the Data Masking Policies tab.

    4. In the list of data masking policies, perform the following operations as needed:

      • Edit a data masking policy

        Find the data masking policy that you want to modify and click Edit in the Actions column. In the panel that appears, you can modify the configuration items of the policy, such as Regular Expression and Filter Scope. Then, click Update.

        image

      • Delete a data masking policy

        In the Actions column of the target data masking policy, click Delete, and then click Delete in the confirmation dialog box.

        To delete policies in a batch, you can also select multiple data masking policies and click Delete at the bottom of the list.

      • Enable or disable a data masking policy

        Select the data masking policy that you want to enable or disable and click Enable or Disable in the lower part of the data masking policy list.