This topic describes how to configure sensitive fields and data masking rules, and how to apply for permissions on sensitive data.

Configure sensitive fields

Note This feature is available only for administrators.
  1. Log on to the DMS console V5.0.
  2. In the Database instance section in the left-side navigation pane, search for the database that you want to manage.
  3. Right-click the database that you want to manage and select Tables to go to the Table List page.
    Note You can also navigate to the SQLConsole tab and access the details page of a table. In the top navigation bar, choose SQL Console > SQL Console, select the database that you want to manage, and then click Confirm. On the SQLConsole tab, click the biaoxiangqing icon in the upper-right corner to go to the Table List page.
  4. Click the Show icon to the left of the table that you want to manage, and click Adjust on the Column tab. In the Adjust Sensitivity Level dialog box, adjust the sensitivity level of one or more fields.
  5. Click Submit for Security Department Approval.
    Note You are navigated to the SensitivityTicket Details page. Click Approve. The task is executed.
    The sensitivity level of the field or fields is adjusted.
  6. Return to the SQLConsole tab, double-click the table that you just managed, and then check whether the field or fields for which the sensitivity level was adjusted are masked. The default data masking algorithm type is full redaction.
    Note All Data Management (DMS) users, including DMS administrators and database administrators (DBAs), must apply for permissions on sensitive fields before they can view the data of the sensitive fields. For more information, see Apply for permissions on sensitive fields.

Configure data masking rules

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Security and Specifications. In the left-side navigation pane, choose Sensitive Data > Sensitive Data List.
    Note If you are using the previous version of the DMS console, move the pointer over the More icon in the top navigation bar and choose System > Sensitive Data > Sensitive Data List.
  3. On the Field Control tab, select one or more fields for which you want to change the data masking rule, and click Change Masking Rule.
  4. Select an existing data masking rule or create a data masking rule.
    • To use an existing data masking rule, select one from the drop-down list, and click Save.
    • To create a data masking rule, click Create Data Masking Rule. On the Data Masking Rule page, click Create Data Masking Rule, and configure the required information including rule name and data masking algorithm on the Create Rule page. For more information, see Create a data de-identification rule.

Apply for permissions on sensitive fields

Note All DMS users, including DMS administrators and DBAs, must apply for permissions on specific sensitive fields before they can query the data of the sensitive fields. This example demonstrates how to apply for permissions on sensitive fields as a regular user.
  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Security and Specifications. In the left-side navigation pane, click Permission.
    Note If you are using the previous version of the DMS console, move the pointer over the More icon in the top navigation bar and choose Permission > Database-Permission.
  3. In the upper-right corner of the page, choose Access apply > Sensitive Column-Permission.
  4. On the permission application ticket page, enter the name of the database that you want to manage in the search box, click Search, and then select the sensitive field on which you want to apply for permissions.
  5. Click Add. The sensitive field appears in the Selected Databases/Tables/Columns section.
  6. In the Select Permission section, set the parameters that are described in the following table and click Submit.
    shenqingliequanxian
    Parameter Description
    Permission The type of permission that you want to apply for. You can select one or more permission types. Valid values: Query, Export, and Change.
    Data Masking Method The way in which the sensitive data is displayed. Valid values:
    • Semi-sensitization: The data is displayed in the format that is generated after the specified data masking algorithm is run.
    • Plain Text: The data is displayed in plaintext.
    Note If you set the Permission parameter to Export and the Data Masking Method parameter to Semi-sensitization, the data exported from the sensitive field is partially masked.
    Duration The validity period of the selected permissions.
    Reason The description of the business background and the reason for this application. This reduces unnecessary communication and facilitates the approval process.
    Note After the application is submitted, wait for approval. You can click Submitted Tickets in the My Tickets section on the homepage of the DMS console to view the status of the permission application ticket.
  7. After the ticket is approved, you can query the data of the sensitive field on the SQLConsole tab.