If a database contains sensitive data, you can enable the sensitive data protection feature for the database. This way, Data Management (DMS) can scan the database, and detect, de-identify, and manage the sensitive data. This topic describes how to enable the sensitive data protection feature and how to create a scan task for an instance.
- You are a DMS administrator, a database administrator (DBA), or a security administrator.
Note To view the role of your account, move the pointer over the icon in the upper-right corner of the DMS console.
- The database is supported by the sensitive data protection feature. The following
types of databases are supported:
- Relational databases: MySQL, SQL Server, PostgreSQL, MariaDB, Oracle, Dameng (DM), PolarDB for Oracle, PolarDB-X, OceanBase, and Db2
- Data warehouses: AnalyticDB for MySQL, AnalyticDB for PostgreSQL, Data Lake Analytics (DLA), ClickHouse, and MaxCompute
- The quota on the number of instances for which sensitive data protection can be enabled
is purchased and not used up.
Note To view the number of available instances for which sensitive data protection can be enabled, move the pointer over the icon and select .
- Log on to the DMS console V5.0.
- In the top navigation bar, click Security and Specifications. In the left-side navigation pane, choose .
- On the Sensitive Data Dashboard tab, click the Not opened tab in the Instance List section.
- Find the instance for which you want to enable the sensitive data protection feature
and click Enable Now in the Operation column. Note
- If an instance is managed in Security Collaboration mode, you can click Try for Free in the Operation column to experience the de-identification of three sensitive fields.
- Only instances for which the sensitive data protection feature is disabled appear on this tab.
- In the Enable Sensitive Data Protection dialog box, click OK.
- Grant access to the instance. After you grant access to an instance, sensitive data
in the instance can be automatically detected. You must grant access to an instance
before you configure a scan task for the instance. Note If the instance is managed in Security Collaboration mode, the system automatically grants access to the instance. In this case, skip this step.
- On the Enabled tab, find the instance to which you want to grant access and click Account Authorization in the Operation column.
- In the Account Authorization dialog box, enter the username and password that are used to connect to the database.
- Click OK.
- Configure and run a scan task for the instance. Note When DMS runs a scan task for an instance, DMS scans the metadata of the specified database and randomly scans 100 to 200 data entries in the database. The data is used only for sensitive data analysis in the scan task and is not saved for other purposes.
- On the Enabled tab, find the instance for which you want to configure a scan task and click Configure Scan Task in the Operation column.
- In the Configure Scan Task dialog box, select the scan method and click OK. If you select Scheduled Task or Periodic Task for the Scan Method parameter, you
must set more parameters as required.
Value of the Scan Method parameter Description Immediate Task After you configure an immediate task, DMS immediately scans the specified database and marks sensitive data. Scheduled Task Specify a specific date and point in time. DMS automatically scans the specified database and marks sensitive data as scheduled. Periodic Task Specify the time and interval to run the scan task. DMS automatically scans the specified database and marks sensitive data on a regular basis.
- In the message that appears, click OK.
- To view the information of the scan task, click Task details in the Operation column. On the Identification Tasks tab, you can view the owner, the status, and the scan results of the scan task, and the time when the scan task was created, started, and completed.
- To view sensitive data and the sensitivity levels of the sensitive data in the specified instance, click Sensitive Data List in the Operation column, and click the Field Control tab. You can also manage sensitive fields on the Field Control tab. For example, you can adjust the sensitivity levels of fields, change the de-identification rules for fields, and grant permissions on fields. For more information, see Manage sensitive data.