Certain business data, such as mobile numbers and ID card numbers, is sensitive. The fields that store sensitive data must be masked before they are returned for regular queries. To mask and manage sensitive data based on different policies, Data Management (DMS) provides three security levels for data.
DMS supports the following three security levels based on the sensitivity of data:
Note Field security levels can be configured only for databases connected in
DMS or by using
DMS proxy endpoints and cannot be configured for databases connected by using other third-party tools.
- Low Sensitivity: The Low Sensitivity level is derived from the Internal level of DMS. For a database instance that is managed in Security Collaboration mode, the sensitivity level of the data stored in the database instance is Low Sensitivity by default.
- Moderate Sensitivity: The Moderate Sensitivity level is derived from the Sensitive level of DMS.
- High Sensitivity: The High Sensitivity level is derived from the Confidential level of DMS.
Note After you set the sensitivity levels for data, take note of the following rules:
- When you query data in the SQLConsole, the Moderate Sensitivity and High Sensitivity fields on which you have no permissions are displayed as strings of asterisks (*) or in a custom manner.
- To query, export, or change Moderate Sensitivity or High Sensitivity fields, you must apply for the permissions on these fields.
- A database administrator (DBA) or DMS administrator can configure special approval processes for exporting or changing data that contains Moderate Sensitivity or High Sensitivity fields.