This topic describes how to adjust the sensitivity levels of fields and change the de-identification rules for fields. This topic also describes how to grant and revoke permissions on fields.

Prerequisites

You are a Data Management (DMS) administrator, a database administrator (DBA), or a security administrator.
Note To view the role of your account, move the pointer over the Profile picture icon in the upper-right corner of the DMS console.

Procedure

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Security and Specifications. In the left-side navigation pane, choose Sensitive Data > Sensitive Data List.
  3. On the Sensitive Data List tab, click the Field Control tab.
    • Adjust the sensitivity level of one or more fields.
      1. Click the 5加 icon to the left of a specific database. All fields of the database are displayed.
      2. Find the field for which you want to adjust the sensitivity level and click Adjust Sensitivity Level in the Operation column.
        Note To adjust the sensitivity level of multiple fields to the same level, select the fields and click Adjust Sensitivity Level in the upper-left corner of this tab.
      3. In the Adjust Security Level dialog box, select the sensitivity level that you want to set and click Confirm.
    • Change the de-identification rule for one or more fields.
      1. On the Field Control tab, select one or more fields for which you want to change the de-identification rule.
      2. Click Change Masking Rule in the upper-left corner of this tab.
      3. In the Data Masking Rule must be selected. dialog box, select a custom de-identification rule and click Save. For more information about custom de-identification rules, see Create a data de-identification rule.
        Note The default data de-identification rule is DEFAULT. To reset the de-identification rule to DEFAULT for a field, click Reset Masking Rule in the Operation column.
    • Grant permissions on fields.
      Note You can grant permissions on fields only for a database instance that is managed in Security Collaboration mode. You cannot grant permissions on fields for a database instance that is managed in Flexible Management or Stable Change mode.
      1. On the Field Control tab, select one or more fields on which you want to grant permissions.
      2. Click Authorize user in the upper-left corner of this tab.
      3. In the Authorize user dialog box, select one or more users to which you want to grant permissions in the Add User section.
      4. Set the parameters as required in the Permission Configuration section. The following table describes the parameters that you must specify. If you do not grant a user the permissions on fields, the values of the fields are encrypted to the user.
        Parameter Description
        Permission The type of the permissions. You can select one or more permission types.
        • Query: allows the selected users to query data by executing SQL statements in the SQLConsole.
        • Export: allows the selected users to submit tickets to export data.
        • Change: allows the selected users to submit tickets to change or import data.
        Data Masking Policy The de-identification policy that is used to de-identify the fields. Valid values:
        • Semi-sensitization
          • If a de-identification algorithm is configured for a field, the values of the field are displayed after they are processed by the de-identification algorithm.
          • If no de-identification algorithm is configured for a field, the values of the field are encrypted.
        • Plain Text: The values of the fields are displayed in plaintext.
        Expire Date The validity period of the permissions.
        Note If you want to grant permissions on the fields by day or hour, select Others from the drop-down list and specify the validity period.
      5. Click OK.
    • Revoke permissions on sensitive fields.
      • Find the sensitive field on which you want to revoke permissions and click Management authority in the Operation column.
      • On the Management authority page, select Sensitive Column Permission for the Classification parameter.
      • Click Recycle Permission in the Actions column.
      Note
      • To view the authorization details of the sensitive field, click View Details in the Actions column.
      • You can also grant or revoke other permissions on the database on the Management authority page.