All Products
Search

This Product

    Data Management:Manage sensitive data

    Document Center

    Data Management:Manage sensitive data

    Last Updated:Jan 30, 2024

    This topic describes how to adjust the sensitivity levels of fields and change the masking rules for fields. This topic also describes how to grant and revoke permissions to query, export, and change fields.

    Prerequisites

    • You are a Data Management (DMS) administrator, a database administrator (DBA), or a security administrator.

      Note

      To view the role of your account, move the pointer over the 头像 icon in the upper-right corner of the DMS console.

    • The sensitive data protection feature is enabled. For more information, see Enable the sensitive data protection feature.

    Procedure

    1. Log on to the DMS console V5.0.

    2. In the top navigation bar, click Security and Specifications > Sensitive Data > Sensitive Data Assets.

      Note

      If you use the DMS console in simple mode, move the pointer over the 2022-10-21_15-25-22.png icon in the upper-left corner of the DMS console and choose All functions > Security and Specifications > Sensitive Data > Sensitive Data Assets.

    3. In the upper-right corner of the Sensitive Data Assets page, click Global Sensitive Data to go to the Sensitive Data List page.

    4. On the Field Control tab, you can perform the following operations:

      • Adjust the sensitivity level of one or more fields.

        1. Find the field for which you want to adjust the sensitivity level and click Change security level in the Operation column.

          Note

          To adjust the sensitivity levels of multiple fields to the same level, select the fields and click Change security level in the upper-left corner of the Field Control tab.

        2. In the Security level adjustment dialog box, select a sensitivity level and click Confirm.

      • Change the masking algorithm for one or more fields.

        1. On the Field Control tab, select one or more fields for which you want to change the masking algorithm.

        2. Click Adjust Data Masking Algorithm in the upper-left corner of the Field Control tab.

        3. In the Select a data masking algorithm dialog box, select a custom masking algorithm and click Save. For more information about custom masking algorithms, see Create a data masking algorithm.

          Note

          The default data masking algorithm is DEFAULT. To reset the masking algorithm to DEFAULT for a field, click Reset Data Masking Algorithm in the Operation column of the field.

      • Grant one or more users the permissions to query, change, and export fields.

        Note

        You can grant permissions on fields only for a database instance that is managed in Security Collaboration mode. You cannot grant permissions on fields for a database instance that is managed in Flexible Management or Stable Change mode. To grant permissions on fields for a database instance that is managed in Flexible Management or Stable Change mode, you must change the control mode of the database instance to Security Collaboration. For more information, see Change the control mode of an instance.

        1. On the Field Control tab, select one or more fields on which you want to grant permissions.

        2. Click Authorize User in the upper-left corner of the Field Control tab.

        3. In the Authorize User dialog box, select one or more users to whom you want to grant permissions in the Add User section.

        4. Configure the parameters in the Permission Configuration section. The following table describes the parameters that you can configure. If you do not grant a user the permissions on fields, the values of the fields are encrypted to the user.

          Parameter

          Description

          Permission

          The type of the permissions. You can select one or more permission types. Valid values:

          • Query: allows the selected users to query data by executing SQL statements on the SQL Console tab.

          • Export: allows the selected users to submit tickets to export data.

          • Change: allows the selected users to submit tickets to change or import data.

          Data Masking Policy

          The masking policy that is used to mask the fields. Valid values:

          • Semi-sensitization:

            • If a data masking algorithm is configured for a field, the values of the field are displayed after they are processed by the data masking algorithm.

            • If no data masking algorithm is configured for a field, the values of the field are encrypted.

          • Plain Text: The values of the fields are displayed in plaintext.

          Expire Date

          The validity period of the permissions.

          Note

          If you want to grant permissions on the fields by day or hour, select Others from the drop-down list and specify the validity period.

        5. Click OK.

      • Revoke permissions on sensitive fields.

        • On the Field Control tab, find the sensitive field on which you want to revoke permissions and click Manage Permissions in the Operation column.

        • On the Manage Permissions page, click Sensitive Column Permission.

        • Find the permission that you want to revoke and click Recycle Permission in the Actions column.

        Note

        • To view the authorization details of the sensitive field, click View Details in the Actions column.

        • You can also grant or revoke other permissions on the database on the Manage Permissions page.

    What to do next

    • After you modify the data masking algorithm for a sensitive field, you may need to query data of a table on the SQL Console tab. For more information, see Manage a database on the SQLConsole tab.

    • You can also call an API operation to adjust the sensitivity level of fields.

      For more information, see ChangeColumnSecLevel.