All Products
Search

This Product

    Dataphin:Create and manage dynamic desensitization whitelist

    Document Center

    Dataphin:Create and manage dynamic desensitization whitelist

    Last Updated:Jan 21, 2025

    When business requirements necessitate access to plaintext data during specific periods and scenarios, users can configure dynamic whitelist rules to prevent interference with data query results. This topic outlines the process for creating and managing dynamic desensitization whitelists.

    Permission description

    • Security administrators and global custom roles with permissions for desensitization rule and data classification management can create and manage dynamic desensitization whitelists.

    • Primary directory administrators can configure desensitization whitelists for the data classifications under their purview.

    • Owners of desensitization rules can manage the whitelists they oversee, subject to data classification management permissions.

    Create dynamic desensitization whitelist rules

    1. Navigate to the Dataphin home page, in the top menu bar, select Administration > Data Security.

    2. In the left-side navigation pane, choose Sensitive Data Protection > Desensitization Rule. On the Desensitization Rule page, single click the Dynamic Desensitization Whitelist tab, then single click the +create Dynamic Desensitization Whitelist button.

    3. In the Create Dynamic Desensitization Whitelist dialog box, fill in the parameters as follows:

      Parameter

      Description

      Whitelist Name

      Enter a name for the whitelist, adhering to the following naming convention:

      • Supports Chinese, English, numbers, underscores (_), and hyphens (-).

      • Must not exceed 50 characters.

      Whitelist Description

      Provide a description for the whitelist.

      Data Class

      Choose the data classifications for which you have management permissions.

      Escape Account

      Select the user account to which the whitelist will apply.

      Effective Scenario

      Choose the scenario in which the desensitization rule will be applied. The system supports scenarios such as Ad Hoc Query and Write Into Dev Table.

      Effective Scope

      Configure the effective scope of the dynamic desensitization whitelist. All conditions are combined with an and relationship, meaning only tables meeting all criteria will be included in the whitelist and exempt from desensitization during queries. The effective scope can include data segments, table projects, and data tables.

      • Business Unit: Choose the business segment for the data table.

        • Select All to include all business segments.

        • Choose Enumeration and specify the business segments. Multiple selections are allowed.

        • Select Customize and enter a regular expression to match the business segments. For instance, to match all segments containing "test" in their names, use the regular expression .*test.*.

      • Table Project: Choose the project for the data table.

        • Select All to include all projects.

        • Choose Enumeration and specify the projects. Multiple selections are allowed.

        • Select Customize and enter a regular expression to match the projects. For example, to match all projects with "test" in their names, use the regular expression .*test.*.

      • Data Table: Select the data table.

        • Select All to include all tables under the project.

        • Choose Customize and enter a regular expression to match the data tables. For instance, to match all tables with "test" in their names, use the regular expression .*test.*.

      Effective Period

      Define the effective period for the dynamic desensitization whitelist.

      Effective Status

      Determine whether to activate the dynamic desensitization whitelist.

    4. Click OK to finalize the creation of the dynamic desensitization whitelist.

    View dynamic desensitization whitelist rules

    Review the recognition rules for desensitization objects, effective accounts and periods, filter scenarios, and the effective status of dynamic desensitization whitelist rules.

    image

    Area

    Description

    Filter and Search Area

    Perform a fuzzy search using the name of the desensitization whitelist or the keyword of the data classification name, or filter precisely by Effective Scenario.

    List Area

    The interface displays information such as Whitelist Name, Data Classification, Escape Account, Owner, Effective Period, Effective Status, Update Time, and Effective Status. Additionally, you can Edit, Clone, or Delete entries in the dynamic desensitization whitelist directly from the Actions column.

    • Effective Status: Indicates the current effectiveness of the desensitization whitelist. If disabled, desensitization will not occur, and any changes will be effective immediately.

    • Edit: You can edit parts of the whitelist, such as the name, description, effective scenario, and effective scope of the desensitization whitelist. For details, see Create Dynamic Desensitization Whitelist Rules.

    • Clone: In the Create Dynamic Desensitization Whitelist dialog box, retain the configured parameters, which is equivalent to a quick clone. You can also modify the current parameters. For details, see Create Dynamic Desensitization Whitelist Rules.

    • Delete: Removing the dynamic desensitization whitelist will revoke user access to the real data protected by the rule. Exercise caution when deleting.