All Products
Search

This Product

    Dataphin:Create and manage data classifications

    Document Center

    Dataphin:Create and manage data classifications

    Last Updated:Mar 05, 2026

    Data classifications define the business properties of data for security purposes. You can apply multi-level classification tags to data to align with industry standards. This topic describes how to create and manage data classifications.

    Permissions

    • Security administrators and global custom roles with Data Class - Management permissions can create and manage data classification folders and data classifications.

    • Administrators of a level 1 category folder can manage all data classifications within that folder and its subfolders.

    • Regular members can view all data classifications, but can only view the details of public classifications.

    Usage notes

    A data classification folder can have a maximum of 10 levels.

    Manage data classification folders

    1. In the top menu bar of the Dataphin home page, choose Administration > Data Security.

    2. In the navigation pane on the left, choose General Configurations > Data Class. On the Data Class page, click the Data Class tab.

    3. On the Data Class tab, you can view classification folders and their information. The folder tree on the left organizes classifications hierarchically by business or organization. Select a folder to view its classifications and those in its subfolders. You can also click All Classifications to view all classifications.

      • Priority: Affects the arbitration logic for field detection results. If a field has multiple detection records, the final result is determined based on the classification priority, the update time of the detection record, and the modification time of the classification, in that order.

      • Number of effective fields: The total number of fields that are assigned the current classification.

    4. (Optional) In the classification folder list, you can perform a fuzzy search by folder name. In the classification list, you can search for data classifications by keyword. You can also filter data classifications by status (Effective or Ineffective) or by Data Sensitivity Level.

    5. You can perform the following operations on data classification folders and classifications.

      Operation

      Description

      Classification folder

      Add classification folder

      Click Add classification folder to the right of a folder to create a subdirectory.

      • Parent folder: Defaults to the currently selected folder. To create a level 1 category folder, select the forward slash (/). You can change this selection.

      • Folder name: Enter a name for the folder. The name cannot contain forward slashes (/) and must be no more than 128 characters.

      • Description: Enter a brief description of the folder's purpose. The description must be no more than 512 characters.

      • Batch add folders: Click +Add more to create multiple folders at the same level.

      Import classifications from template library

      You can click the Import Classification from Template Library icon to the right of the folder row. Alternatively, hover over the New Classification button and click the dropdown arrow that appears, then select Import Classification from Template Library. This action imports a classification template into the current folder. Note that if you are in the All Lookup Tables folder, the imported classification template is added directly to the All Classifications folder. For configuration details, see Import Data Classification from Template Library.

      Edit

      Click the More icon to the right of a folder and select Edit. For a level 1 category folder, you can set administrators and permissions to view classification details. For a subdirectory, you can change the folder name.

      • Folder name: Defaults to the current folder name. You can change the name. It cannot contain forward slashes (/) and must be no more than 128 characters.

      • Administrator: The administrators for the level 1 category folder. You can select up to five administrators.

        Note

        Administrators can manage the current folder, its subdirectories, and the data classifications within them.

      • Classification details: Can be set to Public or Administrators only.

        • Public: All users can view the details of data classifications in this folder.

        • Administrators only: Only global custom roles with Data Class-Management permissions and administrators of the level 1 category folder can view classification details.

      • Description: Enter a brief description of the folder's purpose. The description must be no more than 512 characters.

      Move

      Click the More icon to the right of a folder and select Move. You can move the current folder to another classification folder. To make it a level 1 category folder, set Parent folder to the forward slash (/).

      • If you move a level 1 category folder to make it a subdirectory, it inherits the management and view permissions of its new parent folder. Its original permission settings are cleared.

      • If you move a subdirectory to make it a level 1 category folder, you must set its administrators and permissions for viewing classification details.

      Delete

      Click the More icon to the right of a folder and select Delete. This action deletes the selected folder, its subdirectories, and all data classifications within them. It also deletes associated detection rule references, detection results, data masking rules, and whitelists. Use this operation with caution.

      Data classification

      Change effective status

      Click the switch in the status column or click the Enable/Disable icon at the bottom to change the classification's status. Only enabled classifications can be used as detection results.

      • Enable data classification: After you enable a classification, you can select it when you create detection rules, detection results, data masking rules, and whitelists. Associated automatic detection nodes, detection results, data masking rules, and whitelists will resume using this classification.

      • Disable data classification: After you disable a classification, associated automatic detection nodes, detection results, data masking rules, and whitelists will ignore it. No new detection records will be generated for this classification. You can choose to keep or delete existing detection records.

        • Keep: If you choose to keep the records, existing detection results are not purged and are marked as Disabled. When detection rules run, these existing records still participate in the arbitration of detection results. However, if the final effective classification for a field is disabled, data masking will not be applied.

        • Delete synchronously: Deletes all existing detection records for the classification and triggers a new arbitration for detection results.

      View details

      Click the View icon in the Actions column to view information for data classifications that you have permission to see. This includes basic information, sensitivity level information, and scan methods.

      Edit

      Click the Edit icon in the Actions column to modify the data classification's information.

      Move to new folder

      Click the Move to new folder icon in the Actions column or in the batch operations area at the bottom. You can move the data classification to a specified folder. If the classification does not have a specified folder, select the forward slash (/). You can find it later by selecting All Classifications on the left.

      Set data masking

      You can click the More icon under the Actions column and select Set Masking to configure masking rules for data classification. For details on configuration, see Create and manage dynamic data masking rules.

      Delete

      Click the Delete icon in the Actions column or at the bottom. Deleting a data classification also deletes all associated detection rule references, detection results, detection records, data masking rules, and whitelists. Use this operation with caution.

      Assign data sensitivity level

      Click the Assign data sensitivity level icon at the bottom to assign a sensitivity level to multiple data classifications in a batch operation.

      Export classifications

      Click Export classifications at the bottom to export the selected data classifications to a local file. You can view the details of this export operation and download the file from Batch Import/Export - Batch Operation Records. If you are exporting a large amount of data, the file may take some time to generate.

    Create a data classification

    1. On the Data Class page, click the Data Class tab, and then click New Classification.

    2. In the New Classification dialog box, configure the parameters.

      Parameter

      Description

      Basic Information

      Classification name

      Enter a name for the data classification. The name must be unique within its folder and no more than 512 characters. For example: Name.

      Classification abbreviation

      Enter an abbreviation for the classification name. The abbreviation must be no more than 128 characters. For example: N.

      Classification description

      Enter a description for the classification. The description must be no more than 2048 characters. For example: N represents Name.

      Parent folder

      Select the folder for the data classification.

      Classification Information

      Data Sensitivity Level

      Select an existing data classification level. To create a new one, see Create a Data Classification Level.

      Scan Method

      Detect Features

      You can use detection features to centrally manage built-in detection expressions, such as phone numbers and ID card numbers. To create detection features, see Add detection features.

      You can select up to 20 detection features. The relationship between multiple features is OR.

      Priority

      The priority of the data classification. The levels range from 1 (highest) to 5 (lowest). For classifications with the same priority, the final effective classification is determined based on the details of the field detection result, in the order of classification priority, update time of the detection record, and modification time of the classification.

      Advanced Configuration

      You can choose to scan by content, field name, field description, data type, table name, or table display name.

      • Scan by content: Detects and evaluates data by sampling and reading the content of the destination field.

        • Regex (case-insensitive): Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*. This matches `test`, `Test`, and `TEST`.

        • Regular expression: Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*.

        • Detection threshold: A rule is considered a valid detection and included in the field's detection results for comparison only if the content match rate exceeds this threshold.

      • Scan by field name: Scans and evaluates based on the field name in the metadata. If the field name match rate is 100%, the rule is included in the field's detection results. Otherwise, it is not.

        • Regex (case-insensitive): Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*. This matches `test`, `Test`, and `TEST`.

        • Regular expression: Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*.

        • Contains/Does not contain: Keyword match. For example, to match a user information table, enter `user_info`.

      • Scan by field description: Scans and evaluates based on the field description in the metadata.

        • Regex (case-insensitive): Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*. This matches `test`, `Test`, and `TEST`.

        • Regular expression: Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*.

        • Contains/Does not contain: Keyword match. For example, to match a user information table, enter `user_info`.

      • Scan by data type: Scans and evaluates based on the data type of the field in the metadata. Supported scan conditions are Is, Regex (case-insensitive), Regular expression, Contains, and Does not contain.

        • Is: Selectable data types include tinyint, smallint, mediumint, int, bigint, decimal, bit, date, datetime, timestamp, varchar, text, and json.

        • Regex (case-insensitive): Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*. This matches `test`, `Test`, and `TEST`.

        • Regular expression: Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*.

        • Contains/Does not contain: Keyword match. For example, to match a user information table, enter `user_info`.

      • Scan by table name: Scans and evaluates based on the data table name.

        • Regex (case-insensitive): Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*. This matches `test`, `Test`, and `TEST`.

        • Regular expression: Enter a regular expression. For example, to match all names that contain 'test', define the regular expression as .*test.*.

        • Contains/Does not contain: Keyword match. For example, to match a user information table, enter `user_info`.

      • Scan by table display name: Scans and evaluates based on the display name of the data table.

        • Regex (case-insensitive): Enter a regular expression. For example, to match all names that contain 'information', define the regular expression as .*information.*.

        • Regular expression: Enter a regular expression. For example, to match all names that contain 'information', define the regular expression as .*information.*.

        • Contains/Does not contain: Keyword match. For example, to match a user information table, enter `information`.

      Note

      • You must configure at least one rule. To add a rule, click the +Add Rule button.

      • You can configure up to five rules and up to two levels of relationships.

      • The relationship between filter conditions can be set to AND or OR.

      Note

      If you do not configure a scan method (detection feature or advanced configuration), subsequent detection rules cannot perform automatic scans and must be specified manually.

    3. Click OK to create the data classification.

    What to do next

    After you create a data classification, you can reference it in detection rules. For more information, see Create and manage detection rules.