Data Security Guard is a service in DataWorks that ensures data security. It can be used to identify and mask sensitive data, add watermarks to data, manage data permissions, identify data risks, and trace leak sources. This topic describes how to activate and use Data Security Guard.
Limits
In Data Security Guard, you can use the sensitive data identification feature and dynamic data masking feature to identify and dynamically mask sensitive data in only E-MapReduce (EMR), MaxCompute, Cloudera's Distribution including Apache Hadoop (CDH), and Hologres compute engines. You need to take note of the following limits on the use of Data Security Guard for an EMR compute engine:
- You can use the data masking feature only when you preview data in DataMap. The data masking feature is not supported in DataStudio or DataAnalysis. The sensitive data identification and data masking features are supported only for specific types of EMR clusters and EMR tables. The following table lists the details.Note The
icon indicates that the data preview feature is supported, and the
icon indicates that the data preview feature is not supported.
EMR cluster type Metadata storage type Data storage type: OSS Data storage type: OSS-HDFS Data storage type: HDFS DataLake clusters Data Lake Formation (DLF) RDS instance MySQL Custom clusters DLF RDS instance MySQL Other clusters -- Note The sensitive data identification and data masking features are available only in the following regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou), China (Shenzhen), China (Chengdu), China (Hong Kong), and Germany (Frankfurt). - If you want to use Data Security Guard in an EMR cluster, you must upgrade exclusive resource groups for scheduling. You can join the DataWorks DingTalk group and contact technical support personnel to request for an upgrade.
- By default, Data Security Guard uses an Alibaba Cloud account for data sampling. If LDAP authentication is enabled for your EMR cluster and Ranger or DLF-Auth is used to manage table permissions, you must configure mappings between the Alibaba Cloud account and the cluster account. This ensures that the Alibaba Cloud account has the required permissions to access tables in the EMR cluster. For more information, see Configure mappings between workspace members and cluster accounts.
Go to the Data Security Guard page
- Log on to the DataWorks console.
- In the left-side navigation pane, click Workspaces.
- In the top navigation bar, select the region where your workspace resides. On the Workspaces page, find your workspace and click DataStudio in the Actions column.
- Click the
icon in the upper-left corner and choose .
- Click Try now to go to the Data Security Guard page. Note
- If you have activated Data Security Guard by using your Alibaba Cloud account, the Data Security Guard homepage appears.
- If you have not activated Data Security Guard by using your Alibaba Cloud account, the page for activating Data Security Guard appears.
Activate Data Security Guard
Log on with your Alibaba Cloud account. On the Terms of Service page, select I have read and agree to all the preceding terms and click Activate.
Important You must use an Alibaba Cloud account to activate Data Security Guard.
Use Data Security Guard
After you activate Data Security Guard, you can use the service. 

No. | GUI element | Description |
---|---|---|
1 | More icon | Provides access to the services that you can use, such as DataStudio, Data Integration, Operation Center, and Data Security Guard. |
2 | User information | The logon user. You can view and modify the user information, including the email address, mobile phone number, AccessKey ID, and AccessKey secret. |
3 | Left-side navigation pane | The navigation pane for different features of Data Security Guard. For more information about the features of Data Security Guard, see Identify sensitive data, Create a data masking rule, View data activities, View data risks (old version), Trace leak sources, and Identify sensitive data. |
4 | Data Security Guard homepage |
|
5 | Switch to the guide page | Click Guide in the upper-right corner to go to the service guide page and view the service information. |