DataWorks lets you configure data masking rules to mask sensitive data to ensure security of data queries or storage. DataWorks supports a variety of data masking scenarios. You can also create and configure a custom data masking scenario as needed. This topic describes the data masking capabilities provided by DataWorks and how to perform data masking operations.
Limits
You must have DataWorks Professional Edition or a later version to use the data masking management feature. For more information, see Features of DataWorks editions.
Data masking capabilities take effect only if you turn on Mask Data in Page Query Results for your workspace on the Security Settings and Others tab in DataStudio. For more information, see Go to the Security Settings and Others tab.
NoteYou do not need to turn on Mask Data in Page Query Results for a workspace in scenarios that involve data masking at the MaxCompute compute engine layer. For more information about data masking scenarios, see Introduction to data masking scenarios.
In Data Security Guard, you can use the sensitive data identification and data masking features to identify and mask sensitive data in only E-MapReduce (EMR), MaxCompute, and Hologres compute engines. For more information, see Features.
Data masking procedure
Create a data masking scenario.
DataWorks provides level-1 data masking scenarios, such as masking of displayed data in DataStudio and Data Map, static data masking in Data Integration, masking of displayed data in DataAnalysis, data masking at the MaxCompute compute engine layer, and data masking at the Hologres compute engine layer. If the specified effective data range and user range in the preceding data masking scenarios cannot meet your requirements for finer-grained data masking, you can create custom level-2 data masking scenarios based on level-1 data masking scenarios. For information about how to create a data masking scenario, see Create a data masking scenario.
Create a data masking rule.
You can create a data masking rule in a specific data masking scenario as needed. For more information, see Create a data masking rule.
Optional. Configure a whitelist for the data masking rule.
If you do not want a data masking rule to apply to certain users, you can add them to a whitelist. This allows users in the whitelist to query the original, unmasked data. For more information, see Configure a whitelist for a data masking rule.
Set the status of the data masking rule to Active.
By default, a data masking rule is inactive when it is created. You must manually activate the rule. The rule then takes effect in the corresponding data masking scenario. For more information, see Activate a data masking rule.
Go to the Data Masking page
Go to the DataStudio page.
Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose . On the page that appears, select the desired workspace from the drop-down list and click Go to Data Development.
Click the
icon in the upper-left corner. Then, choose . On the page that appears, click Try Now to go to the Data Security Guard page. NoteIf your Alibaba Cloud account is granted the required permissions, you can directly access the homepage of Data Security Guard.
If your Alibaba Cloud account is not granted the required permissions, you are redirected to the authorization page of Data Security Guard. You can use the features of Data Security Guard only after your Alibaba Cloud account is granted the required permissions.
In the navigation pane on the left, choose . The Data Masking Management page appears.