User group management lets you add multiple accounts with the same data masking exemption to a single group. Instead of adding accounts to each data masking rule individually, add a user group to the whitelist once and the exemption applies to every account in the group.
This feature is available only in DataWorks Professional Edition and later.
Prerequisites
Before you begin, ensure that you have:
-
A DataWorks workspace running Professional Edition or higher
-
An Alibaba Cloud account with the permissions required to access Data Security Guard
Go to the User Group Management page
-
Log on to the DataWorks console. In the top navigation bar, select the target region. In the left navigation pane, choose Data Development and O&M > Data Development. Select the target workspace from the drop-down list and click Go to Data Development.
-
Click the
icon in the upper-left corner, then choose All Products > Data Governance > Data Security Guard. On the page that appears, click Try Now.If your Alibaba Cloud account already has the required permissions, you go directly to the Data Security Guard homepage. If not, you are redirected to the authorization page and must obtain the required permissions before proceeding.
-
In the left navigation pane, choose Rule Configuration > User Group Management.
Create a user group
-
Click Create User Group.
-
In the New User Group dialog box, enter a User Group Name.
-
Add accounts to the user group using one of the following methods: Text Click Upload File to upload a
.txtfile containing account information. Each account must be on a separate line. Select existing accounts Select an account type from the drop-down list, then select accounts from the Account to Be Added area and click the arrow icon to move them to the Added Accounts area. The following account types are supported:The file must use UTF-8 encoding and can contain a maximum of 1,000 lines (1,000 accounts).
For MaxCompute roles, you can add multiple roles from only a single MaxCompute project to one user group.
Account type Description Alibaba Cloud Account Alibaba Cloud accounts, including RAM users RAM Role RAM roles Role of MC (MaxCompute) MaxCompute roles -
Click OK.
Use a user group
After creating a user group, add it to the whitelist of a data masking rule in Data Masking Management. Users in the group can then view the raw data protected by that rule.
For details, see Create a data masking rule.
Manage user groups
View user groups
On the User Group Management page, the list shows User Group Name, Submitted At, and Associated Data Masking Whitelists for each group.
-
Search: Search by User Group name or Owner. Fuzzy search is supported.
-
Sort: Sort groups by submission time in ascending or descending order.
-
View associated whitelists: If a group is linked to one or more data masking rules, click the
icon in the Associated Data Masking Whitelists column to see the rule names.
Edit, copy, or delete a user group
In the Actions column of the target user group, use the following icons:
| Operation | How |
|---|---|
| Copy | Click the  icon to create a new user group with the same configuration. |
| Edit | Click the  icon to add or remove accounts. |
| Delete | Click the  icon to delete a group that is no longer needed. |