In DataWorks Data Integration, you can use the Data Masking node in Single-Table Real-Time tasks. You can configure rules to mask specified fields from a source and write the masked data to a target table.
Step 1: Configure a single-table real-time task
Create a data source. For more information, see Data source management.
Create a Data Integration task. For more information, see Configure a single-table real-time synchronization task.
NoteFor single-table real-time synchronization tasks in Data Integration, you can add data processing nodes between the Source and Destination nodes. For more information, see Supported data sources and synchronization solutions.
Step 2: Add a Data Masking node
In the single-table real-time synchronization task, enable the Data Processing toggle. Click +Add Node and select the Data Masking node.
Configure the node name and description.
Add: Click Add to add a row for a new masking rule.
Upstream Field: Select the source field to mask.
Data Masking Rule: Select an existing masking rule or create a new one.
Click New Desensitization Rule to open the Panel and configure the masking rule.
For more information, see the following sections:
Sensitive Data Type: Select Existing Data Type or New Type, and set the masking method for the field. The following section describes the available masking methods.
Alias
This method replaces a value with a masked value that has similar characteristics. The data format remains the same after masking.
You must configure the Security domain, which is an integer from
0-9. Because different domains use different masking policies, the same source data produces different results.Hashing
This method transforms source data into a fixed-length string. This method requires you to select a security domain. Different security domains use different rules, so the same source data produces different results.
Example: If the source data is
a123and the security domain is set to0, the masked result isea9da0c87fb455df9013be83bdc20014. If the security domain is set to1, the result is9738f2cce017c52099ea530fa34eb128. For the same source data and security domain, the masked result is always the same.Masking
This method conceals parts of the information by replacing characters at specified positions with asterisks (*). You can choose one of the following two methods:
Recommended methods:
Show only the first and last character.
Show only the first three and last two characters.
Show only the first three and last four characters.
Custom: This method provides more flexible configuration options. You can specify whether to mask the beginning, middle, and end sections of a string and define the number of characters to mask. You can add up to 10 segments, and at least one segment must be set to Remaining Digits.
Configuration description:
Icon
Description
①
You can select Digits or Remaining Digits.
②
Enter a value from 1 to 100.
③
You can select Mask or Do Not Mask.
Examples:
Configuration
Diagram
Mask the first three digits and do not mask the remaining digits.
Mask the last three digits and do not mask the remaining digits.
Preserve the first three and last three digits, and mask all digits in the middle.
Test the masking rule: Enter sample data and click Test. The output appears in the Data Masking Effect section.
After completing the configuration, click Determine to create the Masking Rule.
Next steps
After you configure the Data Source and Data Masking Rule, click Preview Data Output to preview the output of this node and verify that it meets your requirements.