Data Security Guard organizes sensitive data along two independent dimensions: what type it is (category) and how sensitive it is (level). Configuring these dimensions lets you apply the right governance rules to each type of data and automate detection at scale. This topic describes how to use the built-in classification and categorization template and customize it for your needs.
How classification and categorization work
Data Security Guard uses two independent dimensions to describe sensitive data:
| Dimension | Role | Range |
|---|---|---|
| Level | How sensitive the data is. A higher value means greater sensitivity. | Up to 10 levels; 4 built-in levels |
| Category | What type of data it is. Groups related sensitive field types together. | 4 built-in major categories; supports up to 4 layers of subcategories |
Levels and categories work together: each category contains sensitive field types, and each sensitive field type maps to a level. When Data Security Guard scans your data, it uses these mappings to identify both the type and the degree of sensitivity.
Prerequisites
Before you begin, make sure your Alibaba Cloud account has the required permissions for Data Security Guard. If it doesn't, you will be redirected to the authorization page when you try to access the feature and must complete authorization before proceeding.
Go to the data classification and categorization page
-
Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose Data Development and O&M > Data Development. Select the desired workspace from the drop-down list and click Go to Data Development.
-
Click the
icon in the upper-left corner. Choose All Products > Data Governance > Data Security Guard, then click Try Now. -
In the left-side navigation pane, choose Rule Configuration > Data Category and Sensitivity Level.
Configure data classification and categorization
Data Security Guard includes a built-in template with 4 sensitivity levels and 4 major categories, ready to use immediately.
If the built-in template does not meet your needs, customize it:
-
Edit levels: Click Edit to modify the built-in levels or add new ones. You can define up to 10 levels in total. To delete a level, first delete all sensitive field types it contains or reassign them to another level.
-
Edit categories: Click View to go to Rule Configuration > Sensitive Data Identification > Data Identification Rules. There, you can edit, delete, or create categories. Categories support up to 4 layers of subcategories using the add subcategory option.
To delete an unused category or level, first delete all sensitive field types associated with it. For more information, see Manage sensitive field types.
What's next
After you configure classification and categorization, go to Sensitive Data Identification to define sensitive field types and set up detection rules. Assign each sensitive field type to the appropriate category and level based on data usage and source. For more information, see Configure data detection rules.