DataWorks provides data masking rules that protect sensitive data during queries and storage. Multiple built-in masking scenarios are available, and you can create custom scenarios to meet specific business requirements.
Limitations
-
You must purchase DataWorks Professional Edition or a higher edition to use the data masking management feature. For more information, see Features by edition.
-
Data masking capabilities take effect only if you turn on Mask Data in Page Query Results for your workspace on the Security Settings and Others tab in Data Studio. For more information, see Go to the Security Settings and Others tab.
NoteYou do not need to turn on Mask Data in Page Query Results for a workspace in scenarios that involve data masking at the MaxCompute compute engine layer. For more information about data masking scenarios, see Choose a masking scenario.
-
In Data Security Guard, you can use the sensitive data identification and data masking features to identify and mask sensitive data in only E-MapReduce (EMR), MaxCompute, and Hologres compute engines. For more information, see Features.
Data masking procedure
-
Create a data masking scenario.
DataWorks provides level-1 data masking scenarios, such as Masking of Displayed Data in Data Studio and Data Map, Static Data Masking in Data Integration, Masking of Displayed Data in Data Analysis, Data Masking at the Maxcompute Compute Engine Layer, and Data Masking at the Hologres Compute Engine Layer. If these scenarios do not provide the data range or user range granularity you need, you can create custom level-2 scenarios based on level-1 scenarios. For more information, see Create a data masking scenario.
-
Create a data masking rule.
Create a data masking rule within a specific scenario based on your business requirements. For more information, see Create a data masking rule.
-
Optional. Configure an allowlist for the data masking rule.
To exempt specific users from a data masking rule and allow them to view original, unmasked data, add them to the rule's allowlist. For more information, see Configure an allowlist for a data masking rule.
-
Set the status of the data masking rule to Active.
A data masking rule is inactive by default when created. You must manually set its status to Active for it to take effect. For more information, see Activate or deactivate a data masking rule.
Go to the Data Masking page
Log on to the DataWorks console. In the target region, click in the left-side navigation pane. On the page that appears, click Go to Security Center.
In the left-side navigation pane, click and then click Try Now to access Data Security Guard.
NoteIf your Alibaba Cloud account is already authorized, you are directed to the Data Security Guard homepage.
If your Alibaba Cloud account is not authorized, you are redirected to the Data Security Guard authorization page. To use Data Security Guard features for the first time, go to , select Data Security Guard in the pop-up dialog, and then complete the authorization.
-
In the left-side navigation pane, click to go to the Data Masking Management page.