After running a sensitive data detection task, review the identification results in Data Security Guard. For fields that were classified incorrectly, correct the sensitive field type individually or in bulk.
Manual corrections take effect the following day.
Prerequisites
Before you begin, ensure that you have:
-
Created a data detection rule and enabled a detection task. For more information, see Configure a data detection rule and run a detection task.
Go to the identification results page
-
Log on to the DataWorks console. Switch to the destination region. In the left navigation pane, choose Data Governance > Security Center, then click Go to Security Center.
-
In the left navigation pane, choose Data Usage Security > Sensitive Data Management, then click Try Now to go to Data Security Guard.
If your Alibaba Cloud account has the required permissions, you are directed to the Data Security Guard home page. If not, you are directed to the authorization page. Select Data Security Guard and grant the required permissions before proceeding.
-
In the left navigation pane, choose Rule Configuration > Sensitive Data Identification, then click the Identification results tab.
View detection results
The Identification results page shows three views: fields with detection results, fields with no detection results, and undetected fields. Each view displays the detection status, number of fields, number of tables, and result details.
The following figure shows an example of the Identification has results view.
| Operation | Description |
|---|---|
| Filter by engine type | In area ① of the preceding figure, select a data engine from the drop-down list. Manual corrections are supported for the ODPS, EMR, CDH_HIVE, and HOLO engines. |
| Filter | In area ② of the preceding figure, filter by Project Space, Table Name, or Field Name. Click Expand for additional filters: Classification, Grading, and Sensitive Field Type. Classification and Grading are based on the default classification and categorization template for the current tenant. For more information, see Configure sensitive data classification and categorization. |
| Query detection results | In area ③ of the preceding figure, run the query with the current filters or reset the filters. |
| Detection results list | In area ④ of the preceding figure, the list shows Project Space, Table Name, Field Name, Classification, Grading, Sensitive Field Type, Manual correction, and Latest update time by default. Click Display Field Settings to customize which columns appear. Click Lineage Analysis in the Operation column to view field-level data lineage relationships in the Data Lineage (Public Preview) module. |
Correct detection results
When a field is assigned an incorrect sensitive field type, correct it from the Identification results page. The following figure shows how manually corrected data is applied.
The following figure shows the manual correction interface.
Use the filters in areas ① and ② — which work the same way as described in View detection results — to locate the fields to correct.
Correct a single field
In area ③ of the preceding figure, find the field to correct. Click the drop-down list in the Sensitive Field Type column. The list shows all Published sensitive field types from the default classification and categorization template.
-
If an existing type fits: Select the correct type. Then click the icon to go to the Data Identification Rules page and update the detection rules for both the original and new sensitive field types to prevent the same misclassification in future scans.
-
If no existing type fits: Click the icon to go to the Data Identification Rules page, or scroll to the bottom of the drop-down list and click Manage Sensitive Field Types. The Create Sensitive Field Type dialog box opens on the Data Identification Rules page. Add a new sensitive field type and configure its detection rule. For more information, see Configure a data detection rule and run a detection task.
Correct fields in bulk
-
Select the fields to correct in the results list.
-
In area ④ of the preceding figure, click Batch Correction.
-
In the Batch Correct DIdentification results dialog box, select the correct Sensitive Field Type from the drop-down list. The list shows all Published types from the default classification and categorization template.
-
Click Save.
Export detection results
For data that has detection results, click Export Recognition Results to export the results matching the current filter criteria to your local computer.
You can export a maximum of 100,000 data entries.
Next steps
-
View the distribution of all sensitive fields across projects in the Sensitive Data Overview module.
-
Configure the classification and categorization template that determines how fields are classified. For more information, see Configure sensitive data classification and categorization.