:Manage sensitive data detection rules

The sensitive data protection feature of Data Management (DMS) provides dozens of built-in sensitive data detection rules. These rules are designed based on the Cybersecurity Law of the People's Republic of China, the General Data Protection Regulation (GDPR), the Sarbanes-Oxley (SOX) Act, the Payment Card Industry (PCI) Data Security Standard (DSS), and the Health Insurance Portability and Accountability Act (HIPAA). These rules focus on protecting personal information. If the built-in sensitive data detection rules cannot meet your business requirements, you can create custom sensitive data detection rules.

Prerequisites

You are a DMS administrator, a database administrator (DBA), or a security administrator.

Note To view the role of your account, move the pointer over the icon in the upper-right corner of the DMS console.

1. Log on to the DMS console V5.0.
2. In the top navigation bar, click Security and Specifications. In the left-side navigation pane, choose Sensitive Data > Sensitive Data Identification.
3. Click the Identification Rules tab.
4. Click Create Rule.
5. In the Create Identification Rule panel, set the parameters that are described in the following table. Then, click Submit.

   Parameter	Description
   Rule Name	The name of the sensitive data detection rule to be created. Note You cannot change the rule name after the rule is created.
   Description	The description of the sensitive data detection rule. The description facilitates subsequent management.
   Data type	The type of data to be detected by the rule. Note You can also manually add data types.
   Sensitivity Level	The security level of a detected field. For more information, see Field security level. Low Sensitivity: The Low Sensitivity level is derived from the Internal level of DMS. For a database instance that is managed in Secure Collaboration mode, the security level of the data stored in the database instance is Low Sensitivity by default. Moderate Sensitivity: The Moderate Sensitivity level is derived from the Sensitive level of DMS. High Sensitivity: The High Sensitivity level is derived from the Confidential level of DMS.
   Rule Configurations	Metadata Scan Contain: If the name of a field contains the characters that you enter, the field is marked with the specified security level. Exclude: If the name of a field contains the characters that you enter, the field is not marked with the specified security level. Note To use multiple keywords as filter conditions, separate them with commas (,). Data Content Scan: Enter a regular expression that is used to match field values. Note To check whether the regular expression that you enter works as expected, enter test data and click Test. If the message "The field matches the regular expression" is displayed, the regular expression works as expected. If the message "The field does not match the regular expression" is displayed, the regular expression fails to match the test data and you need to modify the regular expression.

   In the example shown in the following figure, a rule is configured to mark the fields whose names contain name and the fields whose values contain A, B, or C with Moderate Sensitivity.
6. Enable the sensitive data detection rule that you create.
   Note

   • By default, a sensitive data detection rule is disabled after it is created. A sensitive data detection rule takes effect only after you enable the rule.
   • After you enable or disable a sensitive data detection rule, the setting takes effect in the next scan task.
   • You can modify the description, detected data type, and security level configured for a built-in sensitive data detection rule. However, you cannot modify the detection algorithm of the rule.