The sensitive data protection feature of Data Management (DMS) provides dozens of built-in sensitive data detection rules. These rules are designed based on the Cybersecurity Law of the People's Republic of China, the EU General Data Protection Regulation, the Sarbanes-Oxley Act, the Payment Card Industry (PCI) Data Security Standard (DSS), and the Health Insurance Portability and Accountability Act. These rules focus on protecting personal information. If the built-in sensitive data detection rules cannot meet your business requirements, you can create custom sensitive data detection rules.

Prerequisites

You are a DMS administrator, a database administrator (DBA), or a security administrator.
Note To view the role of your account, move the pointer over the 5租户头像 icon in the upper-right corner of the DMS console.

Procedure

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Security and Specifications. In the left-side navigation pane, choose Sensitive Data > Sensitive Data Identification.
  3. On the Sensitive Data Identification tab, click the Identification Rules tab.
  4. Click Create Rule.
  5. In the Create Identification Rule panel, set the parameters that are described in the following table. Then, click Submit.
    Parameter Description
    Rule Name The name of the sensitive data detection rule to be created.
    Note You cannot change the rule name after the rule is submitted.
    Description The description of the sensitive data detection rule. The description facilitates subsequent management.
    Data type The type of data to be detected by the rule.
    Note You can also manually add data types.
    Sensitivity Level The security level of the detected field. For more information, see Field security level.
    • Low Sensitivity: The Low Sensitivity level is derived from the Internal level of DMS. For a database instance that is managed in Security Collaboration mode, the sensitivity level of the data stored in the database instance is Low Sensitivity by default.
    • Moderate Sensitivity: The Moderate Sensitivity level is derived from the Sensitive level of DMS.
    • High Sensitivity: The High Sensitivity level is derived from the Confidential level of DMS.
    Rule Configurations
    • Metadata Scan
      • Contain: If the name of a field contains the characters that you enter, the field is marked with the specified security level.
      • Exclude: If the name of a field contains the characters that you enter, the field is not marked with the specified security level.
      Note To filter multiple fields, you can enter multiple keywords that are separated by commas (,).
    • Data Content Scan: the regular expression that is used to match field values.
      Note To check whether the regular expression that you enter works as expected, enter test data and click Test.
      • If the message "The field matches the regular expression" is displayed, the test data matches the regular expression.
      • If the message "The field does not match the regular expression" is displayed, the test data does not match the regular expression.
    In the example shown in the following figure, the fields whose names contain name and the fields whose values contain A, B, or C are marked with Moderate Sensitivity. 2敏感数据保护-识别规则2英文
  6. Enable the sensitive data detection rule that you create.
    Note
    • By default, a sensitive data detection rule is disabled. A sensitive data detection rule takes effect only after you enable the rule.
    • You cannot modify built-in sensitive data detection rules. However, you can disable built-in sensitive data detection rules.
    • After you enable or disable a sensitive data detection rule, the setting takes effect in the next scan task.