Help Center> Data Security Center> User Guide> Data Privacy Protection> Data Masking> Managing Static Data Masking Tasks> Creating and Running a Database Masking Task
Updated on 2023-12-05 GMT+08:00
View PDF

Creating and Running a Database Masking Task

Creating a database masking task to mask sensitive information in a specified database. This section describes how to create a database masking task.

Prerequisites

Constraints

Supported data sources include SQLServer, MySQL, PostgreSQL, TDSQL, DMDBMS, KingBase, Oracle, GaussDB(DWS), and OpenGauss.

Creating and Running a Database Masking Task

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Data Security Center.
  4. In the left navigation pane, choose Data Privacy Protection > Static Data Masking.

    Figure 1 Database data masking

  5. On the Database Masking tab page, click to enable database data masking.
  6. Click Create Task. On the displayed Configure Data Source page, configure parameters according to Table 1.

    Figure 2 Configuring a database data masking task
    Table 1 Datas source parameters

    Parameter

    Description

    Task Name

    You can create a custom name for a data masking task.

    The task name must meet the following requirements:
    • It can contain 1 to 255 characters.
    • Only letters, numbers, underscores (_), and hyphens (-) are allowed.

    Select Data Source

    Select a data source. Possible values are SQLServer, MySQL, TDSQL, PostgreSQL, DMDBMS, KingBase, Oracle, DWS, or OpenGauss.

    Data Source

    NOTE:

    If no cloud databases are available, click Add Database to add a cloud database. For details, see Adding a Cloud Database.

    Database instance: Select the database instance where the data you want to mask is.

    Database: Select the name of the database where the data you want to mask is.

    Schema: This parameter is available only when SQLServer, KingBase, OpenGauss, PostgreSQL, or DWS is selected for Data Source.

    Table name: Select the name of the database table where the data you want to mask is.

    Data Type: Selecting the check box will copy the data in this column to the target database.

    Masking Ratio

    You can drag the slider to select the masking ratio of the data in the database. For example, if the database contains 1000 rows of data and you drag the slider to 80%, the first 800 rows of data in the database are masked.

  7. Click Next.

    Figure 3 Configuring a masking algorithm
    1. Select the data columns you want to mask.
    2. Select a data masking algorithm. For details about data masking algorithms, see Configuring a Data Masking Rule.
    3. Click Edit. On the editing test page displayed, test the masking algorithm you selected. Enter the replacement string and raw data, click Test, and view the masking result. For details about masking rules, see Configuring a Data Masking Rule.
      Figure 4 Editing test

  8. Click Next.

    Click next to Incremental Masking to enable incremental masking.

    • After incremental masking is enabled, the data added after the last masking task is completed is masked. Select a field that increases with time in the source data as the incremental column, such as the creation time and auto-increment ID.
    • Currently, incremental masking supports the following database field types: int, bigint, integer, date, and datetime.
    Figure 5 Masking period

    Select and set the execution period of a masking task.

    • Manual: Manually enable a masking task and execute it based on masking rules.
    • Hourly: A data masking task is executed every several hours.

      For example, to execute a data masking task every two hours, set this parameter to 02:00.

    • Daily: A data masking task is executed at a specified time every day.

      For example, to execute a data masking task at 12:00 every day, set this parameter to 12:00:00.

    • Weekly: A data masking task is executed at a specified time every week.

      For example, to execute a data masking task at 12:00 every Monday, set this parameter to 12:00:00 every Monday.

    • Monthly: A data masking task is executed at a specified time on a specified day every month.

      For example, to execute a data masking task at 12:00 on the 12th day of each month, set this parameter to 12:00:00 12th day of every month.

      If you need to execute a data masking task on the 31st day of each month and the month has fewer than 31 days, the system automatically executes the task on the last day of the month.

  9. Click Next. The Set Target Data page is displayed.

    Figure 6 Configuring a target data type
    1. Select a database instance and database name, and enter the database table name.

      If the data table name you entered already exists, the system updates the data table in the target database.

      If the data table name you entered does not exist, the system automatically creates a data table with the same name in the target database.

      Do not fill in an existing service data table. Otherwise, services may be affected.

    2. Set the column name of the target data type.

      By default, the system generates the same name as the data source column. You can retain the default name or change it as needed.

  10. Click Finish.
  11. Click the Database tab. Locate the row containing the target data masking task and click Execute in the Operation column.

    Figure 7 Executing a database data masking task

  12. The system starts to execute the data masking task as configured.

Viewing the Status of a Database Data Masking Task

  • On the Database tab page, click of the target data masking task to view it execution status.
    The statuses are as follows:
    • Completed: The data masking task has been successfully executed.
    • Running: The data masking task is being executed.
    • Pending execution: The data masking task is not executed.
    • Stopped: The data masking task has been manually stopped.
    • Failed: The data masking task fails to be executed.
    Figure 8 Data masking task statuses

Editing and Deleting a Database Data Masking Task

A data masking task in the Pending execution or Running state cannot be edited or deleted.

  • In the database data masking task list, locate the row containing the target data masking task and click Edit in the Operation column to reconfigure masking task information. For details, see Creating and Running a Database Masking Task.
    Figure 9 Editing a database data masking task
  • In the database data masking task list, locate the row containing the target data masking task and click Delete in the Operation column.
    Figure 10 Deleting a database data masking task

    Deleted data masking tasks cannot be recovered.