Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Configuring a Data Masking Rule

Updated on 2022-12-29 GMT+08:00

This section describes how to configure a masking rule. For more details about masking algorithms, see Introduction.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security > Data Security Center.
  4. In the navigation pane, choose Data Masking. On the displayed page, click the Masking Rule tab.
  5. On the Masking Rule tab page, select a proper masking method and configure a masking rule.

    • If you select Hash, configure a masking rule based on Hash.
    • If you select Character Masking, configure a masking rule based on Character Masking.
    • If you select Keyword Replacement, configure a masking rule based on Keyword Replacement.
    • If you select Value Change, configure a masking rule based on Value Change.
    • If you select Roundup, configure a masking rule based on Roundup.

Hash

Hash functions are used in data storage to replace a character string fields with hash values. In a relational database, the length of a field must be the same as that of hash values so that the hash values can be completely written to the destination database. By default, two hash algorithms, SHA-256 and SHA-512, are configured for DSC.

Hash algorithms are built-in DSC and do not need to be configured. If you want to test the masking effect, perform the following steps:

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Hash tab.

    Figure 1 Hash algorithm

  3. In the column where the SHA-256 or SHA-512 algorithm is located, click Test.
  4. On the displayed page, enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.

    Figure 2 Hash method

Character Masking

Use the specified character * or a random character to hide part of the content as required.

The following six masking approaches are supported: Retain first N and last M, Retain from X to Y, Mask first N and last M, Mask from X to Y, Mask data ahead of special characters, and Mask data followed by special characters.

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Character Masking tab.

    Figure 3 Character masking method

  3. Click Add to configure a character masking rule.

    Figure 4 Adding a character masking rule

  4. Enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.
  5. Verify the testing result and click Save.

    NOTE:
    • Multiple character masking rules have been preset in DSC. Built-in masking rules cannot be deleted. To delete a customized masking rule, click Delete in the Operation column of the rule list.
    • All rules can be edited. In the Operation column of the rule list, click Edit to modify a rule.

Keyword Replacement

Replace the matched keyword with customized characters. For example, if the original characters are abcdefgbcdefgkjkoij, the keyword is bcde. Replace the preset value 12 with the keyword, and the masking result is a12fg12fgkjkoij.

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Keyword Replacement tab.

    Figure 5 Keyword replacement method

  3. Set the keyword to be replaced and the characters to be replaced with.

    After that, the keywords matched in the raw data will be replaced with the configured replacement characters.
    Figure 6 Adding a keyword

  4. Enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.
  5. Verify the testing result and click Save.

    • If you want to modify a configured masking rule, click Edit and Test in the Operation.
    • If you want to delete a configured masking rule, click Delete in the Operation column.

Value Change

DSC has the following two built-in data masking algorithms:
  • Masking Using the Null Value: Set fields of any type to NULL. If a field is set to NOT NULL, this algorithm changes the attribute of the file to NULL when copying the column.
  • Masking Using a Custom Value: Set the specified field to an empty value. Specifically, a character field is left blank, a numeric field is set to 0, a date field is set to 1970, and time field is set to 00:00.

This is the built-in masking rule of DSC and does not need to be configured. To view the masking rule, perform the following steps:

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Value Change tab.

    Figure 7 Accessing the Value Change tab page

Roundup

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click Round.

    DSC has the following two built-in data masking algorithms:

    • Date Roundup: Used for time-related fields such as timestamp, time, data, and datatime in RDS.
    • Number Roundup: Used for value types fields such as double, float, int, and long. After data masking, the original field type remains unchanged.
    Figure 8 Roundup masking algorithms

  3. In the Number Roundup column, click Edit and Test to configure the rounding value.

    Masking Result: Rounds a given value down towards the closest multiple of the integer. For example, if the given value is set to 5 and the raw data is 14, the closest multiple of 5 that are close to 14 is rounded down to 10. That is, the masking result is 10.
    Figure 9 Number roundup

  4. Enter the raw data, click Test.
  5. Verify the testing result and click Save.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback