Help Center/ Data Security Center/ User Guide (ME-Abu Dhabi Region)/ Data Masking/ Configuring a Data Masking Rule
Updated on 2022-12-29 GMT+08:00
View PDF

Configuring a Data Masking Rule

This section describes how to configure a masking rule. For more details about masking algorithms, see Introduction.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security > Data Security Center.
  4. In the navigation pane, choose Data Masking. On the displayed page, click the Masking Rule tab.
  5. On the Masking Rule tab page, select a proper masking method and configure a masking rule.

    • If you select Hash, configure a masking rule based on Hash.
    • If you select Character Masking, configure a masking rule based on Character Masking.
    • If you select Keyword Replacement, configure a masking rule based on Keyword Replacement.
    • If you select Value Change, configure a masking rule based on Value Change.
    • If you select Roundup, configure a masking rule based on Roundup.

Hash

Hash functions are used in data storage to replace a character string fields with hash values. In a relational database, the length of a field must be the same as that of hash values so that the hash values can be completely written to the destination database. By default, two hash algorithms, SHA-256 and SHA-512, are configured for DSC.

Hash algorithms are built-in DSC and do not need to be configured. If you want to test the masking effect, perform the following steps:

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Hash tab.

    Figure 1 Hash algorithm

  3. In the column where the SHA-256 or SHA-512 algorithm is located, click Test.
  4. On the displayed page, enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.

    Figure 2 Hash method

Character Masking

Use the specified character * or a random character to hide part of the content as required.

The following six masking approaches are supported: Retain first N and last M, Retain from X to Y, Mask first N and last M, Mask from X to Y, Mask data ahead of special characters, and Mask data followed by special characters.

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Character Masking tab.

    Figure 3 Character masking method

  3. Click Add to configure a character masking rule.

    Figure 4 Adding a character masking rule

  4. Enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.
  5. Verify the testing result and click Save.

    • Multiple character masking rules have been preset in DSC. Built-in masking rules cannot be deleted. To delete a customized masking rule, click Delete in the Operation column of the rule list.
    • All rules can be edited. In the Operation column of the rule list, click Edit to modify a rule.

Keyword Replacement

Replace the matched keyword with customized characters. For example, if the original characters are abcdefgbcdefgkjkoij, the keyword is bcde. Replace the preset value 12 with the keyword, and the masking result is a12fg12fgkjkoij.

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Keyword Replacement tab.

    Figure 5 Keyword replacement method

  3. Set the keyword to be replaced and the characters to be replaced with.

    After that, the keywords matched in the raw data will be replaced with the configured replacement characters.
    Figure 6 Adding a keyword

  4. Enter the raw data and click Test. The masking result will be displayed in the Masking Result text box.
  5. Verify the testing result and click Save.

    • If you want to modify a configured masking rule, click Edit and Test in the Operation.
    • If you want to delete a configured masking rule, click Delete in the Operation column.

Value Change

DSC has the following two built-in data masking algorithms:
  • Masking Using the Null Value: Set fields of any type to NULL. If a field is set to NOT NULL, this algorithm changes the attribute of the file to NULL when copying the column.
  • Masking Using a Custom Value: Set the specified field to an empty value. Specifically, a character field is left blank, a numeric field is set to 0, a date field is set to 1970, and time field is set to 00:00.

This is the built-in masking rule of DSC and does not need to be configured. To view the masking rule, perform the following steps:

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click the Value Change tab.

    Figure 7 Accessing the Value Change tab page

Roundup

  1. Go to the Masking Rule page by following operations provided in Procedure.
  2. Click Round.

    DSC has the following two built-in data masking algorithms:

    • Date Roundup: Used for time-related fields such as timestamp, time, data, and datatime in RDS.
    • Number Roundup: Used for value types fields such as double, float, int, and long. After data masking, the original field type remains unchanged.
    Figure 8 Roundup masking algorithms

  3. In the Number Roundup column, click Edit and Test to configure the rounding value.

    Masking Result: Rounds a given value down towards the closest multiple of the integer. For example, if the given value is set to 5 and the raw data is 14, the closest multiple of 5 that are close to 14 is rounded down to 10. That is, the masking result is 10.
    Figure 9 Number roundup

  4. Enter the raw data, click Test.
  5. Verify the testing result and click Save.
Parent topic: Data Masking