Updated on 2024-10-23 GMT+08:00

Managing Masking Policies

In business activities, some enterprise departments need to analyze data for operations. In this case, data must be accessible to these departments even if it is sensitive. To meet this requirement and prevent data leakage, you can create data masking policies to mask sensitive data.

This section describes how to manage the masking policies for static masking tasks.

Prerequisites

Creating a Data Masking Policy

  1. On the DataArts Studio console, locate a workspace and click DataArts Security.
  2. Choose Masking Policies from the left navigation bar, and click Create in the upper part of the displayed page.

    Figure 1 Creating a data masking policy

  3. In the displayed dialog box, set the parameters listed in Table 1 and click OK.

    Figure 2 Creating a data masking policy

    Table 1 Parameters

    Parameter

    Description

    *Policy Name

    The name of the policy to be created. Policy names can include only letters, numbers, and underscores (_) and cannot exceed 64 characters.

    Description

    A description of the policy to be created, which can contain a maximum of 255 characters.

    *Status

    If the status switch is turned on, the policy is available. If the status switch is turned off, the policy cannot be used.

    *Recognition Rules and Masking Algorithm

    Sensitive data identification rule and the corresponding masking algorithm

    • *Recognition Rules: Select a data identification rule. For details, see Creating Identification Rules.
    • Description: Enter a description of the rule.
    • *Algorithm Type: Select an algorithm type. For details, see Table 1.
    • *Masking Algorithm: Select an algorithm of the selected type. For details, see Table 1.
    NOTE:
    Before using the following masking algorithms, you must configure keys:
    • HMAC-SHA256 hash algorithm
    • DWS column encryption algorithm

    For more restrictions on different masking algorithms, see Managing Masking Algorithms.

Related Operations

  • Editing a masking policy: On the Masking Policies page, locate a policy and click Edit in the Operation column.
  • Setting the masking policy status: A masking policy is enabled by default. If a data masking policy is disabled, it cannot be used by static data masking tasks.

    To change the status of a data masking policy, click or to enable or disable the policy.

    Masking policies used by static masking tasks cannot be disabled.

  • Deleting masking policies: On the Masking Policies page, locate a policy and click Delete in the Operation column. To delete multiple policies, select them and click Delete above the list.
    Policies used by static masking tasks cannot be deleted. To delete such policies, modify the reference relationship first.

    The deletion operation cannot be undone. Exercise caution when performing this operation.