Help Center> DataArts Studio> User Guide> DataArts Security> Privacy Protection and Management> Managing Dynamic Watermarking Policies
Updated on 2024-04-03 GMT+08:00
View PDF

Managing Dynamic Watermarking Policies

Dynamic watermarking means dynamically inserting watermarks into the result sets returned by data query and access requests. This section describes how to enable dynamic watermarking for DataArts Factory so that data watermarks can be dynamically inserted during the dump or download of sensitive data in DataArts Factory.

After dynamic watermarking is enabled for DataArts Factory and a dynamic watermarking policy is created in DataArts Security, an invisible dark watermark will be inserted into the sensitive data dumped or downloaded by a user group or role specified in the policy to prevent the sensitive data from being disclosed. The watermark is the first 16 digits from the ID of the IAM user who is attempting to obtain the sensitive data. For details about how to view the IAM user ID, see "Obtaining a Project ID and Account ID" in (Optional) Obtaining Authentication Information.

Note that dynamic watermarking policies configured for a DataArts Studio instance are visible to and take effect for all the workspaces of the instance.

Prerequisites

  • An MRS Hive or MRS Spark connection has been created.

Constraints

  • Only the DAYU Administrator, Tenant Administrator, or data security administrator can enable or disable dynamic watermarking for DataArts Factory. The workspace administrator can create dynamic watermarking policies. Other common users do not have the permission to perform these operations.
  • Dynamic watermarking policies are only available for MRS Hive and MRS Spark data sources.
  • Adding, deleting, or modifying a dynamic watermarking policy takes about five minutes to take effect.
  • A watermark will be inserted only when more than 500 rows of data are to be dumped or downloaded. If there are less than 500 rows of data, source tracing will be impossible even if a watermark is inserted.

Creating a Dynamic Watermarking Policy

  1. On the DataArts Studio console, locate an instance and click Access. On the displayed page, locate a workspace and click DataArts Security.

    Figure 1 DataArts Security

  2. In the left navigation pane, choose Dynamic Watermarking.

    Figure 2 Accessing the Dynamic Watermarking page

  3. Click to enable dynamic watermarking for DataArts Factory. Click Create and set the parameters listed in Table 1.

    Figure 3 Setting parameters for the dynamic watermarking policy

    The following table lists the parameters.
    Table 1 Policy parameters

    Parameter

    Description

    *Policy Name

    Unique identifier of the dynamic watermarking policy. It must be unique in a DataArts Studio instance.

    To facilitate policy management, you are advised to include the object to be watermarked and the watermark to be added in the name.

    *Data Source Type

    Select MRS Hive or MRS Spark.

    *Data Connection

    If no data connection is available, create one by referring to Creating a Data Connection.

    *Cluster Name

    You do not need to set this parameter. The data source cluster in the data connection is automatically selected.

    *Database

    Database where the sensitive data is stored

    *Data Table

    Data table where the sensitive data is stored

    User Group/Role

    User, user group, or role in the current workspace members. When a specified object queries or exports sensitive data from DataArts Factory, the system adds a dynamic watermark to the sensitive data to protect the sensitive data from being disclosed.

  4. After setting all required parameters, click OK.

Related Operations

  • Extracting a watermark: After obtaining the CSV data file containing a dynamic watermark from DataArts Factory, trace the watermark by referring to Extracting a Watermark.
  • Editing a policy: On the Dynamic Watermarking page, locate a policy and click Edit in the Operation column.
  • Setting the policy status: A watermarking policy is enabled by default. If the watermarking policy is disabled, it does not take effect.

    To change the status of a watermarking policy, click or to enable or disable the policy.

  • Deleting policies: On the Dynamic Watermarking page, locate a policy and click Delete in the Operation column. To delete multiple policies, select them and click Delete above the list.

    The deletion operation cannot be undone. Exercise caution when performing this operation.

  • Viewing policy details: On the Dynamic Watermarking page, locate a policy and click its name to view its details.
    Figure 4 Viewing policy details