Help Center/ Database Security Service/ User Guide/ Database Security Encryption Management/ System administrator operation guide/ Dynamic Data Masking/ Creating a Data Masking Rule
Updated on 2025-04-16 GMT+08:00
View PDF
Share

Creating a Data Masking Rule

You can create a masking rule for the plaintext data in the database to ensure security.

  • If you are familiar with the database table structure, add a data masking rule on the Data Masking Policy page. After the rule is created, users who are not in the whitelist can view only masked data when querying database information.
  • If you are not familiar with the sensitive data distribution, scan your database by referring to Sensitive Data Discovery. Then, create a masking rule in the result. For details, see Creating a Masking Rule in the Result.

If the data in the data table is encrypted and also masked, the following will occur based on different scenarios:

  • If the user is authorized, the masked data is returned.
  • If the user is not authorized, the ciphertext data which is not masked is returned.

Procedure

  1. Log in to a database encryption and access control instance as the sysadmin user.
  2. In the navigation pane on the left, choose Dynamic Data Mask > Data Masking Policy.
  3. Choose Data Type > Asset Name.

    Figure 1 Selecting a data source

  4. On the masking rule list page of the target data source, click Add Custom Rule.
  5. In the displayed Add Masking Rule dialog box, configure the parameters. Table 1 lists the parameters.

    Table 1 Adding a masking rule

    Parameter

    Description

    Rule Name

    Set a masking rule name.

    Schema

    Select a data asset mode.

    Table

    Select a data asset table.

    Column

    Select the column to be masked.

    For details about supported algorithm types, see Checking the Encryption Algorithm.

    Data Type

    Select the data type of the selected column.

    You can add a custom data type. For details, see Adding a User-Defined Data Type.

    Masking Rule

    Select the masking rule to be used.

    You can add a custom masking rule. For details, see Adding a Custom Masking Algorithm.
    Figure 2 Adding a masking rule

  6. Click Save.

Operation Result

  • You can view and manage the created masking rule in the masking rule list. The created masking rule is enabled automatically.
    Figure 3 Masking rule
  • After the data is masked, users who are not in the whitelist can view only masked data when querying the plaintext data.
    Figure 4 Masked data

Related Operations

You can manage the masking rules as follows:

  • Enabling or disabling: Locate the target rule and click the button in the Enable/Disable column.
  • Editing: Locate the target rule and click Edit in the Actions column.
  • Deleting: Locate the target rule and click Delete in the Actions column.
  • Batch operations: Select the target rules and choose batch enabling, disabling, or delete from the Bulk Actions drop-down list.
Parent topic: Dynamic Data Masking