Help Center> Data Security Center> User Guide> Data Privacy Protection> Data Masking> Managing Static Data Masking Tasks> Creating and Running a Database Masking Task
Updated on 2024-04-11 GMT+08:00
View PDF

Creating and Running a Database Masking Task

Creating a database masking task to mask sensitive information in a specified database. This section describes how to create a database masking task.

Prerequisites

Constraints

Supported data sources include SQLServer, MySQL, PostgreSQL, TDSQL, DMDBMS, KingBase, Oracle, GaussDB(DWS), and OpenGauss.

Creating and Running a Database Masking Task

  1. Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation tree on the left, click . Choose Security and Compliance > Data Security Center .
  4. In the left navigation pane, choose Data Privacy Protection > Static Data Masking.
  5. On the Database Masking tab page, click to enable database data masking.
  6. Click Create Task. On the displayed Configure Data Source page, configure parameters according to Table 1.

    Figure 1 Configuring a database data masking task
    Table 1 Datas source parameters

    Parameter

    Description

    Task Name

    You can create a custom name for a data masking task.

    The task name must meet the following requirements:
    • It can contain 1 to 255 characters.
    • Only letters, numbers, underscores (_), and hyphens (-) are allowed.

    Select Data Source

    Select a data source. Possible values are SQLServer, MySQL, TDSQL, PostgreSQL, DMDBMS, KingBase, Oracle, DWS, or OpenGauss.

    Data Source

    NOTE:

    If no database instance is available, click Add Database. For details, see Authorizing Access to a Database Asset.

    Database instance: Select the database instance where the data you want to mask is.

    Database: Select the name of the database where the data you want to mask is.

    Schema: This parameter is available only when SQLServer, KingBase, OpenGauss, PostgreSQL, or DWS is selected for Data Source.

    Table name: Select the name of the database table where the data you want to mask is.

    Data Type: Selecting the check box will copy the data in this column to the target database.

    Masking Ratio

    You can drag the slider to select the masking ratio of the data in the database. For example, if the database contains 1000 rows of data and you drag the slider to 80%, the first 800 rows of data in the database are masked.

  7. Click Next.

    Figure 2 Configuring a masking algorithm
    1. Select the data columns you want to mask.
    2. Select a data masking algorithm. For details about data masking algorithms, see Configuring a Data Masking Rule.

      If the decryption masking algorithm is selected for encrypted data, the encrypted data will be decrypted then masked.

      If the masking algorithm is selected for unencrypted data, data remains unchanged after masking.

    3. Click Edit. On the editing test page displayed, test the masking algorithm you selected, as shown in Figure 3. Enter the replacement string and raw data, click Test, and view the masking result. For details about masking rules, see Configuring a Data Masking Rule.
      Figure 3 Editing test

  8. Click Next.

    Click next to Incremental Masking to enable incremental masking.

    • After incremental masking is enabled, the data added after the last masking task is completed is masked. Select a field that increases with time in the source data as the incremental column, such as the creation time and auto-increment ID.
    • Currently, incremental masking supports the following database field types: int, bigint, integer, date, and datetime.
    Figure 4 Masking period

    Select and set the execution period of a masking task.

    • Manual: Manually enable a masking task and execute it based on masking rules.
    • Hourly: A data masking task is executed every several hours.

      For example, to execute a data masking task every two hours, set this parameter to 02:00.

    • Daily: A data masking task is executed at a specified time every day.

      For example, to execute a data masking task at 12:00 every day, set this parameter to 12:00:00.

    • Weekly: A data masking task is executed at a specified time every week.

      For example, to execute a data masking task at 12:00 every Monday, set this parameter to 12:00:00 every Monday.

    • Monthly: A data masking task is executed at a specified time on a specified day every month.

      For example, to execute a data masking task at 12:00 on the 12th day of each month, set this parameter to 12:00:00 12th day of every month.

      If you need to execute a data masking task on the 31st day of each month and the month has fewer than 31 days, the system automatically executes the task on the last day of the month.

  9. Click Next. The Set Target Data page is displayed.

    Figure 5 Configuring a target data type
    1. Select a database instance and database name, and enter the database table name.

      If the data table name you entered already exists, the system updates the data table in the target database.

      If the data table name you entered does not exist, the system automatically creates a data table with the same name in the target database.

      • Do not fill in an existing service data table. Otherwise, services may be affected.
      • Do not select an original data table as the target data table. Otherwise, the original data may be overwritten.
    2. Set the column name of the target data type.

      By default, the system generates the same name as the data source column. You can retain the default name or change it as needed.

  10. Click Finish.
  11. Click the Database tab. Locate the row containing the target data masking task and click Execute in the Operation column.

    Figure 6 Executing a database data masking task

  12. The system starts to execute the data masking task as configured.

Viewing the Status of a Database Data Masking Task

  • On the Database tab page, click of the target data masking task to view it execution status.
    The statuses are as follows:
    • Completed: The data masking task has been successfully executed.
    • Running: The data masking task is being executed.
    • Pending execution: The data masking task is not executed.
    • Stopped: The data masking task has been manually stopped.
    • Failed: The data masking task fails to be executed. Move the cursor to to view the failure cause.
    Figure 7 Data masking task statuses

Editing and Deleting a Database Data Masking Task

A data masking task in the Pending execution or Running state cannot be edited or deleted.

  • In the database data masking task list, locate the row containing the target data masking task and click Edit in the Operation column to reconfigure masking task information. For details, see Creating and Running a Database Masking Task.
    Figure 8 Editing a database data masking task
  • In the database data masking task list, locate the row containing the target data masking task and click Delete in the Operation column.
    Figure 9 Deleting a database data masking task

    Deleted data masking tasks cannot be recovered.