Updated on 2024-11-19 GMT+08:00

Customizing a Rule

Sensitive data identification rules include built-in rules and user-defined rules. You can select built-in or customized identification rules when creating or editing an identification template.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation tree on the left, click . Choose Security & Compliance > Data Security Center .
  4. In the navigation pane, choose Sensitive Data Identification > Identification Configuration.
  5. Click the Identification Rule tab, as shown in Figure 1.

    Figure 1 Identification rules

  6. Click Create a user-defined rule in the upper left corner of the page.
  7. In the displayed dialog box, set required parameters based on Table 1.

    Table 1 Parameter description

    Parameter

    Description

    Rule

    You can customize a rule name.

    The rule name must meet the following requirements:

    • Contain 1 to 255 characters.
    • Consist of letters, digits, underscores (_), hyphens (-), and brackets.
    • Be unique.

    Description

    Enter a rule description.

    Add to Template

    • Select the template name, template rule category, and level from the drop-down list boxes to add the rule to a rule template.
    • Click Add to add the rule to multiple templates.
    • Click the deletion button to delete the template. Retain at least one template.

    Match Type

    This parameter can be set to Rule matching or Keyword matching.

    • Keyword matching indicates that the rule can be executed using keywords.
    • Regular matching is used to match (specify and identify) characters, words, and patterns.
      NOTE:

      For Hive data in MRS, sensitive data can be identified only when Match Type is Rule matching and Rule is Content > Include.

    Matching Logic

    Select the matching logic:
    • AND: All keywords are included.
    • OR: Only one keyword is included.

    Rule

    This parameter is displayed when Match Type is set to Rule matching. Select the rule content from the drop-down list.

    • Choose Column Name > Include or Column Comment > Include. Enter a keyword to check whether the column name or column comment contains the keyword.
    • Choose Column Name > Regex or Column Comment > Regex and enter a regular expression to check whether it matches.
    • Choose Content > Include. Enter a keyword to check whether the keyword is contained in the content.
    • Choose Content > Regex. Enter a regular expression to check whether the regular expression matches.
    • Choose Content > Keyword and enter multiple keywords. The relationship between the keywords is OR, meaning if any keyword is found in the content, it will be matched.
    NOTE:

    For Hive data in MRS, sensitive data can be identified only when Match Type is Rule matching and Rule is Content > Include.

    Test Rule

    • This parameter is displayed when Match Type is set to Rule Matching.
    • Enter the rule content and click Test. The test result of the rule is displayed in the Test Result area.
    • You can click Add to add multiple rules for test.
    • Both built-in rules and user-defined rules support rule tests. To test a built-in rule, click Details in the Operation column of the rule list. On the Edit Rule page, enter the rule for test.
      NOTE:
      • Image rules cannot be tested.
      • The rule test is not supported when the Match Type is Keyword matching.
      • Only the first matching result of the test content is displayed.

    Content

    • This parameter is displayed when Match Type is set to Keyword Matching.
    • Multiple keywords are separated by line breaks.

    Identification Threshold Configuration

    Applicable to unstructured data. You can click to select a low, medium, or high threshold. A higher threshold requires more hits.

    Hit Rate

    Applicable to structured data. You can drag the slider to set this parameter.

  8. Click OK.