Updated on 2022-12-16 GMT+08:00

Data Masking

Background

In the big data era, the huge value of data also brings difficulties in privacy protection. Data masking ensures efficient big data sharing and protects sensitive information.

Description

GaussDB(DWS) allows users to create data masking policies by column. Users can create policies for sensitive data in services. Sensitive data is identified by users based on their service scenarios. After a data masking policy is configured, only the administrator and table object owner can access raw data. In addition, the data can be used for actual calculation and is masked only when the database service returns the final result.

Figure 1 Data masking effect

Technical Principles

Figure 2 Technical principles
Table 1 Interface functions

External Interface

Function

add_policy

Creating a masking policy

alter_policy

Modifying a data masking policy

drop_policy

Deleting a data masking policy

enable_policy

Enabling a data masking policy

disable_policy

Disabling a data masking policy

After a data masking policy is created for a column in a table, all queries involving the column are affected by the policy. Only the administrator and table owner can query and return the original values of the column.

Benefits

Industries involving sensitive information have great requirements for data masking, such as finance, government, and healthcare. Data masking can be used to prevent sensitive information leakage in application development, testing, and training scenarios.

For details, see Data Redaction