Creating a Database Data Masking Task
Creating a database masking task to mask sensitive information in a specified database. This section describes how to create a database masking task.
Prerequisites
- Access to cloud assets has been authorized. For details, see Allowing or Disallowing Access to Cloud Assets.
- Specific assets have been added or authorized. For details, see Asset Center.
- Sensitive data has been identified by referring to Creating an Identification Task.
Constraints
The following data sources are supported: SQLServer, MySQL, TDSQL, PostgreSQL, Dameng, Kingbase, GaussDB, Oracle, and DWS.
Creating and Running a Database Masking Task
- Log in to the management console.
- Click in the upper left corner and select a region or project.
- In the navigation tree on the left, click . Choose .
- In the left navigation pane, choose Data Asset Protection > Static Data Masking.
- On the Databases tab page, click to enable database data masking.
- Click Create Task. On the displayed Configure Data Source page, configure parameters according to Table 1.
Figure 1 Configuring a database data masking task
Table 1 Parameter description Parameter
Description
Task Name
You can customize the name of a data masking task.
The task name must meet the following requirements:- Contain 1 to 255 characters.
- Consist of letters, digits, underscores (_), and hyphens (-).
Select Data Source
Select a data source. Available options are SQLServer, MySQL, TDSQL, PostgreSQL, Dameng, Kingbase, OpenGauss, Oracle, and DWS.
Data Source
NOTE:If no database instance is available, click Add Database to add or authorize a database. For details, see Authorizing Access to Database Assets.
Database instance: Select the database instance where the data you want to mask is located.
Database: Select the name of the database where the data you want to mask is located.
Schema: This parameter is available only when SQLServer, KingBase, OpenGauss, PostgreSQL, or DWS is selected for Data Source.
Table name: Select the name of the database table where the data you want to mask is located.
Masking Ratio
Specify the database's masking ratio. For instance, setting it to 80% will mask the initial 800 rows in a database with 1000 rows.
- Click Next. The Set Masking Algorithm page is displayed.
- Select the data columns you want to mask.
- Select a data masking algorithm. For details about data masking algorithms, see Configuring a Data Masking Rule.
If the decryption masking algorithm is selected for encrypted data, the encrypted data will be decrypted then masked.
If the masking algorithm is selected for unencrypted data, data remains unchanged after masking.
- Click Edit. On the editing test page displayed, test the masking algorithm you selected. Enter the replacement string and raw data, click Test, and view the masking result. For details about masking rules, see Configuring a Data Masking Rule.
- Click Next. On the Configure Data Masking Period page that is displayed, configure the masking period.
Click next to Incremental Masking to enable incremental masking.
Incremental Key Value: Select an incremental key value from the drop-down list box, for example, id.
- After incremental masking is enabled, the data added after the last masking task is completed is masked. Select a field that increases with time in the source data as the incremental column, such as the creation time and auto-increment ID.
- Currently, incremental masking supports the following database field types: int, bigint, integer, date, and datetime.
Select and set the execution period of a masking task.
- Manual: Manually enable a masking task and execute it based on masking rules.
- Hourly: Execute a data masking task every several hours.
Example: If the masking task needs to be executed every two hours, set this parameter to 02:00.
- Daily: Execute a data masking task at a specified time every day.
Example: If the masking task needs to be executed at 12:00 every day, set this parameter to 12:00:00.
- Weekly: Execute a data masking task at a specified time every week.
Example: If the masking task needs to be executed at 12:00 every Monday, set this parameter to 12:00:00 every Monday.
- Monthly: Execute a data masking task at a specified time on a specified day every month.
Example: If the masking task needs to be executed at 12:00 on the 12th day of each month, set this parameter to 12:00:00 12th day of every month.
If you want to execute a data masking task on the 31st day of each month, the system automatically executes the task on the last day of every month.
- Click Next. The Set Target Data page is displayed.
Figure 2 Configuring a target data type
- Select a database instance and database name, and enter the database table name.
If the entered data table name already exists, the system updates the data table in the target database.
If the entered data table name does not exist, the system automatically creates a data table with the same name in the target database.
- Do not fill in an existing service data table. Otherwise, services may be affected.
- Do not select an original data table as the target data table. Otherwise, the original data may be overwritten.
- Set the column name of the target data type.
By default, the system generates a name that is the same as the name of the data source column. You can retain the default name or change it as required.
- Select a database instance and database name, and enter the database table name.
- Click Finish.
- Click the Database tab and turn on the button under Enable/Disable to enable the task. In the Operation column of the target masking task, click Execute , as shown in Figure 3.
- The data masking task is executed as configured.
Viewing the Status of a Database Data Masking Task
- On the Database tab page, click of the target data masking task to view it execution status.
The statuses are as follows:
- Queuing: The masking task is in the queue.
- Completed: The data masking task has been successfully executed.
- Running: The data masking task is being executed.
- Pending execution: The data masking task is not executed.
- Stopped: The data masking task has been manually stopped.
- Failed: The data masking task fails to be executed. Move the cursor to to view the failure cause.
Figure 4 Data masking task statuses
Editing and Deleting a Database Data Masking Task
A masking task in the Waiting or Running status cannot be edited or deleted.
- In the database data masking task list, locate the row containing the target data masking task and click Edit in the Operation column to reconfigure masking task information. For details, see Creating and Running a Database Masking Task.
Figure 5 Editing a database data masking task
- In the database data masking task list, locate the row containing the target data masking task and click Delete in the Operation column.
Figure 6 Deleting a database data masking task
Deleted masking tasks cannot be restored. Exercise caution when performing this operation.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot