Help Center/ Data Security Center/ User Guide/ Policy Center/ Policy Management
Updated on 2025-01-17 GMT+08:00
View PDF
Share

Policy Management

The administrator creates policies for database audit, watermarking, and static masking on the policy management page of the policy center, and then deploys these policies to the relevant services or instances.

Policy Types

  • Database audit: Monitor and records database activities to ensure data integrity, security, and compliance.
  • Database watermarking: Embed invisible identifiers into data to verify data authenticity and ownership and trace data leakage sources.
  • Static database masking: Mask sensitive data to ensure privacy and security while retaining the data structure and statistics features.

Creating a Policy

The following part describes how to create a policy.

Connect to the DBSS service to monitor and record database instances that do not require agent audits, ensuring data integrity, security, and compliance.

Prerequisites

DBSS has been enabled and an instance has been added.

  1. Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation tree on the left, click . Choose Security & Compliance > Data Security Center .
  4. Choose Policy Center > Policy Management. The Policy Management page is displayed.
  5. Click Create Policy in the upper left corner. The Create Policy page is displayed.
  6. Select the Database audit policy type.
  7. Click Start configuring. The page for configuring the database audit policy type is displayed.
  8. Set the parameters by referring to Table 1.

    Table 1 Parameters for configuring a database audit policy

    Parameter

    Description

    Policy Name

    Enter a policy name. The name can contain a maximum of 255 characters, including letters, digits, underscores (_), and hyphens (-).

    Associated Instance

    Select a database audit instance from the drop-down list.

    Target Data Source

    Select the target data source from the drop-down list. Only database instances that do not require agent audit are supported.

    Display Result Set

    When the function for recording result sets is enabled, the system logs the SQL result content. You can view this content in the logs. If the function is disabled, the SQL result in the log details will be empty.

    Recording result sets may lead to information leakage. Therefore, it is recommended not to enable this function.

    Mask Privacy Data

    You are advised to set masking rules to prevent sensitive data leakage.

  9. Click Save and Deliver. The policy list is displayed, showing the newly created policy.

Embed invisible identifiers into data to verify data authenticity and ownership and trace data leakage sources.

  1. Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation tree on the left, click . Choose Security & Compliance > Data Security Center .
  4. Choose Policy Center > Policy Management. The Policy Management page is displayed.
  5. Click Create Policy in the upper left corner. The Create Policy page is displayed.
  6. Select the Database Watermark policy type.
  7. Click Start configuring. On the Database Watermarking page that is displayed, create a watermark injection or watermark extraction task. For details, see Injecting Watermarks to Databases and Extracting Watermarks from Databases.

Mask sensitive data to ensure privacy and security while retaining the data structure and statistics features.

  1. Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation tree on the left, click . Choose Security & Compliance > Data Security Center .
  4. Choose Policy Center > Policy Management. The Policy Management page is displayed.
  5. Click Create Policy in the upper left corner. The Create Policy page is displayed.
  6. Select the Static database masking policy type.
  7. Click Start configuring. On the displayed data masking page, create a data masking task. For details, see Static Data Masking.

Related Operations

  • Disabling a policy: You can click Disable in the Operation column of a policy that is enabled and successfully delivered to disable the policy. After you click Disable, the policy status changes to Disabled (Delivering). When the policy status changes to Disabled (Delivered), the policy is disabled.

    After an encryption policy is enabled and delivered, it cannot be disabled or deleted. You can click Decrypt under Operation > More to decrypt the corresponding encryption policy. After decryption, a suffix is appended to the encryption policy name. A new decryption policy will not be generated.

  • Deleting a policy: Click Delete in the Operation column of a policy that is successfully delivered to delete the policy. After you click Delete, a message is displayed in the upper right corner of the page, indicating that the policy is successfully deleted.
Parent Topic: Policy Center