Configuring Privacy Data Protection Rules
To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information leakage.
Prerequisites
- The database audit instance is in the Running state.
- For details about how to enable database audit, see Enable Database Audit.
Procedure
- Log in to the management console.
- Select a region, click  , and choose . The Dashboard page is displayed. , and choose . The Dashboard page is displayed.
- In the navigation tree, choose Rules.
- In the Instance drop-down list, select the instance whose privacy data protection rule is to be configured.
- Click the Privacy Data Protection tab.
    
      Only user-defined rules can be edited and deleted. Default rules can only be enabled and disabled. 
- Enable or disable Store Result Set and Mask Privacy Data.
    
    - Store Result Set
      You are advised to disable  . After this function is disabled, database audit will not store the result sets of user SQL statements. . After this function is disabled, database audit will not store the result sets of user SQL statements.Do not enable this function if you want to prepare for PCI DSS/PCI 3DS CSS certification. Note: The result set storage supports only the database audit in agent mode. 
- Mask Privacy Data
      You are advised to enable  . After this function is enabled, you can configure masking rules to prevent privacy data leakage. . After this function is enabled, you can configure masking rules to prevent privacy data leakage.
 
- Store Result Set
      
- Click Add Rule. In the displayed Add Rule dialog box, set the data masking rule, as shown in Figure 1. For details about related parameters, see Table 1.
- Click OK.
    
    A masking rule in the Enabled status is added to the rule list. 
Verifying a Rule
Perform the following steps to check whether a rule takes effect. The audit information about passport No. in a MySQL database is used as an example.
- Enable Mask Privacy Data, and ensure the "Passport NO." masking rule is enabled, as shown in Figure 2.
- Log in to the database as user root through the MySQL database client.
- On the database client, enter an SQL statement.
    
    select * from db where HOST="Passport NO."; 
- In the navigation pane, choose Dashboard.
- In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
- In the Instance drop-down list, select the instance whose SQL statement information you want to view. Click the Statements tab.
- Set filtering conditions to find the entered SQL statement.
- Click the SQL statement. On the Statement Details page, view the SQL statement information. The privacy data masking function is normal, and the masked information is displayed in SQL Statement.
    
    Figure 3 Masking privacy data  
Common Operations
After adding a user-defined masking rule, you can perform the following operations on it:
- Disable
    Locate the row that contains the rule to be disabled and click Disable in the Operation column. A disabled rule cannot be used. Figure 4 Disabling a custom masking rule  
- Edit
    Locate the row that contains the rule to be modified, click Edit in the Operation column, and modify the rule in the displayed dialog box. Figure 5 Editing a custom masking rule  
- Delete
    Locate the row that contains the rule to be deleted, click Delete in the Operation column, and click OK in the displayed dialog box. Figure 6 Deleting a custom masking rule  
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot 
     
      
