Updated on 2025-04-16 GMT+08:00

Configuring a Data Masking Allowlist

You can add an allowlist on the Allowlist page by configuring Database Username, IP Range, Start Time, and End Date. The relationship between the parameters is AND. If multiple parameters are configured, only those who meet all conditions are added to the allowlist. Users in the allowlist can view the unmasked plaintext data.

Procedure

  1. Log in to a database encryption and access control instance as the sysadmin user.
  2. In the navigation pane on the left, choose Dynamic Data Mask > Data Masking Policy.
  3. Choose Data Type > Asset Name.

    Figure 1 Data source

  4. In the masking rule list, locate the target data source and click Allowlist Rule.
  5. On the Allowlist page, click Add Allowlist.
  6. Configure the parameters in the displayed Add Allowlist dialog box. Table 1 describes the parameters.

    The relationship between the parameters is AND. If multiple parameters are configured, only those who meet all conditions are added to the allowlist.

    Table 1 Adding an allowlist

    Parameter

    Description

    Data Source

    Data source name

    Database Username

    Database username to be added to the allowlist

    IP Range

    IP addresses to be added to the allowlist

    Authorization Start Time

    Time when the allowlist starts to take effect

    Authorization End Time

    Time when the allowlist stops to take effect

    Allowlist Rule

    • All Rules: All masking rules are added to the allowlist.
    • Specify Rules: Only specified rules are added to the allowlist.
    Figure 2 Adding an allowlist

  7. Click Save.