Manage sensitive data
NineData supports setting one or more columns in the data source as sensitive columns. Users who are not authorized to view sensitive columns will not be able to view the content of the column.
Prerequisites
- You have created or joined an organization, and this organization has subscribed to either or . Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
- Your current account has switched to the target organization. For more information, please refer to Switching to an Organization.
You have added the data sources that require sensitive field additions to NineData. To learn how to add data sources, please refer to Adding Data Sources.
The data source types are MySQL, PostgreSQL, Doris, SelectDB, DB2, Oracle|OceanBase Oracle, or TiDB.
tipIf sensitive columns need to be set for the view, the data source type must be MySQL, DB2, PostgreSQL, or TiDB.
Important Notes
- Users with the role can view all sensitive columns without needing authorization.
- Under , sensitive column configuration is limited to a maximum of 3 data sources, while has no such limitation.
Add Sensitive Columns to Data Sources
Log in to NineData console.
On the left navigation bar, click Datasource > Sensitive Data.
On the Datasource tab, click Add Datasource in the upper right corner of the page.
Click the check box below the Datasource, a list of data sources that have been added to NineData will pop up, and select the data source that needs to add sensitive columns from the list.
tipIf cannot find the target data source, click Create Now below the list to add the data source. For more information, see Manage Datasources.
NineData supports two options: Add Manually and Automatic Scan (DB2, Oracle|OceanBase Oracle currently only supports ), where Automatic Scan can automatically scan sensitive columns in the data source and add them to the list of sensitive columns according to Detection Rules.
- Add Manually: Click Add Manually, select the column names to be added as sensitive columns on the Add Columns page on the right , and click OK.
tipIf there is too much content in the database and difficult to find the objects, user can select the database and data table at the top of the Add Columns page, filter out the target table, and then search by column name to quickly locate the target column.
- Automatic Scan: Click Automatic Scan , click Scan on the Automatic Scan page on the right, wait for the scan to complete, select the scanned sensitive columns in the Sensitive Columns list, and click OK.
Click Add Datasource to complete the addition of sensitive columns.
Manage sensitive columns
Log in to NineData console.
On the left navigation bar, click Datasource > Sensitive Data.
Click the Sensitive Columns tab, and the sensitive columns in all data sources under the current NineData account will be listed here. User can do the following tasks:
View all sensitive columns under the current NineData account.
Modify the Datatype and Masking Algorithm of sensitive columns.
Modify the sensitivity level of a sensitive column: after the Sensitivity Level is changed to Normal , the column will be automatically removed from the Sensitive Columns list.
tipIf there are too many sensitive columns to find, user can quickly locate the target sensitive column by filtering the data source, database, data table, and column name at the top right of the page.
Create detection rules
Detection rules are used for the system to automatically scan sensitive columns in data sources. NineData provides 10 default Detection rules , which cannot be modified. User can also create customerized recognition rules by following the steps below.
Log in to NineData console.
On the left navigation bar, click Datasource > Sensitive Data.
Click the Detection Rules tab and click Create Rule in the upper right corner of the page.
Configure according to the table below and click Create Rule.
Parameter Description Name Enter the name of the rule. For the convenience of subsequent search and management, please try to use a meaningful name. Up to 16 characters are supported. Masking Algorithm Choose how to desensitize sensitive columns. For details on masking algorithms, see Masking Algorithms. Description (optional) Explain the detection rules to reduce communication costs. Up to 100 characters are supported. Detection Rules Enter the recognition rule. For the syntax structure of the rule, please refer to the Example on the right side of the page.
Appendix 1: Detection Rules
| Rule name | Corresponding masking algorithm | Comparison before and after masking |
|---|---|---|
| Chinese address (address) | cn_address | Before masking: 某省某市某街道某小区1幢1单元101室 After masking: 某省某市某街道某小区***** |
| Encryption KEY (secret_key) | mask-full | Before masking: a6eb56f80be8a120436d6f1c9b8d87ca After masking: ****** |
| Bank card (card_number) | credit_card | Before masking: 6222022207223257981 After masking: 6222********7981 |
| Email (email) | Before masking: 000000***@qq.com | |
| ID number (id_number) | id_number | Before masking: 300900199909090099 After masking: 300*************99 |
| IP address (ip_address) | ipv4 | Before masking: 192.168.12.91 After masking: 192.***.***.91 |
| Chinese license plate number (license_plate_number) | plate_number | Before masking: 天Z0AB92 After masking: 天Z***92 |
| MAC address (mac_address) | mask-full | Before masking: 00-1A-2B-3C-4D-56 After masking: ****** |
| password | mask-full | Before masking: abcde12345 After masking: ****** |
| phone number | phone | Before masking: 13800000000 After masking: 138****0000 |
Appendix 2: Masking algorithm and comparison before and after masking
| Algorithm name | Comparison before and after masking |
|---|---|
| mask-full | Before masking: Test content After masking: ****** |
| three-stars | Before masking: Test content After masking: *** |
| Before masking: 000000@qq.com After masking:***@qq.com | |
| phone | Before masking: 13800000000 After masking: 138****0000 |
| MD5 | Before masking: a6eb56f80be8a120436d6f1c9b8d87ca After masking: 0b450f4fe1a8d243c9a6d479a124f0ba |
| SHA1 | Before masking: 69c9a5c19c5c27e43cb0efc4c8644ed6d03a110b After masking: 79860cbad9b9eca05df8337a7ce45af926ca6392 |
| AES | Before masking: 0A6187FF44BEB44F651AAD3BB4003360 After masking: nOQIIwB8L/V/bpnT1bbuoKQ22YrN9ti9brcrC1bti9bkCkIvV1APJfdX5EE69ZW/ |
| cn_name | Before masking: 张三 After masking: *三 |
| cn_address | Before masking: 某省某市某街道某小区1幢1单元101室 After masking: 某省某市某街道某小区** |
| id_number | Before masking: 300900199909090099 After masking: 900*************99 |
| credit_card | Before masking: 6222022207223257981 After masking: 6222********7981 |
| ipv4 | Before masking: 192.168.12.91 After masking: 192.***.***.91 |
| plate_number | Before masking: 天Z00000 After masking: 天Z***00 |