Managing Sensitive Data Types
Sensitive data types are a key component of NineData's sensitive data protection solution, used to effectively identify, classify, and protect sensitive information in databases. The system provides predefined data types, each corresponding to specific sensitivity levels, masking algorithms, and rules for identifying sensitive fields. These data types help the system automatically identify sensitive fields in tables and manage their classification and levels.
Prerequisites
- You have created or joined an organization, and this organization has subscribed to either DevOps Pro or DevOps Enterprise. Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
- Your current account has switched to the target organization. For more information, please refer to Switching to an Organization.
Creating Sensitive Data Types
NineData provides 27 predefined sensitive data types, covering most columns that contain sensitive information. If these data types do not meet your business needs, you can create custom data types.
- Log in to the NineData Console.
- In the left navigation bar, click Datasource>Sensitive Data.
On the page, click the Data Type tab, and then click Create Data Type in the top right corner.
You can also click Duplicate in the Actions column next to the target data type to customize a new data type based on the existing one.
Define the following parameters for the data type, and click Create Data Type to create it.
Parameter Description Name Enter the name of the sensitive data type. Data Classification Select the category for the sensitive data type. The system provides five predefined categories, and you can also create custom categories. For more information, see Managing Data Classification. Sensitivity Level Select the sensitivity level of the current data type, ranging from S0 to S5, with increasing sensitivity. S0 represents non-sensitive, and S5 is the highest level. Different levels of sensitive fields may have different approval processes. For more information, see Managing Sensitivity Levels. Masking Algorithm Select how to mask the sensitive columns when associated with the current sensitive data type. The system provides 33 predefined algorithms, and you can also create custom masking algorithms. For more information, see Managing Masking Algorithms. Description (optional) Enter a description for the sensitive data type to reduce communication costs. Detection Rules The system provides two methods for identifying sensitive columns: Visual Configuration and Script Language Configuration. - Visual Configuration: Configures identification rules visually in the interface without the need to write scripts.
- Match Conditions: Select Effective when any one is hit or Effective only when all are hit based on your requirements.
- Identification Rules: Choose Feature Type, then select or input corresponding values under the Value/Expression column. For details on each feature type and value, refer to the Appendix.
- Add a Feature Row: Click Add Feature.
- Add a Rule: Click Add Recognition Rule.
- Delete a Feature Row: Click the Delete option in the Actions column to the right of the target feature.
- Delete a Rule: Click the
icon in the upper-right corner of the target rule box. At least one rule must remain.
- Script Language Configuration: Writes rules using Java conditional statements.
- Visual Configuration: Configures identification rules visually in the interface without the need to write scripts.
Enabling or Disabling Sensitive Data Types
All sensitive data types can be enabled or disabled individually. When scanning the data source and automatically adding sensitive columns, only enabled data types will take effect.
By default, all sensitive data types are enabled, but you can disable or re-enable them based on your business needs.
- Log in to the NineData Console.
- In the left navigation bar, click Datasource>Sensitive Data.
On the page, click the Data Type tab, find the sensitive data type you want to enable or disable, and toggle the switch in the Status column to enable or disable it.
tipTo enable or disable multiple sensitive data types in bulk, select the checkboxes to the left of the target sensitive types. Then, click Batch Modify Status at the top of the page. In the pop-up window, toggle the switch on or off as needed, and click OK to apply the changes.
Editing Sensitive Data Types
If the custom data type does not meet the requirements, you can edit its parameters.
Note
Only custom-created data types can be edited. Predefined system data types cannot be edited.
Steps
- Log in to the NineData Console.
- In the left navigation bar, click Datasource>Sensitive Data.
On the page, click the Data Type tab, and then click Edit in the Actions column next to the target data type.
Edit the data type as needed and click Save to save changes.
tipTo bulk edit the sensitivity levels of multiple sensitive data types, select the checkboxes to the left of the target sensitive types. Then, click Batch Modify Sensitive Level at the top of the page. In the pop-up window, choose the desired sensitivity level and click OK to apply the changes.
Deleting Sensitive Data Types
If a custom data type is no longer in use, you can delete it.
Note
- Only custom-created data types can be deleted. System-predefined data types cannot be deleted.
- Ensure that the data type is not associated with any table columns before deleting, or the deletion will fail.
Steps
- Log in to the NineData Console.
- In the left navigation bar, click Datasource>Sensitive Data.
On the page, click the Data Type tab, and click Delete in the Actions column next to the target data type.
In the pop-up window, click OK to confirm.
Managing Data Classification
NineData supports data classification to categorize all sensitive data types. The system provides five predefined categories, and you can create custom data classifications as needed, or delete custom ones.
Note
- System-predefined classifications cannot be deleted.
- Ensure that the classification is not associated with any data type or table columns before deleting.
Creating Data Classification
- Log in to the NineData Console.
- In the left navigation bar, click Datasource>Sensitive Data.
On the page, click the Data Type tab, and click Management Data Classification in the top right corner.
In the Data Classification page, click Add Data Class at the bottom of the page. In the pop-up window, enter the classification name and description (optional), and click OK to create.
Deleting Data Classification
- Log in to the NineData Console.
- In the left navigation bar, click Datasource>Sensitive Data.
On the page, click the Data Type tab, and then click Management Data Classification in the top right corner.
Click Delete in the Actions column next to the target classification, and click OK in the pop-up window to confirm.
Appendix: Feature Types and Values
NineData provides several identification rule features, including Field Length, Field Type, Columns, Comment, and Data Content.
| Feature Type | Values | Description |
|---|---|---|
| Field Length | Integer | Automatically identifies sensitive columns based on whether the field length exceeds a certain value. For example, if the value is 32, columns with lengths greater than 32 will be flagged. |
| Field Type | Data Types | Initially filters fields likely to store sensitive information based on their data types. Multiple values are separated by commas (e.g., char, varchar). |
| Columns | String | Automatically identifies sensitive columns using keywords in column names. Multiple keywords are separated by commas (e.g., mobile, phone). |
| Comment | String | Automatically identifies sensitive data fields based on keywords in column comments. Multiple keywords are separated by commas (e.g., mobile, phone). |
| Data Content | Selection Rule | Automatically identifies sensitive columns based on predefined rules, including:
|