Adds or modifies a data masking rule.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| dataworks:DsgDesensPlanAddOrUpdate | list | *All Resources * |
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| DesensRules | array<object> | Yes | A collection of data masking rules that you want to add or modify. | |
| object | Yes | |||
| Id | integer | No | The ID of the data masking rule. You can call the DsgDesensPlanQueryList operation to query the ID of the data masking rule. | 123 |
| DataType | string | Yes | The sensitive field type. | phone |
| RuleName | string | Yes | The name of the data masking rule. | phone_hash |
| Status | integer | No | The status of the data masking rule. Valid values:
| 1 |
| SceneIds | array | Yes | The level-2 data masking scenario. | |
| integer | No | The ID of the level-2 data masking scenario. Make sure that the data masking rule in which the sensitive field type determined by the DataType parameter is specified is not configured for the level-2 data masking scenario that you use. You can call the DsgSceneQuerySceneListByName to query the ID of the data masking scenario. | 123 | |
| Owner | string | Yes | The owner of the data masking rule. | test_user |
| CheckWatermark | boolean | No | Specifies whether to add a watermark. Valid values:
| true |
| DesensPlan | object | Yes | The data masking rule. | |
| DesensPlanType | string | Yes | The masking method configured in the data masking rule. Valid values:
| hash |
| ExtParam | object | No | The parameters for the data masking rule. | |
| any | No | The parameter configurations of the data masking rule. You can add different parameters based on the data masking rule that you want to configure. For more information, see the following example. | { "algo": "MD5", "salt":6 } |
The ExtParam parameter is a dynamic parameter. The value of the ExtParam parameter varies based on the data masking rule. The following example shows how to configure the parameters:
Hash:
{
"algo": "MD5",
"salt": 6
}
Pseudonym:
{
"charset": "Aa",
"salt": 6
}
Mask:
{
"before": 3,
"after": 4
}
Custom mask:
{
"separatorList": [
{
"desens": true,
"left": 3
},
{
"desens": false,
"left": 6
},
{
"desens": true,
"left": -99
}
]
}
Sample value character replacement:
{
"library": "test_library",
"position": 3
}
Fixed value character replacement:
{
"replace": "repData",
"position": 3
}
Random character replacement:
{
"replace": "repData"
}
Custom character replacement:
{
"separatorList": [
{
"desensParam": {
"replace": "repData"
},
"left": 3
},
{
"desensParam": {
"library": "test_library"
},
"left": 6
},
{
"desensParam": {
},
"left": 99
}
]
}
Range change:
{
"intervalselects": [
{
"desens": "1",
"interval": [
"1",
"100"
]
}
]
}
Rounding:
{
"point":3
}
Left empty:
{}
You can call the DsgQueryDefaultTemplates operation to query the supported data masking methods and related rules.
Response parameters
Examples
Sample success responses
JSONformat
{
"Success": true,
"ErrorCode": "1029030003",
"ErrorMessage": "param error",
"HttpStatusCode": 400,
"Data": true,
"RequestId": "102400001"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | PARAMS.ERROR | param error. | - |
| 400 | DESENSPLAN.DATATYPE.ERROR | Sensitive type already has a desensitization rule. | Desensitization rules have been configured for sensitive types. |
| 400 | DESENSPLAN.DATATYPENOTEXIST.ERROR | Sensitive type not exist. | The sensitive type does not exist. |
| 400 | DESENSPLAN.ID.ERROR | Desensitization rule ID does not exist. | The desensitization rule ID does not exist. |
| 400 | DESENSPLAN.PAGESIZE.ERROR | Page size is too large, maximum of 100. | Page size limit, up to 100 |
| 400 | DESENSPLAN.PARAM.ERROR | Desensitization rule parameter error. | The desensitization rule parameter is incorrect. |
| 400 | DESENSPLAN.SCENECODE.ERROR | Scene code does not exist. | Scene code does not exist |
| 400 | DESENSPLAN.SCENEID.ERROR | Scene ID does not exist. | Scene ID does not exist. |
| 400 | DESENSPLAN.SCENEIDLEVEL.ERROR | The scene is not a secondary scene. | The scene is not a secondary scene. |
| 400 | DESENSPLAN.SIZE.ERROR | The number of desens plan exceeds the limit. | The number of desensitization rules exceeded the limit. |
| 403 | PERMISSION.DENIED.ERROR | Permission denied | Insufficient permissions. |
| 500 | UNKNOWN.ERROR | unknown error. | Unknown error. |
For a list of error codes, visit the Service error codes.