DataWorks allows you to configure data masking rules to mask sensitive data to ensure security of data queries or storage. DataWorks supports a variety of data masking scenarios. You can also create and configure a custom data masking scenario based on your business requirements. This topic describes the data masking capabilities provided by DataWorks and how to perform data masking operations.
Limits
You can use data masking capabilities only in DataWorks Professional Edition or a more advanced edition. For information about the differences among DataWorks editions, see Differences among DataWorks editions.
Data masking capabilities take effect only if you turn on Mask Data in Page Query Results for your workspace on the Security Settings and Others tab in DataStudio. For more information, see Go to the Security Settings and Others tab.
NoteYou do not need to turn on Mask Data in Page Query Results for a workspace in scenarios that involve data masking at the MaxCompute compute engine layer. For more information about data masking scenarios, see Descriptions of data masking scenarios.
In Data Security Guard, you can use the sensitive data identification and data masking features to identify and mask sensitive data in only E-MapReduce (EMR), MaxCompute, Cloudera's Distribution including Apache Hadoop (CDH), and Hologres compute engines. For more information, see Features.
Data masking procedure
Create a data masking scenario.
DataWorks provides level-1 data masking scenarios, such as masking of displayed data in DataStudio and Data Map, static data masking in Data Integration, masking of displayed data in DataAnalysis, data masking at the MaxCompute compute engine layer, and data masking at the Hologres compute engine layer. If the specified effective data range and user range in the preceding data masking scenarios cannot meet your requirements for finer-grained data masking, you can create custom level-2 data masking scenarios based on level-1 data masking scenarios. For information about how to create a data masking scenario, see Create a data masking scenario.
Create a data masking rule.
You can create a data masking rule in a specific data masking scenario based on your business requirements. For more information, see Create a data masking rule.
Optional. Configure a whitelist for the data masking rule.
If you want the data masking rule to not take effect on specific users, you can add the users to a whitelist. For more information, see Configure a whitelist for a data masking rule.
Set the status of the data masking rule to Active.
By default, a data masking rule does not immediately take effect after it is created. You must set the status of the rule to Active. Then, sensitive data can be masked based on the rule in the related data masking scenario. For more information, see Configure the rule status.
Go to the Data Masking page
Go to the DataStudio page.
Log on to the DataWorks console. In the left-side navigation pane, choose . On the page that appears, select the desired workspace from the drop-down list and click Go to DataStudio.
Click the
icon in the upper-left corner, choose , and then click Try now to go to the Data Security Guard page. NoteIf your Alibaba Cloud account is granted the required permissions, you can directly access the homepage of Data Security Guard.
If your Alibaba Cloud account is not granted the required permissions, you are redirected to the authorization page of Data Security Guard. You can use the features of Data Security Guard only after your Alibaba Cloud account is granted the required permissions.
In the left-side navigation pane, choose . The Data Masking page appears.