All Products
Search

This Product

    DataWorks:Risk identification rule management (old version)

    Document Center

    DataWorks:Risk identification rule management (old version)

    Last Updated:Aug 16, 2023

    The risk identification rule management feature allows you to configure risk identification rules to identify risks in daily data access activities. You can also enable AI-based risk identification rules to implement automatic identification of data risks.

    The Data Risks page displays the identified data risks and allows users to tag the data risks as secure or risky. In the View Details dialog box that is displayed after you click View Details in the Actions column of a data access record on the Data Activities page, you can view the risk identification rules that correspond to the identified data risks.

    1. Log on to the DataWorks console. In the left-side navigation pane, choose Data Modeling and Development > DataStudio. On the page that appears, select the desired workspace from the drop-down list and click Go to DataStudio.

    2. Click the Icon icon in the upper-left corner and choose All Products > Data governance > Data Security Guard.

    3. Click Try now. The Data Security Guard homepage appears.

    4. In the left-side navigation pane, choose Rule Change > Custom Identification Rules. On the Custom Identification Rules page, you can create, copy, modify, and delete risk identification rules. You can also configure AI-based risk identification rules. Risk identification rule management

    Rule Settings tab

    • Create a rule

      Click Create Rule in the upper-right corner. In the Create Rule dialog box, configure the Rule Name, Owner, and Description parameters and click OK.

    • Copy a rule

      Find the rule that you want to copy and click the Copy icon in the Actions column. A new rule with the same settings is created. Copy

      By default, the status of the new rule is Inactive. You can change the status of the rule based on your business requirements.

    • Modify configurations of a rule

      To modify an existing rule, perform the following steps:

      1. Set the status of the rule to Inactive.

      2. Click the Edit icon in the Actions column of the rule.

      3. In the Change panel on the right, modify the parameters in the Basic Settings and Rule Settings sections. Modify configurations of a rule

      4. Click Save.

      5. After you confirm the settings, set the status of the rule to Active.

    • Delete a rule

      To delete a rule, find the rule and click the Delete icon in the Actions column. In the message that appears, click Delete.

    AI-based Identification Rules tab

    On the Custom Identification Rules page, click AI-based Identification Rules. On the AI-based Identification Rules tab, you can view only an AI-based risk identification rule that is used to identify highly similar SQL statements. AI-based Identification Rules tab

    To enable the AI-based risk identification rule, set the status of the rule to Active.

    Note

    • After the rule is activated, the SQL statements that meet the rule are displayed on the Data Risks page on the next day.

    • You can disable the rule by changing its status to Inactive. After you disable the rule, the data risks that have been identified based on the rule are not removed.

    Comparison of the entries to configure parameters for a risk identification rule in the old and new risk identification rule management features

    The following table describes the entries for you to configure parameters for a risk identification rule in the old and new risk identification rule management features.

    Note

    For more information about the configurations of a risk identification rule in the new risk identification rule management feature. For more information about the configurations of a risk identification rule in the old risk identification rule management feature, see Rule Settings tab.

    No.

    Configuration item

    Position in the old version

    Position in the new version

    1

    Rule name

    Basic Settings > Rule Name

    Basic information > Rule name

    2

    Rule owner

    Basic Settings > Owner

    By default, the owner of the rule is the current Alibaba Cloud account.

    This configuration item does not exist. DataWorks records the owner of the rule.

    3

    Rule description

    Basic Settings > Description

    Basic information > Description information

    4

    Compute engine instance for which the rule takes effect

    Rule Settings > Engine

    To specify a compute engine instance in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location from the drop-down list.

    5

    Project for which the rule takes effect

    Rule Settings > Project

    To specify a project in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location from the drop-down list.

    6

    Data category for the data risk that you want to identify

    Rule Settings > Classification

    In the Conditions section of the rule definition step, click Select condition and select Data property. Select Data classification as a property category.

    7

    Sensitivity level of the data risk that you want to identify

    Rule Settings > Level

    In the Conditions section of the rule definition step, click Select condition and select Data property. Select Data grading as a property category.

    8

    Sensitive field type for the data risk that you want to identify

    Rule Settings > Sensitive field type

    In the Conditions section of the rule definition step, click Select condition and select Data property. Select Sensitive field type as a property category.

    9

    Type of the operation that is performed on data

    Rule Settings > Export Type

    Valid values:

    • All Export

    • Download Via Tunnel

    • Table Activity

    Basic information > Rule Type

    Valid values:

    • Data Access Risk

    • Data Export Risk

    • Data Operation Risk

    • Others

    10

    Table for which the rule takes effect

    Rule Settings > Table Name

    To specify a table in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location.

    11

    Field for which the rule takes effect

    Rule Settings > Field

    To specify a field in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location.

    12

    Users for which a risk identification rule is triggered when the users access data that is specified in the rule

    Rule Settings > Visitors

    To specify an information category in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select User information.

    13

    Maximum number of data records that are specified in a risk identification rule

    Rule Settings > Operated Data Volume

    In the Conditions section of the rule definition step, click Select condition and select a condition. In the Threshold comparison section for the selected condition, select Data volume in a threshold comparison condition.

    14

    Time range that is specified in a risk identification rule

    Rule Settings > Date

    To specify a time range, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Operation time.

    15

    Alert notification method for a risk identification rule

    Not supported

    In the Alert Notification Method section of the Alert Settings step, select an alert notification method.