All Products
Search

This Product

    Data Management:Change sensitive columns

    Document Center

    Data Management:Change sensitive columns

    Last Updated:Nov 15, 2024

    This topic describes how to modify the approval template for tickets that are used to change the sensitivity levels of sensitive columns, and how to create a rule for these tickets.

    Precautions

    The default approval template takes effect if you do not set approval processes for tickets that are used to change the sensitivity levels of sensitive columns under the Approval Rule Validation checkpoint. In the Switch Approval Template dialog box, you can change the approval process of the default approval template. For more information about how to modify the default template, see Change the default approval template.

    Basic configuration items

    Checkpoints

    When you submit a ticket to change the sensitivity levels of sensitive columns, DMS checks whether the ticket conforms to rules that are specified under the checkpoints. Approval Rule Validation: When you submit a sensitive column change ticket to change the sensitivity levels of sensitive columns, DMS checks whether the ticket conforms to rules that are specified under the Approval Rule Validation checkpoint. You can use the default rules that are provided in the templates of security rules, or create a custom rule. For more information about how to create rules, see Create a rule.

    Factors and actions

    • Factors

      A factor is a predefined variable in DMS. You can use factors to obtain the context to be validated by security rules. The context includes SQL statement categories and the number of rows to be affected. A factor name consists of the prefix @fac. and the display name of the factor. Each module of the Security Rules tab provides different factors for different checkpoints. The following table describes the factors that are provided for the checkpoints in the Sensitive Column Change module.

      Factor

      Description

      @fac.column_level_change_type

      The type of sensitivity level change that the applicant wants to perform on a sensitive column. Valid values:

      • upper: Change the sensitivity level to a higher level, including the following 3 cases:

        • Change the sensitivity level from internal to sensitive.

        • Change the sensitivity level from internal to confidential.

        • Change the sensitivity level from sensitive to confidential.

      • sensitive_to_inner: Change the sensitivity level from sensitive to internal.

      • confidential_to_sensitive: Change the sensitivity level from confidential to sensitive.

      • confidential_to_inner: Change the sensitivity level from confidential to internal.

    • Actions

      An action in a security rule is an operation that DMS performs when the IF condition in the rule is met. For example, DMS can forbid the submission of a ticket, select an approval process, approve a ticket, or reject a ticket. An action in a security rule shows the purpose of the security rule. An action name consists of the prefix @act. and the display name of the action. Each module of the Security Rules tab provides different actions for different checkpoints. The following table describes the actions that are provided for the checkpoints in the Sensitive Column Change module.

      Action

      Description

      @act.forbid_submit_order

      Forbids a ticket from being submitted. The statement is in the following format: @act.forbid_submit_order 'Reasons for forbidding the ticket from being submitted'.

      @act.do_not_approve

      Specifies the ID of an approval template. For more information, see Configure approval processes.

    Templates of security rules

    DMS provides you with a large number of predefined security rule templates. You can enable the templates or modify the templates based on your business requirements. In the Sensitive Column Change module, the following rule templates are provided under the Approval Rule Validation checkpoint:

    • Specify that no approval is required to change the sensitivity level of a sensitive column to a higher level.

    • Set an approval process for changing the sensitivity level of a sensitive column from sensitive to internal.

    • Set an approval process for changing the sensitivity level of a sensitive column from confidential to sensitive.

    • Set an approval process for changing the sensitivity level of a sensitive column from confidential to internal.

    Change the default approval template

    1. Log on to the DMS console V5.0.

    2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All functions > Security and Specifications > Security Rules.

      Note

      If you use the DMS console in normal mode, choose Security and Specifications > Security Rules in the top navigation bar.

    3. Find the rule set that you want to edit and click Edit in the Actions column.

    4. In the left-side navigation pane of the Details page, choose Security and Specifications > Sensitive Column Change.

    5. Select Basic Configuration Item for Checkpoints.

    6. Find the Sensitive column default approval Template configuration item and click Edit in the Actions column.

    7. In the Change Configuration Item dialog box, click Switch Approval Template.

    8. Find the Template Name of the template that you want to use and click Select in the Actions column.

      Note

      You can also click Reset to Free of Approval to skip the approval processes.

    9. Click Submit.

    Create a rule

    1. Log on to the DMS console V5.0.

    2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All functions > Security and Specifications > Security Rules.

      Note

      If you use the DMS console in normal mode, choose Security and Specifications > Security Rules in the top navigation bar.

    3. Find the rule set for which you want to create a rule and click Edit in the Actions column.

    4. In the left-side navigation pane of the Details page, choose Security and Specifications > Sensitive Column Change.

    5. Select Basic Configuration Item for checkpoints.

    6. Click Create Rule and specify the parameters as required. The following table describes the parameters.

      Parameter

      Required

      Description

      Checkpoints

      Yes

      The checkpoint for which you want to create the security rule. The Approval Rule Validation checkpoint is provided in the Sensitive Column Change module.

      Template Database

      No

      The template that you want to use to create the security rule. DMS provides a large number of security rule templates. After you specify the Checkpoints parameter, you can click Load from Template Database and select a template as required. For more information about the available templates, see Basic configuration items.

      Rule Name

      Yes

      The name of the custom security rule.

      Note

      If you load a security rule from the Template Database, the rule name is automatically entered.

      Rule DSL

      Yes

      The DSL statement that you want to use to configure the security rule. For more information, see DSL syntax for security rules.

      Note

      If you load a security rule from the Template Database, the DSL statement is automatically entered.

    7. Click Submit.

      Note

      The new rule is Disabled by default. On the current page, select the corresponding checkpoint, find the new rule, click Enable in the Actions column, and click OK. Then, the new rule is enabled.