Certain business data, such as mobile numbers and ID card numbers, is sensitive. The fields that store sensitive data must be masked before they are returned for regular queries. To mask and manage sensitive data based on different policies, Data Management (DMS) provides three sensitivity levels for data.
DMS supports the following three sensitivity levels based on the sensitivity of data:
Field sensitivity levels can be configured only for databases connected in DMS or by using DMS proxy endpoints and cannot be configured for databases connected by using other third-party tools.
Low: The Low sensitivity level is derived from the Internal level of DMS. Field values of this level are displayed in plaintext. For a database instance that is managed in Security Collaboration mode, the sensitivity level of the data stored in the database instance is Low by default.
Medium: The Medium sensitivity level is derived from the Sensitive level of DMS. Field values of this level are displayed in ciphertext.
High: The High sensitivity level is derived from the Confidential level of DMS. The sensitivity level is higher than the Medium level. Field values of this level are displayed in ciphertext.
After you set the sensitivity levels for data, take note of the following rules:
When you query data in the SQLConsole, the Medium and High sensitivity fields on which you have no permissions are displayed as strings of asterisks (*) or in a custom manner.
To query, export, or change Medium or High sensitivity fields, you must apply for the permissions on these fields.
A database administrator (DBA) or DMS administrator can configure special approval processes for exporting or changing data that contains Medium or High sensitivity fields.