Skip to main content

Data Security Templates

Overview

The data security features in Guandata BI reduce the risk of data leakage and protect sensitive information through fine-grained permission control and data masking.

At present, the platform provides two core capabilities: Row and Column Permissions and Data Masking. Together, they provide comprehensive data security protection for enterprises, and they can also be combined for maximum security benefit.

Permission Template are used to batch-configure row and column permissions and data masking rules for datasets. By defining unified Data Security Templates, users can reduce repetitive work, call a template with one click from related datasets, or add multiple target datasets directly within the template. For example, when multiple datasets require the same masking policy, you can apply a single masking template instead of configuring the same rules repeatedly. This helps security strategies take effect quickly and consistently.

Data Permission Templates

On the Data Preparation > Data security template > Permission Template page, users can view the template list and related information, including template name, owner, users, and number of applied datasets. The page also supports Delete and New Permission Template actions. The concepts of owner and user are the same as for datasets.

Create a Permission Template

Click the New button in the upper-right corner of the Data Permission Templates management page to enter the new template editor. The new template editor is basically the same as the configuration page for an existing template, except that it includes a Confirm Creation button in the lower-right corner for saving.

Rename a Permission Template

Select any template and click the ... button on the right to rename it.

Configure Row and Column Permissions

Click any template to enter its details page. In the Template Content section, click the New button next to column permissions or row permissions to configure them.

The configuration logic is the same as the permission settings for an individual dataset. The difference is that the fields involved in row and column permissions must be entered manually instead of being selected from a dataset field list.

  • To edit column permissions, enter the field name directly and click Add Field, as shown below.

  • Row permission editing supports both Condition Mode and Free Mode.

    • In Condition Mode, click Condition to open the Add Condition dialog.


      Enter the field name and type. For detailed row permission configuration, see Row and Column Permissions.

    • In Free Mode, click Edit Formula to open the Custom Permission Condition Editor panel.

      Field names must be enclosed in square brackets, for example: [Salesperson].

Edit a Permission Template After Saving

After a data permission template is saved, it also includes entry points for adding or removing users and viewing the applied dataset list. The content of the template can still be modified at any time, and changes are synchronized to all applied datasets in real time.

Apply a Permission Template

On the data permission settings page of an individual dataset, click the Apply Template button on the right to choose a corresponding template. After the template is applied, custom editing is disabled by default.

Note that row and column permissions affect all downstream resources of the dataset, including Cards, ETL flows, and other assets created from it. Also, the applied template must already exist in the template library, otherwise the system reports missing field names.

Once customize enabled, the permission rules would not be synchronized with permission template.

Data Masking Templates

Data Masking Templates allow users to predefine masking logic for different types of sensitive data. When multiple datasets require the same masking treatment, users can apply an appropriate masking template directly instead of configuring identical rules repeatedly. This greatly improves efficiency. For configuration details, see Data Masking.

Detection Rules

Detection rules are part of the Data Masking feature. When a user marks a dataset as a sensitive dataset, the Smart Detection button can be used to quickly identify sensitive content. This detection process depends on preconfigured detection rules to determine what qualifies as sensitive content and to provide a reliable basis for subsequent masking.

For more information about detection rules, see Detection Rules