Data Security Template
1. Overview
Guanyuan BI's data security features reduce the risk of data leakage and enhance data security and sensitive information protection through fine-grained permission control and data masking.
Currently, it includes two functions: "row and column permission control" and "data masking". These can be used together to provide comprehensive data security for enterprises and maximize security benefits.
A data security template is a template function for batch setting row/column permissions and data masking rules for datasets. By configuring a unified data security template, repetitive work can be reduced. Users can call the template with one click in related datasets or batch add multiple target datasets in the current template (i.e., when multiple datasets require unified masking, you can directly use a masking template without repeatedly configuring the same rules), ensuring the rapid effectiveness of data security strategies.
2. Instructions
On the "Data Preparation" page, click "Data Security Template" in the left sidebar to enter the management page.
2.1 Data Permission Template
On the data permission template page, users can view the template list and related information, including: template name, owner, user, and number of applied datasets. You can also "delete" or "add new permission template". The concepts of owner and user here are the same as in datasets.
Creating a Permission Template
Click the "Add Permission Template" button in the upper right corner of the management page to enter the new template editor. The new template editor is similar to the details page of an existing template, except that there is an additional "Confirm Create" button in the lower right corner for saving.
Renaming a Permission Template
Select any template and click the "..." button on the right to rename it.
Row and Column Permission Settings
Click any template to enter the details page. In the "Template Content" interface, click the "Add" button next to column/row permission to set permissions.
a. The specific content editing of row and column permissions is the same as the permission setting for a single dataset. The difference is that the fields involved in row and column permissions need to be entered manually, unlike a single dataset where a field list is provided.
b. To edit column permissions, directly enter the field name and click the "Add Field" button, as shown below.
c. Row permission editing only supports free mode. Click the "Edit Formula" button to enter the "Custom Permission Condition Editor" pane.
- Field names must be enclosed in English square brackets, e.g.: [Salesperson].
Modifying Permission Template After Saving
After saving, the data permission template has, in addition to the template content, entry points for adding/removing users and a list of applied datasets. The content of the data permission template can be modified at any time as needed, and changes will be synchronized in real time to all applied datasets.
Using Permission Templates
On the data permission settings page of a single dataset, click the "Use Template" button on the right to select the corresponding template. After confirming, custom editing is not allowed by default.
Note: The scope of row and column permissions affects all downstream resources of the dataset, including cards and ETL created from the dataset. Also, the template used must exist in the library, otherwise a warning about non-existent field names will appear.
If custom editing is enabled, the dataset is no longer associated with the template, and updates to the template will not be synchronized to the dataset.
2.2 Data Masking Template
The data masking template allows users to predefine masking logic for different types of sensitive data as needed. When multiple datasets need to be masked in a unified way, you can directly use a suitable masking template, greatly improving efficiency.
2.3 Detection Rules
Detection rules are part of the "data masking" function. When a dataset is marked as sensitive, you can quickly identify sensitive content using the "Intelligent Detection" button. This detection process relies on pre-configured "detection rules" to accurately define what is sensitive content and provide a reliable basis for subsequent masking.
For more about detection rules, see Data Masking.
