CN117745049A - Design method of data set desensitization processing template - Google Patents
Design method of data set desensitization processing template Download PDFInfo
- Publication number
- CN117745049A CN117745049A CN202311780777.XA CN202311780777A CN117745049A CN 117745049 A CN117745049 A CN 117745049A CN 202311780777 A CN202311780777 A CN 202311780777A CN 117745049 A CN117745049 A CN 117745049A
- Authority
- CN
- China
- Prior art keywords
- desensitization
- data set
- template
- rule
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 243
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012545 processing Methods 0.000 title claims abstract description 25
- 238000013461 design Methods 0.000 title claims abstract description 16
- 238000001514 detection method Methods 0.000 claims abstract description 79
- 230000015654 memory Effects 0.000 claims description 11
- 230000000873 masking effect Effects 0.000 claims description 8
- 239000000523 sample Substances 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application relates to a design method of a data set desensitization processing template, which is characterized in that when a user previews and views a data set by using a card and views the corresponding data set in a data set detail page, a system carries out desensitization reminding. The data set is subjected to desensitization identification and marking by adopting a desensitization rule template, the data set is mainly subjected to configuration designs such as state marking, detection of the data set, desensitization rule, desensitization authority and the like, and the data machine is subjected to desensitization processing by generating a corresponding data set desensitization rule template, template calling and carrying out desensitization processing, so that a high-efficiency desensitization execution task is realized. And performing template calling on massive data sets by using a desensitization rule template generated by design, and performing desensitization tasks by using the template, so as to efficiently finish online previewing and viewing of various data sets. The desensitization rule template is provided with a desensitization rule, a desensitization authority and a detection rule, so that desensitization work can be executed through the template, and the working pressure of manual desensitization is relieved.
Description
Technical Field
The disclosure relates to the technical field of data set processing, in particular to a design method of a data set desensitization processing template, a desensitization rule template and electronic equipment.
Background
In the development process of the data set, the data set needs to be previewed and checked in detail, and a user previews and checks the data set according to the card of the platform and can check the basic attribute of the current data set through the detail page of the data set.
However, aiming at the data set generated in the process of developing the data, when a user checks the developed data set and checks the developed data through a system card, the developed data needs to be subjected to confidentiality and desensitization processing, and whether the data exists in the data set displayed to the user is judged to prevent the data from being peeped by the user without corresponding permission.
In the prior art, aiming at data desensitization, a data set is often detected by using a manual desensitization rule to judge whether the data set of the desensitization condition is triggered or not. The method is low in suitability and efficiency and can only perform small-scale data set detection because the stored desensitization rule needs to be frequently called from the database, so that the method faces to the desensitization detection of massive data sets. In addition, the administrator is also required to configure the desensitization rule before the desensitization detection, and thus it is time-consuming.
Disclosure of Invention
In order to solve the problems, the application provides a design method of a data set desensitization processing template, a desensitization rule template and electronic equipment.
In one aspect of the present application, a method for designing a data set desensitization processing template is provided, including the following steps:
marking the state of the data set;
configuring a detection rule table and a data set field information table:
the detection rule table is used for detecting fields in the data set through configured detection rules and marking whether each field is a sensitive field or not;
the data set field information table is used for collecting data set fields, wherein the following fields are added in the data set field information table:
is_sensitive, the field is sensitive, is used for marking whether the field is sensitive;
is_detection_active, field detection is sensitive, and is used for detecting whether the field detection is sensitive;
configuring a desensitization authority table and a desensitization rule table, wherein the desensitization authority table is used for setting different data set desensitization authorities for different users, and the desensitization rule table is used for configuring desensitization rules in the data set;
constructing a data set basic information table and associating the data set basic information table with the desensitization authority table; and simultaneously, correlating the desensitization rule table with the data set field information table to obtain a desensitization rule template.
As an optional embodiment of the present application, optionally, marking the data set status includes the following marking means:
manual marking switch: marking the dataset as non-sensitive and sensitive as non-desensitized;
after manual marking as sensitive:
if the current dataset has been configured with desensitization rules, it is marked as: desensitized;
if the current dataset is not configured with desensitization rules, marking it as: is not desensitized.
As an optional embodiment of the present application, optionally, the method for using the detection rule table includes the following steps:
and (4) starting detection:
acquiring a detection rule of the data set, matching each field of the data set, and judging whether the field is sensitive or not:
if yes, modifying the sensitive attribute of the field as is_sensitive, and finishing detection;
and otherwise, finishing detection.
As an optional embodiment of the present application, optionally, the method for using the desensitization authority table includes the following steps:
and (5) starting configuration of desensitization authority:
clicking and editing on a template page or a data set detail page, and selecting a user and selecting permission;
after the selection is finished, the data source ID is stored:
a dataset ID or template ID;
and (5) finishing configuration.
As an optional embodiment of the present application, optionally, the method for configuring the desensitization rule table includes the following steps:
configuration in a template:
the desensitization rule comprises each desensitization rule id and file dom-id, and the desensitization rule type is as follows: masking/hashing, and corresponding desensitization rule details json;
matching rules: the field names are completely matched;
sourceId: a data source id, including a field id or a template id;
dsId: for determining whether the dataset has been desensitized;
the matching rules and template ids are saved.
As an optional embodiment of the present application, optionally, the method for using the desensitization rule table includes the following steps:
configuring a desensitization rule in the data set, and selecting the desensitization rule: masking or hashing;
saving a field id of the selected desensitization rule;
the configuration is completed.
In another aspect of the application, a desensitization rule template is provided, and the design method of the data set desensitization processing template is adopted for generation; the desensitization rule template is used when a card preview of the dataset and a dataset detail page view.
In another aspect of the present application, an electronic device is further provided, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of designing a data set desensitization processing template when executing the executable instructions.
The invention has the technical effects that:
the application provides a desensitization reminder by the system when a user previews and views the data set with the card and views the corresponding data set in the data set detail page. The data set is subjected to desensitization identification and marking by adopting a desensitization rule template, the data set is mainly subjected to configuration designs such as state marking, detection of the data set, desensitization rule, desensitization authority and the like, and the data machine is subjected to desensitization processing by generating a corresponding data set desensitization rule template, template calling and carrying out desensitization processing, so that a high-efficiency desensitization execution task is realized. And performing template calling on massive data sets by using a desensitization rule template generated by design, and performing desensitization tasks by using the template, so as to efficiently finish online previewing and viewing of various data sets. The desensitization rule template is provided with a desensitization rule, a desensitization authority and a detection rule, so that desensitization work can be executed through the template, and the working pressure of manual desensitization is relieved.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features and aspects of the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a schematic diagram of the configuration of the detection rules of the present invention;
FIG. 2 is a table content of the probe rule;
FIG. 3 is a table content of a dataset field information table;
FIG. 4 is a table content of desensitization rights;
FIG. 5 is a schematic diagram of a configuration of desensitization authorities;
FIG. 6 is a schematic diagram of a configuration of a desensitization rule;
FIG. 7 is a table content of desensitization rules;
FIG. 8 is a table structure schematic of a desensitization rule template;
fig. 9 is a schematic of the application of a desensitization rule template.
Detailed Description
Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
In addition, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, well known means, elements, and circuits have not been described in detail so as not to obscure the present disclosure.
Example 1
In one aspect of the present application, a method for designing a data set desensitization processing template is provided, including the following steps:
s1, marking the state of a data set;
s2, configuring a detection rule table and a data set field information table:
the detection rule table is used for detecting fields in the data set through configured detection rules and marking whether each field is a sensitive field or not;
the data set field information table is used for collecting data set fields, wherein the following fields are added in the data set field information table:
is_sensitive, the field is sensitive, is used for marking whether the field is sensitive;
is_detection_active, field detection is sensitive, and is used for detecting whether the field detection is sensitive;
s3, configuring a desensitization authority table and a desensitization rule table, wherein the desensitization authority table is used for setting different data set desensitization authorities for different users, and the desensitization rule table is used for configuring desensitization rules in the data set;
s4, constructing a data set basic information table, and associating the data set basic information table with the desensitization authority table; and simultaneously, correlating the desensitization rule table with the data set field information table to obtain a desensitization rule template.
The desensitization rule template constructed by the scheme can be arranged in a data set database or a data set card system, and when a user triggers a card preview or a data set detail page, the desensitization rule template is automatically called to carry out desensitization treatment.
Data desensitization is divided into: static desensitization and dynamic desensitization.
Static desensitization: desensitizing the data using default rules, the original data having been changed;
dynamic desensitization: under the condition that the original data is unchanged, different rules are applied for desensitization for different people.
This dynamic desensitization is based on the dataset, that is to say the dataset holds the original data.
For a particular type and storage of a dataset, the circulation and storage of the dataset is responsible for by a dataset platform, such as a BI platform.
The scheme is characterized in that when a user previews and views the data set by using a card and views the corresponding data set in a data set detail page, the system carries out desensitization reminding at the desensitization moment of the data set.
When the card editor performs desensitization, the corresponding desensitization task is triggered after entering the editing page, and the system prompts whether sensitive information exists or not and prompts the user to perform desensitization.
According to the scheme, aiming at data set desensitization, a designed desensitization rule template is adopted to carry out desensitization identification and marking on the data set, the data set mainly comprises state marks of the data set, detection of the data set, configuration designs of a desensitization rule, a desensitization authority and the like, template calling is carried out by generating a corresponding data set desensitization rule template, and desensitization processing is carried out on a data machine, so that efficient desensitization execution tasks are realized.
And performing template calling on massive data sets by using a desensitization rule template generated by design, and performing desensitization tasks by using the template, so as to efficiently finish online previewing and viewing of various data sets. The desensitization rule template is provided with a desensitization rule, a desensitization authority and a detection rule, so that desensitization work can be executed through the template, and the working pressure of manual desensitization is relieved.
The design generation step of the desensitization rule template according to the present embodiment will be further described with reference to the accompanying drawings.
As an optional embodiment of the present application, optionally, marking the data set status includes the following marking means:
manual marking switch: marking the dataset as non-sensitive and sensitive as non-desensitized;
after manual marking as sensitive:
if the current dataset has been configured with desensitization rules, it is marked as: desensitized;
if the current dataset is not configured with desensitization rules, marking it as: is not desensitized.
The template is provided with a manual marking switch which is used for a user to use the template. The manual marking is performed, and the sensitive state marking of the data and the state can be performed by a card user. And selecting a corresponding marking switch, and manually marking the state of the modem.
Manual sign switch, type includes:
is not sensitive;
desensitization is not performed.
Start mode:
and (3) manual starting: the user can automatically turn on or off the related switch in the operation page.
Forced starting: the user can automatically detect and mark the button according to the result when opening the new data set, and can forcedly detect the new data set and the modified model structure after opening the button when opening the data security plate of the 'administrator setting-system management-advanced setting' page, and mark the sensitive type of the data set according to the detection result.
After the new data set is started, a system administrator is prompted to start executing intelligent detection on all the new data sets, and sensitive marking is carried out according to detection results.
After the manual marking of the data set by the calling template, the data set state is judged as follows:
if the configuration is found by the desensitization rule, the data set is determined to be desensitized;
otherwise, if the desensitization rule is not configured, the desensitization is not determined.
The method is specifically combined with the application method of the subsequent desensitization rule template for understanding.
Desensitization recognition requires recognition and detection of key fields in the dataset, and therefore requires setting of detection rules for the fields.
The probe simply marks whether each field is a sensitive field.
Therefore, a detection rule table is set, and each detection rule is configured in the detection rule table.
As shown in fig. 1, each item of the probe rule id, the dom-id, the exploration rule id, the probe type (field name/content), the comparison operator, the probe key (name/regular) and the like need to be set in the probe rule table.
By configuring the address id, the detection task of the specific field of the data set at this time can be quickly executed by calling the corresponding detection rule, the corresponding characteristic field of the data set can be quickly found, and the like.
As an optional embodiment of the present application, optionally, the method for using the detection rule table includes the following steps:
and (4) starting detection:
acquiring a detection rule of the data set, matching each field of the data set, and judging whether the field is sensitive or not:
if yes, modifying the sensitive attribute of the field as is_sensitive, and finishing detection;
and otherwise, finishing detection.
When the detection is executed, referring to fig. 2, the application of the detection rule table specifically performs detection according to the detection rule set for the current service data set in the detection rule table.
The detection rules according to which intelligent detection is performed are configured on the data security template-data detection rule page, wherein the detection rules comprise field name detection, content detection and mixed detection, and the detection rules can be "congruent" and "contain" and "regular".
Intelligent detection setting: when a data set is newly built, the detail page of the data set, namely the data security, and the model structure page can be used for carrying out manual detection, and if the forced detection is started, the forced detection is executed.
As shown in fig. 3, the detected data set field needs to be subjected to positioning acquisition and storage, and the data set field is collected through a data set field information table, wherein the following fields are added in the data set field information table:
is_sensitive, the field is sensitive, is used for marking whether the field is sensitive;
is_detection_active, field detection is sensitive, for detecting whether or not it is sensitive.
In addition to the fields configured as described above, there are also an id, a dom-id, a ds-id (data source address for identifying the source of the data set characteristics field) and a field name (name for identifying a specific field).
The dataset fields will be collected later using the dataset field information table in the template.
For those users who need to be desensitized, the configuration of desensitization authority is also needed, and thus a desensitization authority table is set.
As shown in fig. 4, the desensitization authority table contains set desensitization rules, and the content of the set desensitization rules also comprises: id. dom-id (deposit address), rights id, rights type (valid/not valid), validation scope (full/export only), user or group of users, sourceId (address of data source).
As an optional embodiment of the present application, optionally, the method for using the desensitization authority table includes the following steps:
and (5) starting configuration of desensitization authority:
clicking and editing on a template page or a data set detail page, and selecting a user and selecting permission;
after the selection is finished, the data source ID is stored:
a dataset ID or template ID;
and (5) finishing configuration.
As shown in fig. 5, when the desensitization authority configuration is performed, the authority configuration is performed for the current user.
There is a default user group: all other default rules are effective+export desensitization data, which can not be deleted and edited;
user and user group permission priority questions:
when the user is configured to view without desensitization, the user group to which the user belongs is configured to view desensitization, and desensitization is prioritized.
And setting corresponding rights for the user through desensitization rights configuration, triggering the user of the rights rule, and identifying the desensitization rights, and directly calling the configured rights rule to identify the user rights.
By setting the desensitization authority, the authority can be divided for the application and the processing of the data sets of different users, so that the authority division application of the data sets of different grades is realized.
As an optional embodiment of the present application, optionally, the method for configuring the desensitization rule table includes the following steps:
configuration in a template:
the desensitization rule comprises each desensitization rule id and file dom-id, and the desensitization rule type is as follows: masking/hashing, and corresponding desensitization rule details json;
matching rules: the field names are completely matched;
sourceId: a data source id, including a field id or a template id;
dsId: for determining whether the dataset has been desensitized;
the matching rules and template ids are saved.
When a desensitization rule is configured for a user in a template, selecting and setting a corresponding rule for the user according to configuration information in a desensitization rule table, such as selecting the corresponding desensitization rule and a matching rule (the field name is required to be completely matched to identify triggering a desensitization alarm), selecting a detection mode of the desensitization rule on the field, covering or carrying out hash detection, and storing the matching rule and the template id after the configuration is finished.
The method specifically comprises the steps of configuring a desensitization rule configured by a user by an administrator according to the attribute and the like of a data set to be processed by the current user, or setting and configuring desensitization authority and the desensitization rule in advance according to the request of the current user.
As an optional embodiment of the present application, optionally, the method for using the desensitization rule table includes the following steps:
configuring a desensitization rule in the data set, and selecting the desensitization rule: masking or hashing;
saving a field id of the selected desensitization rule;
the configuration is completed.
As shown in fig. 6, when the current user performs desensitization configuration, firstly, a desensitization rule is configured in a data set to be applied, and a corresponding desensitization rule type is selected: masking or hashing. And saving the field id of the configured desensitization rule, and finishing configuration.
As shown in fig. 7, the desensitization rule is newly added, and the desensitization rule includes the following rule contents: id, dom-id, desensitization rule type: masking or hashing, desensitization rule details json (a data format), match field rule details json, sourceId (data source: field id or template id), ds-id (used primarily to determine if a data set has been desensitized).
As shown in fig. 8, the manual marking switch, the detection rule, the desensitization authority and the desensitization rule are configured in the template, and the basic information table of the data set is combined, so that the desensitization rule template is formed. The association relation may be associated by an administrator or the like.
The data set basic information table (the main content comprises id, dom-i, ds-id and data set name) is used for marking the basic information of the data set, and the basic information of the data set can be acquired and written when the system receives the data set of the current task.
And associating the desensitization rule table with the data set field information table by associating the data set basic information table with the desensitization authority table, so as to construct and obtain a desensitization rule template.
And for the data set to be processed by the current user, acquiring basic information of the current data set by a data set basic information table. The current data set can be marked in advance by using a manual marking switch, the corresponding data set desensitizing mark ds-id is marked, and whether the data set is desensitized or not is marked by using the ds-id.
And the desensitization rule executes the desensitization recognition and judgment task of the data set by the configured desensitization authority, detects sensitive fields in the data set by using detection rules in the template, and performs matching detection on the detected fields by using the desensitization rule so as to judge which specific fields triggering the desensitization rule exist in the current data set and output the specific fields. Therefore, the desensitization rule template generated by the scheme can be used for rapidly carrying out desensitization recognition on mass data in the data set. Meanwhile, the method can carry out desensitization authority management on workers, realize more powerful desensitization detection work and carry out corresponding desensitization treatment on data sets with different sensitivity levels.
For the association between the detection rule and the desensitization rule, the data desensitization label is used as a bridge for connecting the detection rule and the desensitization rule by setting the data desensitization label.
When a data set is newly built, the detail page of the data set, namely the data security and the model structure page, can be configured with sensitive identification of the data set, desensitization rules of data set fields and desensitization associated users.
And configuring a desensitization rule template and an associated user on the data security template-data desensitization template page.
Referring to fig. 9, the application method of the desensitization rule template comprises the following steps:
creating a data set;
modifying the desensitization rule;
an ETL is created.
Specifically, when a user creates a data set through the system, the created data set is manually marked through a manual selection marking switch in the template, and whether the created data set is a sensitive data set is manually selected: if yes, marking the sensitive data set as not desensitized by a manual marking switch; if not, it is marked as a non-sensitive data set by a switch.
The desensitization rules are modified for the currently created dataset. On the card or dataset detail page, by manually selecting whether it is a sensitive dataset: if the data set is the sensitive data set, intelligent detection is carried out through a built-in detection rule, and a corresponding sensitive field is obtained; selecting sensitive fields and configuring corresponding desensitization rules, or directly calling the desensitization rules in the template to configure the desensitization rules, and at the moment, determining that the current sensitive data set is desensitized; if the data is a non-sensitive data set, the data is directly marked as the non-sensitive data set.
The data desensitization template comprises the following steps:
step one: clicking the "call template" button on the "data security-data desensitization" page.
Step two: make a selection of a template call and click the "ok" button.
After invoking the data desensitization template, the data set can not be configured with field desensitization rules alone, but can change according to the change of the template rules.
If the user-defined configuration is desired on the basis of calling the template, user-defined editing can be started, and at the moment, the template rule is copied to the existing data set and edited on the basis of the template rule.
Templates may be applied to a dataset or a cancel application in batches at a desensitized template application page.
Specific desensitizing template embodiment application:
(1) Card and card
When the card reference data set is created,
detecting as a 'non-sensitive data set', and walking the existing flow;
detecting that the sensitive data set is not desensitized, and not allowing the selected creation card, namely the data set page and the catalog page;
detection as "sensitive dataset desensitized" may be cited;
when the card is of a form type, displaying the effective sensitive fields of the users according to the number of views;
when the card is of other chart types, if the sensitive field is selected, the sensitive field cannot be rendered, and the user is prompted to 'have sensitive information, and the owner of the card is contacted to acquire the viewing authority'.
When the previously created card is changed into the state that the sensitive data set is not desensitized, prompting the user to ' exist sensitive data and please contact ' the card editor for desensitization ', prompting ' exist sensitive data and please contact the data set owner for desensitization ' after the card editor enters an editing page.
Only the original data and the aggregate are desensitized on the card, and advanced computing is not processed.
(2) ETL no longer sensitively marks data sets except for first run
The data set is not marked sensitively when being updated.
(3) For cards and datasets, sensitive fields do not allow for preservation of the created computation/grouping fields.
(4) The data set overview page and the card making preview page are subjected to desensitization display according to the current user data authority, and the whole thought is that the data set is required to be desensitized when being checked and the card is required to be checked.
If the audit service is, then:
supplementing audit logs:
recording a newly built data set and editing whether the data set is selected to be marked as a sensitive data set or not;
the dataset is marked as a sensitive dataset/the dataset is unmarked as a sensitive dataset;
recording and executing data detection;
recording the newly added/edited desensitization template.
It should be apparent to those skilled in the art that implementing all or part of the above-described embodiments may be accomplished by computer programs to instruct related hardware, and the programs may be stored in a computer readable storage medium, which when executed may include the processes of the embodiments of the controls described above. It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiments may be accomplished by computer programs to instruct related hardware, and the programs may be stored in a computer readable storage medium, which when executed may include the processes of the embodiments of the controls described above. The storage medium may be a magnetic disk, an optical disc, a Read-only memory (ROM), a random access memory (RandomAccessMemory, RAM), a flash memory (flash memory), a hard disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
Example 2
Based on the implementation principle of the embodiment 1, in another aspect, the application provides a desensitization rule template, which is generated by adopting the design method of the data set desensitization processing template; the desensitization rule template is used when a card preview of the dataset and a dataset detail page view.
In this embodiment, the use of the desensitization rule template is time-consuming: the desensitization rule template of the scheme can be used for carrying out desensitization identification on the data set when a user previews and views the data set through the card and on a data set detail page of the data set platform.
The desensitization rule template has a structure shown in figure 1
The modules or steps of the invention described above may be implemented in a general-purpose computing device, they may be centralized in a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by a computing device, such that they may be stored in a memory device and executed by a computing device, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
Example 3
Still further, another aspect of the present application further provides an electronic device, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of designing a data set desensitization processing template when executing the executable instructions.
Embodiments of the present disclosure provide for an electronic device that includes a processor and a memory for storing processor-executable instructions. Wherein the processor is configured to implement any one of the methods of designing a data set desensitization processing template described above when executing the executable instructions.
Here, it should be noted that the number of processors may be one or more. Meanwhile, in the electronic device of the embodiment of the disclosure, an input device and an output device may be further included. The processor, the memory, the input device, and the output device may be connected by a bus, or may be connected by other means, which is not specifically limited herein.
The memory is a computer-readable storage medium that can be used to store software programs, computer-executable programs, and various modules, such as: a program or module corresponding to a design method of a data set desensitization processing template in an embodiment of the disclosure. The processor executes various functional applications and data processing of the electronic device by running software programs or modules stored in the memory.
The input device may be used to receive an input number or signal. Wherein the signal may be a key signal generated in connection with user settings of the device/terminal/server and function control. The output means may comprise a display device such as a display screen.
The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvement of the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (8)
1. A method for designing a data set desensitization processing template, comprising the steps of:
marking the state of the data set;
configuring a detection rule table and a data set field information table:
the detection rule table is used for detecting fields in the data set through configured detection rules and marking whether each field is a sensitive field or not;
the data set field information table is used for collecting data set fields, wherein the following fields are added in the data set field information table:
is_sensitive, the field is sensitive, is used for marking whether the field is sensitive;
is_detection_active, field detection is sensitive, and is used for detecting whether the field detection is sensitive;
configuring a desensitization authority table and a desensitization rule table, wherein the desensitization authority table is used for setting different data set desensitization authorities for different users, and the desensitization rule table is used for configuring desensitization rules in the data set;
constructing a data set basic information table and associating the data set basic information table with the desensitization authority table; and simultaneously, correlating the desensitization rule table with the data set field information table to obtain a desensitization rule template.
2. A method of designing a data set desensitizing treatment template according to claim 1, wherein the marking of the data set status comprises the following marking modes:
manual marking switch: marking the dataset as non-sensitive and sensitive as non-desensitized;
after manual marking as sensitive:
if the current dataset has been configured with desensitization rules, it is marked as: desensitized;
if the current dataset is not configured with desensitization rules, marking it as: is not desensitized.
3. A method of designing a data set desensitizing treatment template according to claim 2, wherein said method of using a probe rule table comprises the steps of:
and (4) starting detection:
acquiring a detection rule of the data set, matching each field of the data set, and judging whether the field is sensitive or not:
if yes, modifying the sensitive attribute of the field as is_sensitive, and finishing detection;
and otherwise, finishing detection.
4. A method of designing a data set desensitizing process template according to claim 1, wherein said desensitizing authority table using method comprises the steps of:
and (5) starting configuration of desensitization authority:
clicking and editing on a template page or a data set detail page, and selecting a user and selecting permission;
after the selection is finished, the data source ID is stored:
a dataset ID or template ID;
and (5) finishing configuration.
5. A method of designing a data set desensitizing treatment template according to any one of claims 1-4, wherein the method of configuring the desensitizing rule table comprises the steps of:
configuration in a template:
the desensitization rule comprises each desensitization rule id and file dom-id, and the desensitization rule type is as follows: masking/hashing, and corresponding desensitization rule details json;
matching rules: the field names are completely matched;
sourceId: a data source id, including a field id or a template id;
dsId: for determining whether the dataset has been desensitized;
the matching rules and template ids are saved.
6. A method of designing a data set desensitization processing template according to claim 5, wherein said desensitization rule table using method comprises the steps of:
configuring a desensitization rule in the data set, and selecting the desensitization rule: masking or hashing;
saving a field id of the selected desensitization rule;
the configuration is completed.
7. A desensitization rule template generated using the design method of the dataset desensitization treatment template of any one of claims 1-6;
the desensitization rule template is used when a card preview of the dataset and a dataset detail page view.
8. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of designing a data set desensitization processing template according to any one of claims 1-6 when executing the executable instructions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311780777.XA CN117745049A (en) | 2023-12-22 | 2023-12-22 | Design method of data set desensitization processing template |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311780777.XA CN117745049A (en) | 2023-12-22 | 2023-12-22 | Design method of data set desensitization processing template |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117745049A true CN117745049A (en) | 2024-03-22 |
Family
ID=90254380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311780777.XA Pending CN117745049A (en) | 2023-12-22 | 2023-12-22 | Design method of data set desensitization processing template |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117745049A (en) |
-
2023
- 2023-12-22 CN CN202311780777.XA patent/CN117745049A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110727954B (en) | Data authorization desensitization automation method, device and storage medium | |
| CN108292231B (en) | Method and system for generating applications from data | |
| WO2019019769A1 (en) | Service function implementation method, device, computer apparatus and storage medium | |
| JP3181994B2 (en) | How to automatically create job flow specifications | |
| JP2007287102A (en) | Data converter | |
| CN109787957B (en) | Configuration method of configuration file and related device | |
| CN107679937B (en) | Method, system, storage medium and device for customizing service function | |
| CN116541372A (en) | Data asset management method and system | |
| CN113434901A (en) | Intelligent data query method and device, electronic equipment and storage medium | |
| CN111859076A (en) | Data crawling method and device, computer equipment and computer readable storage medium | |
| CN111722881B (en) | Resource expansion method, system and device of container cloud platform | |
| JP7235110B2 (en) | Operation log acquisition device, operation log acquisition method, and operation log acquisition program | |
| CN117745049A (en) | Design method of data set desensitization processing template | |
| CN115310126B (en) | Cadastral mapping management method, cadastral mapping management system and storage medium | |
| JP2004038759A (en) | System and method for cooperating application and program for performing the method | |
| CN115147514A (en) | Industrial flow chart generation method and device, electronic equipment and storage medium | |
| JPH04147361A (en) | System for processing for change of processing screen | |
| CN114996758A (en) | Data desensitization method and device and electronic equipment | |
| JP2009053896A (en) | Unauthorized operation detector and program | |
| CN111694627B (en) | Desktop editing method and device | |
| JP3909613B2 (en) | Computer-readable recording medium recording design review processing system and design review processing program | |
| CN113485689A (en) | Buried point processing method and device | |
| JP2012063896A (en) | Data access control system, data access control method and data access control program | |
| CN112364121A (en) | Automatic creation method and device of questionnaire PDF, storage medium and computer equipment | |
| CN111199423A (en) | User behavior track generation method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |