Configure masking rules to mask sensitive information, such as bank card numbers, phone numbers, and ID numbers, in audit logs. This prevents sensitive data from being exposed in SQL statements or query results.
Background information
Database Audit provides 10 built-in masking rules, which are enabled by default. When you query audit logs, Database Audit automatically masks any data in the results that matches an enabled rule, replacing it with asterisks (*).
Creating, enabling, disabling, modifying, or deleting a masking rule takes effect immediately.
Procedure
Log on to Database Audit. For more information, see Log on to Database Audit.
In the left-side navigation pane, choose .
On the Auxiliary Engine page, click the Data Masking tab.
Manage masking rules.
Create a masking rule
Above the list of masking rules, click Add.
In the Add Masking Rule panel, configure the parameters and click Save.
Parameter
Description
Name
The rule name. It must be 1 to 64 characters long and can contain Chinese characters, letters, digits, periods (.), underscores (_), and hyphens (-).
Status
Select Enable or Disable to set the status of the rule.
Regular expression
The regular expression that identifies the data to mask.
Filter scope
The portion of matched data to mask, defined by the Start Position and Length parameters.
Modify a masking rule
In the Actions column for the rule you want to modify, click Edit.
In the Edit Masking Rule panel, modify the parameters and click Save.
Enable or disable a masking rule
To enable or disable one or more rules, select them from the list and click Enable Selected or Disable Selected.
Delete a masking rule
In the Actions column for the rule you want to delete, click Delete.
To delete multiple rules, select them and click Delete at the bottom of the list.
In the confirmation dialog, click OK.