https://blog.51cto.com/u_15157671/2772485#:~:text=%E8%84%B1%E6%95%8F%E6%96%B9%E5%BC%8F%EF%BC%8C%E6%98%AF%E6%8C%87%E8%AF%A5%E8%84%B1%E6%95%8F%E7%AD%96%E7%95%A5%E4%BD%BF%E7%94%A8%E4%BD%95%E7%A7%8D%E6%96%B9%E5%BC%8F%E5%AF%B9%E7%9B%AE%E6%A0%87%E5%AD%97%E6%AE%B5%E8%BF%9B%E8%A1%8C%E8%84%B1%E6%95%8F%EF%BC%8C%E7%9B%AE%E5%89%8DopenGauss%E9%A2%84%E7%BD%AE%E4%BA%867%E7%A7%8D%E8%84%B1%E6%95%8F%E6%96%B9%E5%BC%8F%EF%BC%9Acreditcardmasking%E3%80%81,basicemailmasking%E3%80%81fullemailmasking%E3%80%81alldigitsmasking%E3%80%81shufflemasking%E3%80%81randommasking%E3%80%81maskall%E3%80%82https://blog.51cto.com/u_15157671/2772485#:~:text=%E8%84%B1%E6%95%8F%E6%96%B9%E5%BC%8F%EF%BC%8C%E6%98%AF%E6%8C%87%E8%AF%A5%E8%84%B1%E6%95%8F%E7%AD%96%E7%95%A5%E4%BD%BF%E7%94%A8%E4%BD%95%E7%A7%8D%E6%96%B9%E5%BC%8F%E5%AF%B9%E7%9B%AE%E6%A0%87%E5%AD%97%E6%AE%B5%E8%BF%9B%E8%A1%8C%E8%84%B1%E6%95%8F%EF%BC%8C%E7%9B%AE%E5%89%8DopenGauss%E9%A2%84%E7%BD%AE%E4%BA%867%E7%A7%8D%E8%84%B1%E6%95%8F%E6%96%B9%E5%BC%8F%EF%BC%9Acreditcardmasking%E3%80%81,basicemailmasking%E3%80%81fullemailmasking%E3%80%81alldigitsmasking%E3%80%81shufflemasking%E3%80%81randommasking%E3%80%81maskall%E3%80%82Opengauss关于数据脱敏的解释,这篇文章已经讲的很好了,这里做一下摘要:

简单地说脱敏就是修改原字段的值。

理解分三方面:

1、资源标签组织要对哪些表的哪些字段做修改(脱敏)

2、根据用户名、客户端IP、客户端程序名来过滤是否对这个查询应用脱敏

3、怎样脱敏,对字段数据有多种屏蔽和扰乱的函数可用

操作起来分两步:

1、创建资源标签,指定哪些表的哪些字段要脱敏

2、创建策略,指定对哪些标签里的字段应用哪些脱敏函数,且指定在什么条件下,执行或不执行脱敏策略

CREATE RESOURCE LABEL creditcard_label add column(persion.creditcard);

CREATE RESOURCE LABEL customer_label add column(orders.customername);

CREATE MASKING POLICY mask_card_pol CREDITCARDMASK ON LABEL(creditcard_label) FILTER ON ROLES(user1), IP(‘10.11.12.13’), APP(gsql);

CREATE MASKING POLICY mask_name_pol MASKALL ON LABEL(customer_label);