Logo
CREATE MASK RULE

Description #

The CREATE MASK RULE syntax is used to create a mask rule.

Syntax #

createMaskRule ::=
    'CREATE' 'MASK' 'RULE' ifNotExists? maskRuleDefinition (',' maskRuleDefinition)*

maskRuleDefinition ::=
    ruleName '(' 'COLUMNS' '(' columnDefinition (',' columnDefinition)* ')' ')'

columnDefinition ::=
    '(' 'NAME' '=' columnName ',' algorithmDefinition ')' | '(' 'NAME' '=' columnName ',' algorithmGroupsDefinition ')'

ifNotExists ::=
    'IF' 'NOT' 'EXISTS'

algorithmGroupsDefinition ::=
    'ALGORITHM_GROUPS' '(' algorithmGroupDefinition (',' algorithmGroupDefinition)* ')'

algorithmGroupDefinition ::=
    '(' maskAlgorithm ',' matchingAlgorithm ')'

maskAlgorithm ::=
    'MASK_ALGORITHM' '(' algorithmDefinition ')'

matchingAlgorithm ::=
    'MATCHING_ALGORITHM' '(' algorithmDefinition ')'

algorithmDefinition ::=
    'TYPE' '(' 'NAME' '=' algorithmTypeName (',' propertiesDefinition)? ')'

maskAlgorithmType ::=
  literal

ruleName ::=
  identifier

columnName ::=
  identifier

propertiesDefinition ::=
    'PROPERTIES' '(' key '=' value (',' key '=' value)* ')'

key ::=
  string

value ::=
  literal

Note #

  • maskAlgorithm used to config data masking algorithm. For available types, please refer to Data Masking Algorithm.
  • matchingAlgorithm is used to configure the data masking matching binding algorithm. For available types, please refer to Data Masking Matching Algorithm.
  • Duplicate ruleName will not be created;

Example #

Create a mask rule #

CREATE MASK RULE t_mask (
COLUMNS(
(NAME=phone_number,TYPE(NAME='MASK_FROM_X_TO_Y', PROPERTIES("from-x"=1, "to-y"=2, "replace-char"="*"))),
(NAME=address,TYPE(NAME='MD5'))
));

Create data masking rules and bind users #

CREATE MASK RULE t_mask (
COLUMNS(
(NAME=phone_number,ALGORITHM_GROUPS(
(MASK_ALGORITHM(TYPE(NAME='MASK_FROM_X_TO_Y',PROPERTIES('from-x'=1, 'to-y'=2, 'replace-char'='*'))),
MATCHING_ALGORITHM(TYPE(NAME='SphereEx:MASK_USERNAME', PROPERTIES('user-lists'='root'))))))));

Create mask rule with ifNotExists clause #

CREATE MASK RULE IF NOT EXISTS t_mask (
COLUMNS(
(NAME=phone_number,TYPE(NAME='MASK_FROM_X_TO_Y', PROPERTIES("from-x"=1, "to-y"=2, "replace-char"="*"))),
(NAME=address,TYPE(NAME='MD5'))
));

Create mask rule with ifNotExists clause and bind users #

CREATE MASK RULE IF NOT EXISTS t_mask (
COLUMNS(
(NAME=phone_number,ALGORITHM_GROUPS(
(MASK_ALGORITHM(TYPE(NAME='MASK_FROM_X_TO_Y',PROPERTIES('from-x'=1, 'to-y'=2, 'replace-char'='*'))),
MATCHING_ALGORITHM(TYPE(NAME='SphereEx:MASK_USERNAME', PROPERTIES('user-lists'='root'))))))));

Reserved words #

CREATE, MASK, RULE, COLUMNS, NAME, TYPE, MATCHING_ALGORITHM, MASK_ALGORITHM, ALGORITHM_GROUPS