Logo
CREATE MASK RULE

描述 #

The CREATE MASK RULE 语法用于创建数据脱敏规则.

语法定义 #

createMaskRule ::=
    'CREATE' 'MASK' 'RULE' ifNotExists? maskRuleDefinition (',' maskRuleDefinition)*

maskRuleDefinition ::=
    ruleName '(' 'COLUMNS' '(' columnDefinition (',' columnDefinition)* ')' ')'

columnDefinition ::=
    '(' 'NAME' '=' columnName ',' algorithmDefinition ')' | '(' 'NAME' '=' columnName ',' algorithmGroupsDefinition ')'

ifNotExists ::=
    'IF' 'NOT' 'EXISTS'

algorithmGroupsDefinition ::=
    'ALGORITHM_GROUPS' '(' algorithmGroupDefinition (',' algorithmGroupDefinition)* ')'

algorithmGroupDefinition ::=
    '(' maskAlgorithm ',' matchingAlgorithm ')'

maskAlgorithm ::=
    'MASK_ALGORITHM' '(' algorithmDefinition ')'

matchingAlgorithm ::=
    'MATCHING_ALGORITHM' '(' algorithmDefinition ')'

algorithmDefinition ::=
    'TYPE' '(' 'NAME' '=' algorithmTypeName (',' propertiesDefinition)? ')'

maskAlgorithmType ::=
  literal

ruleName ::=
  identifier

columnName ::=
  identifier

propertiesDefinition ::=
    'PROPERTIES' '(' key '=' value (',' key '=' value)* ')'

key ::=
  string

value ::=
  literal

补充说明 #

  • maskAlgorithm 用于配置数据脱敏算法,可用类型请参考 数据脱敏算法
  • matchingAlgorithm 用于配置数据脱敏匹配绑定算法,可用类型请参考 数据脱敏匹配算法
  • 重复的 ruleName 将无法被创建。

示例 #

创建数据脱敏规则 #

CREATE MASK RULE t_mask (
COLUMNS(
(NAME=phone_number,TYPE(NAME='MASK_FROM_X_TO_Y', PROPERTIES("from-x"=1, "to-y"=2, "replace-char"="*"))),
(NAME=address,TYPE(NAME='MD5'))
));

创建数据脱敏规则并绑定用户 #

CREATE MASK RULE t_mask (
COLUMNS(
(NAME=phone_number,ALGORITHM_GROUPS(
(MASK_ALGORITHM(TYPE(NAME='MASK_FROM_X_TO_Y',PROPERTIES('from-x'=1, 'to-y'=2, 'replace-char'='*'))),
MATCHING_ALGORITHM(TYPE(NAME='SphereEx:MASK_USERNAME', PROPERTIES('user-lists'='root'))))))));

create MASK RULE t_mask (
COLUMNS(
(NAME=phone_number,   ALGORITHM_GROUPS((MASK_ALGORITHM(TYPE(NAME='MASK_AFTER_SPECIAL_CHARS',PROPERTIES('special-chars'='@', 'replace-char'='*'))),       MATCHING_ALGORITHM(TYPE(NAME='SphereEx:MASK_USERNAME', PROPERTIES('user-lists'='user1,user2')))))),
(NAME=mobile_phone,  TYPE(NAME='KEEP_FIRST_N_LAST_M',PROPERTIES('first-n'=3,'last-m'=4,'replace-char'='*')))
));

使用 ifNotExists 子句创建数据脱敏规则 #

CREATE MASK RULE IF NOT EXISTS t_mask (
COLUMNS(
(NAME=phone_number,TYPE(NAME='MASK_FROM_X_TO_Y', PROPERTIES("from-x"=1, "to-y"=2, "replace-char"="*"))),
(NAME=address,TYPE(NAME='MD5'))
));

使用 ifNotExists 子句创建数据脱敏规则并绑定用户 #

CREATE MASK RULE IF NOT EXISTS t_mask (
COLUMNS(
(NAME=phone_number,ALGORITHM_GROUPS(
(MASK_ALGORITHM(TYPE(NAME='MASK_FROM_X_TO_Y',PROPERTIES('from-x'=1, 'to-y'=2, 'replace-char'='*'))),
MATCHING_ALGORITHM(TYPE(NAME='SphereEx:MASK_USERNAME', PROPERTIES('user-lists'='root'))))))));

保留字 #

CREATEMASKRULECOLUMNSNAMETYPEMATCHING_ALGORITHMMASK_ALGORITHMALGORITHM_GROUPS