Oracle Cloud Infrastructure Documentation

Creating a Data Masking Rule

Create data masking rules in Cloud Guard to hide or redact categories of sensitive information from users who don't have a specific need to view it.

Prerequisite: Create IAM groups that clearly group users in a way that maps to the categories of sensitive information that they are authorized to view. See About Data Masking.

    1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Configuration.
    2. On the Configuration page, click Data masking.
    3. Click Create masking rule.
    4. In the Create masking rule panel, in the Masking rule box, enter a name for this masking rule.
      Avoid entering confidential information.
    5. From the Create in compartment list, select the compartment to which the rule applies.
    6. From the Group membership list, select the group to which you want this rule to apply.
    7. For Targets, select one of the following options:
      • Select All to have the rule apply to all targets defined in Cloud Guard.

        Configuring the rule to apply all target instances makes it a global-level rule.

      • Select Instance to have the rule apply to only a specific target instance, and then select the instance from the Target instances list.

        Configuring the rule to apply only to specific target instances makes it a target-level rule.

    8. Under Redacted categories, select the categories of sensitive information to be redacted for the group that you specified in Group membership:
      • Actor: Name or ID of an individual.
      • Location: Geographic information, such as city or country, including IP addresses.
      • Custom: Another type of sensitive information that you define.
    9. Leave Enable rule selected, or clear the checkbox to disable the rule.
    10. To specify tags for the rule, click Show advanced options and enter the following values:
      1. Select a Tag namespace to add a defined tag, or select None to add a free-form tag.
      2. Select or enter a Tag key and a Tag value.
      3. Add more tags or delete them as needed.
    11. Click Create.

  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Use the oci cloud-guard data-mask-rule create command and required parameters to create a data masking rule:

    oci cloud-guard data-mask-rule create --compartment-id, -c <compartment_ocid> --data-mask-categories <data_mask_categories> --display-name <display_name_text> --iam-group-id <iam_group_id> --target-selected <valid_json> [OPTIONS]

  • Run the CreateDataMaskRule operation to create a data masking rule.