反馈已提交
网络繁忙
6.0.6
/
Many banks, securities, and governments need to perform data desensitization when displaying data (such as names, ID numbers, phone numbers, accounts, and addresses) in dashboards.
Therefore, FineBI provides the Data Desensitization function.
1. You can create desensitization rules and substitute partial/all characters with *.
2. You can apply desensitization rules to text fields through the combination of the Data Desensitization function and data column permissions.
3. Data desensitization only affects viewing effects and does not affect calculation processes.
The dashboard RFM Customer Analysis Model calls the data in RFM Analysis Table Detailed Data in Public Data.
The admin needs to assign the viewing and use permissions of this table and the viewing and export permissions of this dashboard to the sales director.
However, the CUSTOMERNAME field (in the RFM Analysis Table Detailed Data table) contains sensitive information and needs to be desensitized for display. That is, the original values of this field should be invisible to the sales director.
The admin needs to create a data desensitization rule for application during the permission assignment.
Log in to the FineBI system as the admin, choose System Management > Security Management > Data Desensitization, and click Create Rule, as shown in the following figure.
Set Rule Name to Username Desensitization.
Set Desensitization Algorithm to Substitute Char and Retain First 1 and Last 1 Character(s), and Substitute Other Characters with * Character.
Set Applied Scope to View and Export (default setting).
Click Save. A data desensitization rule is added successfully, as shown in the following figure.
After completion, you can apply the rule during the data column permission assignment.
Log in to the FineBI system as the admin, choose System Management > Permission Management > Common Permission Configuration, and assign data permissions to Sale director (in Sales department).
1. Select Sales director, click Data Authorization, and assign the Component Data and Use permissions of RFM Analysis Table Detailed Data under Public Data > Analysis Data > Data Analysis Model.
2. Click the edit icon next to RFM Analysis Table Detailed Data, click Column Permissions, and set the created desensitization rule Username Desensitization for the text field CUSTOMERNAME, as shown in the following figure.
Log in to the FineBI system as the admin, choose System Management > Permission Management > Common Permission Configuration, and assign directory permissions to Sales director (in Sales department).
Select Sales director, click Directory Permission, and assign the View and Export permissions of RFM Customer Analysis Model under Platform Directory > Analysis Model.
Log in to the FineBI system as the sales director Lisa (username: Lisa; password: 1).
1. View the dashboard RFM Customer Analysis Model. Only the first and last characters are displayed for the values of the field CUSTOMERNAME (namely company names), with all other characters displayed as *.
2. View the table RFM Analysis Table Detailed Data in Public Data. Only the first and last characters are displayed for the values of the field CUSTOMERNAME, with all other characters displayed as *.
To desensitize data, you need to first set desensitization rules.
Log in to the FineBI system as the admin, choose System Management > Security Management > Data Desensitization, and click Create Rule.
On the rule edit page, set Rule Name, Desensitization Algorithm, and Applied Scope, and click Save, as shown in the following figure.
The following table describes each setting item.
Rule Name
Mandatory and unrepeatable.
Desensitization Algorithm
Includes Substitute Char and Substitute All.
1. Substitute Char:
Explanation: retains the first x and last x characters of a field value, with all other characters displayed as specified characters.
Example: retains the first 3 and last 3 characters, with all other characters displayed as *. If the original value of a field is 18899998888, the desensitized value of the field is 188*****888.
2. Substitute All:
Explanation: substitutes the specific character for the entire field value.
Example: substitutes * for the entire field value. If the original value of a field is 18899998888, the desensitized value of the field is ***********.
Applied Scope
Includes View and Export.
View (optional): displays desensitized field values (which have applied the desensitization rule) when you view a dashboard.
Export (mandatory): displays desensitized data for fields that have applied the desensitization rule in the exported Excel file after you export a dashboard.
Note:The exported dashboard image follows the rule of View, not the rule of Export. What you see is what you get.
The created rules are displayed on the data desensitization page. You can edit, rename, disable, and delete the existing rules, as shown in the following figure.
You need to apply the created data desensitization rule to the text field when configuring data column permissions.
Log in to the FineBI system as the admin, choose System Management > Permission Management > Common Permission Configuration, click Data Authorization, and assign table permissions to a permission carrier.
Click the Edit icon next to the corresponding table to go to the column permission configuration page.
For example, if the user Anna is in sales group 1 of the sales department, you must assign permissions to sales group 1, rather than the sales department.
Click Column Permissions, select the field to be viewed, select the data desensitization rule to be applied, and click OK, as shown in the following figure.
1. The user without column permissions of this field cannot view any relevant data, no matter whether the desensitization rule is applied.
2. Only text fields can be applied with the data desensitization rule. Date and value fields do not support the data desensitization function.
If text fields are converted into date/value fields, the desensitization rule will be invalid. After you restore date/value fields to text fields, the data desensitization rule is still valid.
3. The user who has data management permissions can view relevant data of this field, no matter whether the desensitization rule is applied.
Multiple permissions (in the user, department, and role levels) may exist in the same field and user. The precedence of these permissions is as follows:
1. User-level permissions have the top priority. That is, if a field is configured with a data desensitization rule, the rule will take effect based on the user-level permissions regardless of department/role-level permissions.
2. In the absence of user-level permissions, the union of the column permissions for departments and roles is obtained.
A data desensitization rule takes effect only if it is set for a field in any role/department.
For example, Alice is in department A and has role B. If a desensitization rule is set for a field in department A (while the rule is not set for the same field in role B), the rule takes effect eventually when Alice views the field.
The union of multiple desensitization rules takes effect if they are set for a role/department.
For example, Alice is in department A and has role B.
The desensitization rule set for a field in department A is Retain the first 2 and last 2 character(s), and Substitute Other Characters with * Character.
The desensitization rule set for the same field in role B is Retain the first 4 and last 4 character(s), and Substitute Other Characters with $ Character.
The final result when Alice views the field is 22**$$$$$$$$$$**22 or 22************22.
The following sections introduce possible causes and solutions to the problem of the desensitization rule (which is applied during the permission assignment) being ineffective when you view the field. You can refer to the following sections for troubleshooting.
Cause:
You must assign permissions to the direct department/position/role of a user, or the user himself/herself. Data desensitization rules do not take effect if you apply the rules to a user's parent department.
For example, suppose the user Anna is in the salesman group under the sales department > the sales group 1. In this case, you must assign permissions to the salesman group, rather than the sales department/sales group 1.
Solution:
Choose System Management > User Management to view a user's direct department/position/role and assign permissions.
If the admin has edited, renamed, disabled, or deleted a desensitization rule (set for column permissions), the rule will be invalid.
1. Do not easily edit/rename/disable/delete the created desensitization rule.
2. Check whether the data desensitization rule in column permissions is highlighted in red. If so, reselect a desensitization rule.
The desensitization rule of a text field may not take effect due to some edit operations in some tables/components.
The following table describes various edit operations (that may be performed in some tables/components) and these operations' impacts on the desensitization rule. You can troubleshoot your problems based on this table.
Desensitization for Text Fields in a Base Table
Row-Column Conversion
If you set desensitization rules and Row-Column Conversion for text fields in base tables, the rules for the fields will be invalid.
Field Type Conversion
If you set desensitization rules for text fields and convert text fields into date/value fields in base tables, the rules for the fields will be invalid.
Self-Looping Column and Field Settings
This operation does not affect the validity of desensitization rules.
Desensitization for Text Fields in Self-Service Datasets
Select Field
Filter
The selectable content in the drop-down list is displayed as the effect after desensitization.
For example, the field value 18899999888 is displayed as 188*****888 in the drop-down list after desensitization.
Do not directly select the desensitized value from the drop-down list for data filtering (as the actual value is hidden, causing an inaccurate analysis).
Instead, you should manually enter the actual value (such as 18899999888), which can be automatically matched with the desensitized value. Then the system can filter data accordingly.
Group Summary
If fields after the group and summary are dimension fields, the entire field values will be desensitized and displayed as ****.
If fields after the group and summary are indicator fields, the field values will not be desensitized.
For example, if the field values are Gold Member, Silver Member, and Bronze Member, the values after desensitization are all displayed as ** Member.
Each field after desensitization is calculated separately during group calculations, rather than being calculated as one group, guaranteeing the data analysis accuracy.
Union All
If you perform Union All for desensitized fields, the entire field values will be displayed in the desensitization way after the operation.
If you perform Union All for the desensitized field A and the non-desensitized field B, the union field will be displayed based on the desensitization rule of the field A.
If you perform Union All for the desensitized field A and the desensitized field B, the union field will be displayed based on the desensitization rules of both the field A and the field B.
Add Column
The entire field values (created by desensitized fields) are desensitized and displayed as ****.
Group Assignment
Summary Column
Assignment Column
Field Settings
Sort
Join
Column from Other Tables
Column to Row
Row to Column
Desensitization in Dashboards
Geographic Dimension
Fields after desensitization cannot be matched with geographic locations.
Customize Grouping
Customize Sort
Drill
Linkage
Jump
You cannot perform relevant operations for fields normally.
Node Expanding
Share
feedback
鼠标选中内容,快速反馈问题
鼠标选中存在疑惑的内容,即可快速反馈问题,我们将会跟进处理。
不再提示
10s后关闭