Overview
Versions
Report Server Version | Function Changes |
V11.0.13 | Added the Data Desensitization function. |
Application Scenarios
For most banks, stock exchanges, and governments, when displaying data in templates, they need to avoid information such as names, ID numbers, phone numbers, accounts, and addresses. Therefore, Data Desensitization was needed in FineReport for help.
Function Introduction
The function of Data Desensitization is as follows:
1. Supports two functions: data source desensitization and cell desensitization
2. Support platform configuration desensitization rules and local configuration desensitization rules, with two rules of partial replacement or complete replacement of characters.
3. Can be used in conjunction with permissions to apply desensitization rules to text fields.
4. Can desensitize data when previewing and exporting, or only when exporting.
Notes
1. The platform configuration desensitization rule and local configuration desensitization rule do not take effect for cells that are set to non-default content.
2. The desensitized field of the data source does not support secondary calculation. If secondary calculation is required, you can choose cell desensitization.
3. Data desensitization may cause some functions to be unavailable, such as grouping assignment, custom grouping, custom sorting, drilling-down, linking, and jumping.
Desensitization Rules
Setting the Data Desensitization Rule
You need to set Rule Name, Data Masking Algorithm, and Applied Scope when setting the desensitization rules, as shown in the table below:
Setting Items | Introduction |
Rule Name | Required field. It cannot have the same name as an existing rule. |
Data Masking Algorithm | There are two algorithms: character replacement and global replacement 1) Character replacement: Explanation: Keep the first and last n characters of the field and replace the others with the specified character. Example: Keep the first and last three characters and replace the rest with *. The original value of the field is 18899998888, and the displayed value of the field after desensitization is 188*****888. 2) Global replacement: Explanation: The field value is replaced as a whole with the specified character. Example: The field value is replaced with * as a whole. If the original field value is 18899998888, the displayed value after desensitization is ***********. |
Applied Scope | 1) The scope of application of the designer is as follows: Export only: optional. Only when exporting reports, the field values that have applied this desensitization rule will be displayed in the exported file. Preview and export: required. When previewing and exporting reports, the values of fields that have applied this desensitization rule will be displayed in the preview and export. 2) The scope of application of the data decision-making system is as follows: View: optional. When viewing the report, the values of the fields that have applied this desensitization rule will be displayed. Export: required. When exporting the report, the field values that have applied this desensitization rule will be displayed in the exported file. |
Scope of Effectiveness
For the same field and user, there are multiple role permissions: user, department, and role.
1. User priority: If the data desensitization rule is configured for this field in the permission list of the user, it will take effect according to the permission list of the user regardless of whether the department or role has configured the desensitization rule.
2. Permission Union: When there is no user permission, the permission settings of the department and role are taken as a whole.
If any role or department has configured data desensitization rules, then the data will be displayed according to the desensitization rules.
For example, if Xiaoming belongs to department A and role B, and department A has set a data desensitization rule for a certain field while role B has not, when Xiaoming views that field, the data desensitization rule will be applied.
If multiple desensitization rules are configured for a role or department, the final effective rule will be the union of all desensitization rules.
For example, Xiaoming belongs to department A, role B, for the same field:
The desensitization rule set by department A: keep the first and last two characters and replace the rest with *.
The desensitization rule set by role B: keep the first and last four characters and replace the rest with $.
The final effect viewed by Xiaoming: 22**$$$$$$$$$$**22 or 22************22
Cell Desensitization Example
Configuring Desensitization Rules in the Platform
Example:
For test users, sensitive data such as unit price, inventory, order quantity, and order amount in pagination report need to be displayed in a desensitized manner.
The administrator needs to assign the viewing, usage, and exporting permissions of this report to the test user.
1. Create a Desensitization Rule
Administrators need to create a data desensitization rule first before it can be applied in permission allocation. The administrator logs into the data decision-making system, clicks Manage > Security > Data Desensitization and Create Rule, sets the rule name to Data Desensitization, selects the desensitization algorithm as Substitute Char, keeps the first and last character, replaces the others with *, sets the application scope to View and Export, clicks Save, and successfully a data desensitization rule is added.
The created rules are displayed on the data desensitization page, supporting editing, renaming, disabling, and deleting of existing rules.
2. Apply Data Desensitization Rules
a. Open the corresponding report in the designer, select the cell that needs adding rules, select Cell Attributes > Other, and add desensitization rules.
b. Edit Data Masking, tick Platform configuration rules and Data Desensitization and click OK. Select TestTest from the user group.
c. After saving the report, log into the decision-making platform using the test user's account and password. You can see that the data related to unit price, inventory, order quantity, and order amount in the pagination report has been displayed according to the desensitization rules.
Configuring Desensitization Rules in the Designer
Same as the section '' Cell Desensitization Example''.
1. Open the corresponding report in the designer, select the cell that needs adding rules, click Cell Attributes > Other, and add desensitization rules.
2. Edit Data Masking, tick Local Configuration Rules, add a masking rule, set the rule name to Local configuration rules, select Substitute All as Desensitivity algorithm, replace the field value with $, click OK, and tick this rule. Select TestTest from the user group.
3. After saving the report, log into the decision-making platform using the test user's account and password. You can see that the data related to unit price, inventory, order quantity, and order amount in the pagination report has been displayed according to the desensitization rules.
Example of Data Source Desensitization
Configuring Data Source Desensitization in the Platform
Note: After the server dataset desensitized, all data that references the server dataset is desensitized for the specified user group, making it easier to uniformly control the data display effect.
1. Create a server dataset
The administrator logs into the decision-making system, clicks Data Connection > Server Dataset, creates a dataset 1 and saves it.
2. Create Desensitization Rules
As shown in the section ''Create a Desensitization Rule''.
3. Configure Data Desensitization Rules.
a. Select the created dataset1 and click Data Desensitization Setting.
b. Enable data desensitization, add desensitization fields, set the desensitization field to Sales_Volume. The desensitization rule is the data desensitization rule created in the section ''Create Desensitization Rules'', the effective user group is TestTest in the role, and save the settings.
4. Create and Mount the Report
a. Create a report and drag dataset1 from the server dataset into the corresponding cells and save the report.
b. Mount the created report to the decision-making platform and grant corresponding preview permissions to test users.
c. Use the account and password of a test user to log into the decision-making system, you can see that the sales field in the report has been desensitized.
Configuring Data Source Desensitization in the Designer
1. Create a Report
Create a template dataset and drag the corresponding data columns into the cells.
2. Create Desensitization Rules
As shown in the section ''Create a Desensitization Rule''.
3. Apply Data Desensitization Rules
a. Select the newly created ds1 dataset, click Preview and Data masking setting, tick Enable data masking, add Masking fields, masking rules, and Effective user group, and click OK.
Note:
1. Sensitive data masking rules can be selected on the platform or configured locally.
2. After modifying the desensitization settings of the dataset, the template needs to be saved before it takes effect.
b. Mount the newly created report to the data decision-making platform, and grant corresponding preview permissions to the test user. Log into the platform with the test user's account and password, and you can see that the sales field in the report has been desensitized.
