All Products
Search

This Product

    DataWorks:Risk identification rule management (old version)

    Document Center

    DataWorks:Risk identification rule management (old version)

    Last Updated:Jul 23, 2025

    The risk identification rule management feature lets you configure rules to identify risks in daily data access activities. You can also enable AI-based risk identification rules to implement automatic identification of data risks.

    The Data Risks page displays the identified data risks and lets you perform audit operations. The identified risks are also marked with identification flags next to the corresponding data on the Data Activities page.

    1. Go to the DataStudio page.

      Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose Data Development and O&M > Data Development. On the page that appears, select the desired workspace from the drop-down list and click Go to Data Development.

    2. Click the 图标 icon in the upper-left corner. Then, choose All Products > Data Governance > Data Security Guard. On the page that appears, click Try Now to go to the Data Security Guard page.

      Note

      • If your Alibaba Cloud account is granted the required permissions, you can directly access the homepage of Data Security Guard.

      • If your Alibaba Cloud account is not granted the required permissions, you are redirected to the authorization page of Data Security Guard. You can use the features of Data Security Guard only after your Alibaba Cloud account is granted the required permissions.

    1. In the navigation pane on the left, choose Rule Change > Custom Identification Rules. On this page, you can create, copy, configure, and delete risk identification rules. You can also configure AI-based identification rules.风险识别管理

    Rule Settings tab

    • Create A Rule

      Click Create Rule in the upper-right corner. In the Create Rule dialog box, enter the Rule Name, Owner, and Description, and click OK.

    • Copy a rule

      Click the 复制 icon after the corresponding rule to generate an identical rule.复制

      By default, the status of the copied rule is Inactive. You can configure it according to your requirements.

    • Modify configurations of a rule

      To modify an existing rule, perform the following steps:

      1. Set the status of the corresponding rule to Inactive.

      2. Click the 配置 icon after the corresponding rule.

      3. In the Change panel on the right, modify the Basic Settings and Rule Settings.修改配置

      4. After you complete the modifications, click Save.

      5. After you confirm that the rule is correct, change the status to Active.

    • Delete a rule

      To delete a rule, click the 删除 icon after the corresponding rule, and click Delete in the dialog box.

    AI-based Identification Rules tab

    Click Custom Identification Rules > AI-based Identification Rules. This page supports only similar SQL queries.AI识别

    Set the Status after the corresponding name to Active to enable AI-based identification.

    Note

    • After the current rule is activated, the SQL query data that meets this rule will be displayed in the data risks on the next day.

    • After activation, you can change the status to Inactive. This will not delete the previously identified data.

    Comparison of the entries to configure parameters for a risk identification rule in the old and new risk identification rule management features

    Note

    For more information, see Create a risk identification rule. For more information about the configurations of a risk identification rule in the old risk identification rule management feature, see Rule Settings tab.

    No.

    Configuration item

    Position in the old version

    Position in the new version

    1

    Rule name

    Basic Settings > Rule Name

    Basic information > Rule name

    2

    Rule owner

    Basic Settings > Owner

    By default, the owner of the rule is the current Alibaba Cloud account.

    This configuration item does not exist. DataWorks records the owner of the rule.

    3

    Rule description

    Basic Settings > Description

    Basic information > Description information

    4

    Compute engine instance for which the rule takes effect

    Rule Settings > Engine

    To specify a compute engine instance in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location from the drop-down list.

    5

    Project for which the rule takes effect

    Rule Settings > Project

    To specify a project in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location from the drop-down list.

    6

    Data category for the data risk that you want to identify

    Rule Settings > Classification

    In the Conditions section of the rule definition step, click Select condition and select Data property. Select Data classification as a property category.

    7

    Sensitivity level of the data risk that you want to identify

    Rule Settings > Level

    In the Conditions section of the rule definition step, click Select condition and select Data property. Select Data grading as a property category.

    8

    Sensitive field type for the data risk that you want to identify

    Rule Settings > Sensitive field type

    In the Conditions section of the rule definition step, click Select condition and select Data property. Select Sensitive field type as a property category.

    9

    Type of the operation that is performed on data

    Rule Settings > Export Type

    Valid values:

    • All Export

    • Download Via Tunnel

    • Table Activity

    Basic information > Rule Type

    Valid values:

    • Data Access Risk

    • Data Export Risk

    • Data Operation Risk

    • Others

    10

    Table for which the rule takes effect

    Rule Settings > Table Name

    To specify a table in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location.

    11

    Field for which the rule takes effect

    Rule Settings > Field

    To specify a field in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Data location.

    12

    Users for which a risk identification rule is triggered when the users access data that is specified in the rule

    Rule Settings > Visitors

    To specify an information category in a risk identification condition, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select User information.

    13

    Maximum number of data records that are specified in a risk identification rule

    Rule Settings > Operated Data Volume

    In the Conditions section of the rule definition step, click Select condition and select a condition. In the Threshold comparison section for the selected condition, select Data volume in a threshold comparison condition.

    14

    Time range that is specified in a risk identification rule

    Rule Settings > Date

    To specify a time range, perform the following operations: In the Conditions section of the rule definition step, click Select condition and select Operation time.

    15

    Alert notification method for a risk identification rule

    Not supported

    In the Alert Notification Method section of the Alert Settings step, select an alert notification method.