Data Encryption GBASE 8A MPP Cluster data encryption provides soft encryption of database landing data to meet the security needs of users and improve the security of the system. The data encryption feature provides encryption requirements at different granularities at the table level or column level.
Data encryption has the following features:
gbase generally supports encrypt to create tables.
GBASE generally supports encryption requirements at different granularities at the table level or column level.
GBASE supports the query of table-level encryption attributes;
Support key certificate management: including key certificate creation, opening, closing, password modification, and key conversion operations;
Key type conversion is supported, i.e., from a plaintext key to a ciphertext key, or from a ciphertext key to a plaintext key
Plaintext key: no user password is required, it can be randomly generated or manually entered;
Ciphertext key: The user must enter a password and encrypt and store the randomly generated key according to the password.
You can query the status of the current key certificate.
Row storage encryption is supported
encrypted transmission;
encrypted access;
Encrypted storage. Data masking gbase 8a mpp cluster provides a new feature of dynamic data masking, which enables developers or database administrators to control how sensitive data is protected and generate masked data at the database level, greatly simplifying the security design and coding of the database application layer.
Users can add desensitization attributes to fields that need to be masked in the form of SQL syntax based on permissions and field attributes, and decide whether to open the original data to users through user permission control.
Built-in rules Dynamic data masking does not really change the actual data stored in the table, but only applies this feature to control the data returned by the query during query, and supports five data masking functions, including default masking default, random masking , custom masking partial, hash masking sha, and masking the specified character position.
Whether to enable dynamic data redaction is affected by the current user permissions, and users with the unmask permission are not affected by the masking rule
Users who do not have the unmask permission can only access the masked data due to the masking rules. Masking is only valid for projected columns.