Skip to content

Workflow Policy#

This policy is configured with conditions to check sensitive tags, file-size max limit (e.g. 1 MB), and file-datatype to exclude (e.g. image/*).

Note

Workflow policy supports only for the file system.

Note

In you have nested files (avro/parquet/new line ended json), then an encryption is supported only for primitive data types, not for complex data type.

The Workflow policy has the following fields:

  • Name: This field indicates name of workflow policy.

  • Type: This field indicates type of policy.

  • Alert Level (Optional) : This field indicates alert level: High, Medium, or Low.

  • Description (Optional): This field indicates description for workflow policy.

  • Status: This field indicates the status of policy i.e. enable/disable. By default it is disable.

  • Application: This field indicates the name of application.

  • Transfer Location (Optional): This field indicates location where input file is transferred after expunging the records which are tagged.

  • Quarantine Location: This field indicates location where the input file containing the records which are tagged (if any) is transferred.

  • Archive Location: This field indicates location where a copy of the original file is kept before any tagged records are expunged from it.

  • Search for tags: This field is used to help in identifying/classifying records to be tagged and then expunged.

  • Apply Encryption Schemes: This fields appears when you select Encrypt Data checkbox. This field populated with the list of scheme name which have been added under Scheme section of the application. To view the schemes, click and expand the Encryption & Masking from left menu, and then select the Schemes.

  • Max File Sixe (MB): This field exclude the file based on file size, and if condition met then raise an alert.

  • Exclude File Types: This field exclude the file based on file type and if condition met then raise an alert.

The workflow policy provides two option i.e., Workflow Policy without Encryption and Workflow Policy with Encryption.

Workflow Policy without Encryption#

By default the workflow encryption is disabled.

Add a Resource in the Data Zone#

To add a resource in the data zone, refer to the Add Resources

Now, when you run the scan on data zone, and if the policy condition met (matching sensitive tags, file size exceeds the maximum limit, or excluded data type), then the data in the file will not be encrypted and moved to a quarantine location if alert notification is generated.

If non of the conditions (sensitive tags, file type, and file size) match and if you have given transfer location, then the file will be moved to transfer location.

Workflow Policy with Encryption#

If you want to encrypt your data, then select Encrypt Data checkbox.

Add a Resource in the Data Zone#

To add a resource in the data zone, refer to the Add Resources

Now, when you run the scan on data zone, and if the policy condition met (matching sensitive tags, file size exceeds the maximum limit, or excluded data type), then the data will be encrypted and moved to a quarantine location if alert notification is generated.

If non of the conditions (sensitive tags, file type, and file size) match and if you have given transfer location, then the file will be moved to transfer location.

If you have given the archive location, then the original data will be moved to archive location before encryption.


Last update: July 23, 2021