Skip to main content

Privacera Platform master publication

Workflow policy
:

This policy includes conditions such as sensitive tags, maximum file size (for example, 1 MB), and excluded data types (for example, images). If any of the alert conditions are met, the file is moved to a quarantine location. If encryption is enabled and a sensitive tag is found, then the column with the sensitive tag is encrypted.

Note

For nested files, encryption is only supported for primitive data types, not complex data types.

Workflow policy supported data sources

The Workflow without encryption policy supports the following data sources:

  • AWS S3

  • Azure ADLS

  • GCP GCS

The Workflow with encryption policy supports the following data sources:

  • AWS S3

  • Azure ADLS

Supported file formats

For a list of supported file formats that the Workflow policy can be applied to, see Supported file formats by policy type

Workflow policy fields

The following fields are included in the Workflow policy:

  • Name: The name of Workflow policy.

  • Type: The Workflow policy type.

  • Alert Level (Optional): The level of alert: high, medium, or low.

  • Description (Optional): A description of the Workflow policy.

  • Status: A toggle to enable or disable the policy. It is enabled by default.

  • Application: The data source from which the scanned resources can be accessed and where the Workflow policy will be applied.

  • Transfer Location (Optional): The location to which the input file is transferred if any of the alert conditions are not met.

  • Quarantine Location: The location where the input file is moved if any of the alert conditions are met.

  • Archive Location (Optional): The location where a copy of the original file is moved before any tagged records are removed from it.

  • Search for tags: The tags that help in identifying and classifying records that will be tagged and then expunged.

  • Apply Encryption Schemes: This field appears when you select the Encrypt Data checkbox. This field is populated with the names of the schemes that have been added to the application's Scheme section. To view the schemes, click and expand the Encryption & Masking from left menu, and then select the Schemes.

  • Max File Size (MB): This field excludes files based on file size and raises an alert if the condition is met.

  • Exclude File Types: This field excludes the files based on file type and raises an alert if the condition is met.

The workflow policy provides two options:

  • Workflow policy without encryption

  • Workflow policy with encryption

Workflow policy without encryption

The status of the workflow policy is enabled by default. If you do not want to encrypt your data, clear the Encrypt Data checkbox.

Add a resource to a data zone

To add a resource to a data zone, see Add resources

When you run a scan on a data zone, and if any of the alert conditions are met (matching sensitive tags, file size exceeds the maximum limit, or excluded data type), the file is moved to a quarantine location.

If none of the conditions are met and you have specified a transfer location, the file will be moved to the transfer location.

Workflow policy with encryption

If you want to encrypt data, select the Encrypt Data checkbox.

Add a resource to a data zone

To add a resource to a data zone, see Add resources.

When you run a scan on a data zone, and if any of the alert conditions are met (matching sensitive tags, file size exceeding the maximum limit, or excluded data type), the column with the sensitive tag is encrypted and the file is moved to a quarantine location.

If none of the alert conditions are met and you have specified a transfer location, the file will be moved there.

If you have specified an archive location, the file will be moved to the archive location before being encrypted.