This feature allows you define sensitivity labels as an ordered flat list such as: Unclassified > Confidential > Secret > Top Secret. Each sensitivity label has a defintion, a hide data property (only used when applied to a column/field), and a color (for example confidential can be orange and top secret red).
Sensitivity labels can be manually applied by authorized users (with the Data Classification Editing capability object role assignment) to any individual object.
there is no inheritance such that setting a schema secret does not make each of its tables and respective columns secret.
However, there are inferred sensitivity labels so that when you apply a sensitivity label to an imported object, e.g. a column, then all the imported objects "downstream" in the data flow lineage will be given at least that level of sensitivity.
Sensitivity labels can also be updated in bulk (e.g. multiple columns at the same time).
Sensitivity labels can be automatically set through automatic data classification detection. For example, a data class SSN can be associated to a sensitivity label called Confidential or GDPR. In such case, any table columns or file fields detected as SSN will also automatically be set with that Confidential or GDPR sensitivity label.
The approval process of data classes also applies to sensitivity labels. In addition, approving a data class detection on a given object also approves its associated sensitivity label.
A sensitivity label may also be assigned to all new imported objects (data elements) on import (harvesting) a model. In addition, on subsequent imports, new data elements will be given the defined sensitivity label, but existing ones will not be changed. This way, one may assign a sensitivity label and even hide the data automatically for every data element in a model on the first harvest and approve or change that assignment, while on subsequent harvests only newly imported data elements will be assigned the automatic sensitivity label.
Sensitivity labels are highly visible in the UI, and can be used in worksheets (queried through Metadata Query Language (MQL) in the UI or the REST API). Applications can be built to query these sensitivity labels in order to automatically generate / enforce data security on the data stores (e.g. databases or file systems with Rangers). Note that sensitivity labels do not directly set or bypass the role based security of the repository, or automatically hide data from the repository (these actions can be set separately).
Manage the Pool of Sensitivity Labels
This feature allows you define sensitivity labels as an ordered flat list such as: Unclassified > Confidential > Secret > Top Secret. Each sensitivity label has a definition, a hide data property (only used when applied to a column/field), and a color (for example confidential can be orange and top secret red).
Steps
-
Go to MANAGE > Sensitivity Labels in the banner.
-
The list of sensitivity labels is presented.
-
You may also
-
Search for by Name or Definition.
-
Add a new label
-
Select a line and edit the properties or Delete an existing label
-
Move Up or Move Down to specify degree of sensitivity (lowest at the top)
Example
Sign in as Administrator and Go to MANAGE > Sensitivity Labels.
By default, no predefined sensitivity labels are defined, so the list may be empty and means that this feature is inactive until you specify sensitivity labels.
Edit Sensitivity Labels
This feature allows you define sensitivity labels as an ordered flat list such as: Unclassified > Confidential > Secret > Top Secret. Each sensitivity label has a definition, a hide data property (only used when applied to a column/field), and a color (for example confidential can be orange and top secret red).
Steps
-
Go to MANAGE > Sensitivity Labels in the banner.
-
The list of sensitivity labels is presented.
-
Click Add to add a new label.
-
Click Delete to remove an existing label.
-
Click Move Up. or Move Down to arrange the order of the labels.
Example
Sign in as Administrator and Go to MANAGE > Sensitivity Labels. and select Highly Confidential.