Update README.
This commit is contained in:
parent
112e7d5380
commit
730d6d50b1
|
@ -154,6 +154,19 @@ Cloud Data Loss Prevention resources and templates should be stored in the secur
|
||||||
|
|
||||||
You can find more details and best practices on using DLP to De-identification and re-identification of PII in large-scale datasets in the [GCP documentation](https://cloud.google.com/architecture/de-identification-re-identification-pii-using-cloud-dlp).
|
You can find more details and best practices on using DLP to De-identification and re-identification of PII in large-scale datasets in the [GCP documentation](https://cloud.google.com/architecture/de-identification-re-identification-pii-using-cloud-dlp).
|
||||||
|
|
||||||
|
## Data Catalog
|
||||||
|
|
||||||
|
[Data Catalog](https://cloud.google.com/data-catalog) helps you to document your data entry at scale. Data Catalog relies on [tags](https://cloud.google.com/data-catalog/docs/tags-and-tag-templates#tags) and [tag template](https://cloud.google.com/data-catalog/docs/tags-and-tag-templates#tag-templates) to manage metadata for all data entries in a unified and centralized service. To implement [column-level security](https://cloud.google.com/bigquery/docs/column-level-security-intro) on BigQuery, we suggest to use `Tags` and `Tag templates`.
|
||||||
|
|
||||||
|
The default configuration will implement 3 tags:
|
||||||
|
- `3_Confidential`: policy tag for columns that include very sensitive information, such as credit card numbers.
|
||||||
|
- `2_Private`: policy tag for columns that include sensitive personal identifiable information (PII) information, such as a person's first name.
|
||||||
|
- `1_Sensitive`: policy tag for columns that include data that cannot be made public, such as the credit limit.
|
||||||
|
|
||||||
|
Anything that is not tagged is available to all users who have access to the data warehouse.
|
||||||
|
|
||||||
|
For the porpuse of the example no groups has access to tagged data. You can configure your tags and roles associated by configuring the `data_catalog_tags` variable. We suggest useing the "[Best practices for using policy tags in BigQuery](https://cloud.google.com/bigquery/docs/best-practices-policy-tags)" article as a guide to designing your tags structure and access pattern.
|
||||||
|
|
||||||
## How to run this script
|
## How to run this script
|
||||||
|
|
||||||
To deploy this example on your GCP organization, you will need
|
To deploy this example on your GCP organization, you will need
|
||||||
|
|
|
@ -38,9 +38,9 @@ variable "data_catalog_tags" {
|
||||||
type = map(map(list(string)))
|
type = map(map(list(string)))
|
||||||
nullable = false
|
nullable = false
|
||||||
default = {
|
default = {
|
||||||
high = null
|
"3_Confidential" = null
|
||||||
medium = null
|
"2_Private" = null
|
||||||
low = null
|
"1_Sensitive" = null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue