In GCS, go to Google Cloud > GCS > Tasks > Task Definition. This will display the Task Definition screen. Select cluster from the Select Cluster drop-down to populate the screen. IDP Status can be seen on the top right corner of this tab (Active/Inactive).
To create a new task, click the Add New Task Definition tab. The following screenshot shows the user interface for creating a task.
Enter a meaningful task name in the Task Name field and a description in the Task Description field. The task name must be unique to the task. It can be up to 256 characters and consist of letters, numbers, and certain symbols (! @ # $ _), without any spaces. The definition can be if the task name and contain any combination of numbers, letters, and symbols.
Select the attribute name from the Task Attribute drop-down. This option allows to add tags to the created task.
Choose a Task Type from the given list of options. There are six types of task user can create.
The Manage Scan Locations panel lets you select the objects for scanning. This panel displays the two tabs i.e., Include In Scan and Exclude From Scan.
*Note: To decrypt tasks, ensure that appropriate roles have been assigned before executing the
encrypting task. To know more, refer section Role Management.
Include In Scan tab displays the list of all directories which are selected for scanning. To delete a directory, click Trash button in the Actions column. To include object for scanning, perform the below steps:
Click Select Buckets to choose the objects for scanning. This will open the GCS Object Browser from where the files or folders can be selected. The browser displays the list of all directories and the folders.
Select a bucket in the left section of the panel. Selecting a bucket in the panel displays the list of all sub buckets or objects in the right panel of the GCS Browser. To select an object, perform the below steps:
To select an object, check the checkbox available with the Type column. Click + Add button. This will add the selected objects in the bottom panel of the GCS Objects Browser.
Click the Add button to include the selected objects in the bottom section of the panel.
To delete a selected file, click Trash button in the Actions column. Check the checkbox in the Homogenous Type column to enables the drop-down in the File Type column. The drop-down in the File Type column displays two formats of the file i.e., JSON and XML.
Click Done button to make the changes effective else click Cancel.
Exclude From Scan tab displays the list of all selected scan locations or the object extensions or path which need to be excluded while scanning. The tab is enabled when Detection and Masking/Field Encryption are selected in Task Type field.
To add object extension, enter the object extension in the textbox and click Add button. This will add the extension in the below panel. To delete an extension, click icon in the Actions column. An object extension can be a .mp3, .mp4, etc formats.
To add scan location, click the + Select Directories or Browse button. Perform the below steps to select a file(s):
This opens the GCS Object Browser. Select bucket in the left section. This displays the list of objects for the selected directory in the right section of the GCS File Browser.
To select object, check the checkbox available before the Type column. Click Add button. This adds the selected object in the bottom panel of the GCS File Browser.
Click Done button to make the changes effective else click Cancel. To remove a scan location, click Trash button in the Actions column.
Include Objects that failed previously check box will be greyed out for a fresh scan. Check this option if some elements of a previously executed task got skipped or the task was completed with errors. This option is available only for detection tasks.
Delete Input Files on Job Completion option is available for Masking/Field Encryption and Row Encryption task types. Check this checkbox to delete the input files after task has been executed successfully.
Select Policy panel displays the list of all available compliance policies. You can view all Pre-Defined and User Defined policies in this panel. To add a new policy, click + Add Policy button. To know more, refer to section Policy. To select one or more policies, check the checkboxes available with the policy name.
Pre-Defined And Custom Sensitive Types panel displays the list of all Pre-defined and Custom Sensitive types. To select a sensitive type, check the checkbox available with the sensitive type names. To add a sensitive data type, click + Add New Sensitive Data Type button.
Row Encryption uses default row encryption configuration for masking. This will mask all the entries of the row and is best suited to unstructured datatypes such as text files.
FP Encryption uses default encryption configuration to protect the original data format. This option is best suited to structured datatypes.
FP Decryption can only be executed on data that has been encrypted using FP Encryption.
Decryption can be executed on data that has been encrypted using FP Encryption or Field Encryption.
If you select Masking/Encryption as the Task Type, the Protection Option, Consistent and Keep Null fields are also visible. Select the required Protection Option for the selected sensitive types when creating a policy. For details about all the masking options available in PK Protect, refer to Protection Options.
Click Save button to save the task. To execute the task instantly after saving, click Save and Execute button. Click Save As button, if you want to save the task with the same configuration but with different name.
To edit an existing task, select the task from the Task panel of the Task Definition screen. Click Pen icon under the Actions column.