对表格数据进行去标识化的示例

Cloud Data Loss Prevention 可以检测结构化数据中的敏感数据并对其进行分类和去标识化。在对表形式的内容进行去标识化时，结构和列可为 Cloud DLP 提供额外的线索，可能会帮助其针对某些用例提供更好的结果。例如，您可以扫描单个列（而不是整个表结构）中的特定数据类型。

本主题将提供有关如何配置对结构化文本中的敏感数据进行去标识化的示例。去标识化通过记录转换来启用。这些转换应用于表格文本数据中标识为特定 infoType 的值，或应用于整列表格数据。

本主题还将提供使用了加密哈希方法的表格数据转换示例。加密转换方法是独一无二的，因为它们需要加密密钥。

以下示例中给定的 JSON 可以插入到任何去标识化请求的 "deidentifyConfig" (DeidentifyConfig) 特性中。如需在 API Explorer 中试用示例 JSON，请点击“API Explorer 示例”。

在不进行检查的情况下转换列

要转换内容已知的特定列，您可以跳过检查并直接指定转换。表下方的示例以 10 为增量对“幸福评分”列进行分桶。

输入

转换后的表

年龄	患者	幸福指数
101	查尔斯·狄更斯	95
22	简·奥斯汀	21
55	马克·吐温	75

年龄	患者	幸福指数
101	查尔斯·狄更斯	90:100
22	简·奥斯汀	20:30
55	马克·吐温	70:80

Java

如需了解如何安装和使用 Cloud DLP 客户端库，请参阅 Cloud DLP 客户端库。

如需向 Cloud DLP 进行身份验证，请设置应用默认凭据。如需了解详情，请参阅为本地开发环境设置身份验证。

在 GitHub 上查看反馈


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.FixedSizeBucketingConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableBucketing {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .build())
            .build();

    deIdentifyTableBucketing(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableBucketing(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      FixedSizeBucketingConfig fixedSizeBucketingConfig =
          FixedSizeBucketingConfig.newBuilder()
              .setBucketSize(10)
              .setLowerBound(Value.newBuilder().setIntegerValue(0).build())
              .setUpperBound(Value.newBuilder().setIntegerValue(100).build())
              .build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setFixedSizeBucketingConfig(fixedSizeBucketingConfig)
              .build();

      // Specify field to be encrypted.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Associate the encryption with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

API Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "fixedSizeBucketingConfig":{
            "bucketSize":10,
            "lowerBound":{
              "integerValue":"0"
            },
            "upperBound":{
              "integerValue":"100"
            }
          }
        }
      }
    ]
  }
}

根据其他列的值转换某个列

您可以根据其他列的值转换某个列。下面这个示例会为所有 89 岁以上的患者隐去“幸福指数”。

输入

转换后的表

年龄	患者	幸福指数
101	查尔斯·狄更斯	95
22	简·奥斯汀	21
55	马克·吐温	75

年龄	患者	幸福指数
101	查尔斯·狄更斯	**
22	简·奥斯汀	21
55	马克·吐温	75

Java

如需了解如何安装和使用 Cloud DLP 客户端库，请参阅 Cloud DLP 客户端库。

如需向 Cloud DLP 进行身份验证，请设置应用默认凭据。如需了解详情，请参阅为本地开发环境设置身份验证。

在 GitHub 上查看反馈


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.CharacterMaskConfig;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableConditionMasking {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .build())
            .build();

    deIdentifyTableConditionMasking(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionMasking(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      CharacterMaskConfig characterMaskConfig =
          CharacterMaskConfig.newBuilder().setMaskingCharacter("*").build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder().setCharacterMaskConfig(characterMaskConfig).build();

      // Specify field to be de-identified.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Specify when the above field should be de-identified.
      Condition condition =
          Condition.newBuilder()
              .setField(FieldId.newBuilder().setName("AGE").build())
              .setOperator(RelationalOperator.GREATER_THAN)
              .setValue(Value.newBuilder().setIntegerValue(89).build())
              .build();
      // Apply the condition to records
      RecordCondition recordCondition =
          RecordCondition.newBuilder()
              .setExpressions(
                  Expressions.newBuilder()
                      .setConditions(Conditions.newBuilder().addConditions(condition).build())
                      .build())
              .build();

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

API Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "characterMaskConfig":{
            "maskingCharacter":"*"
          }
        },
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

转换在列中找到的结果

您可以转换仅构成了单元格内容的一部分或构成了单元格全部内容的结果。下面的示例对 PERSON_NAME 的所有实例进行了匿名化处理。

输入

转换后的表

年龄	患者	幸福指数	趣闻
101	查尔斯·狄更斯	95	查尔斯·狄更斯这个名字是一个诅咒，可能是由莎士比亚虚构的。
22	简·奥斯汀	21	简·奥斯汀的小说中共出现了 14 次亲吻。
55	马克·吐温	75	马克·吐温喜欢猫。

年龄	患者	幸福指数	趣闻
101	[PERSON_NAME]	95	[PERSON_NAME] 这个名字是一个诅咒，可能是由莎士比亚虚构的。
22	[PERSON_NAME]	21	[PERSON_NAME] 的小说中共出现了 14 次亲吻。
55	[PERSON_NAME]	75	[PERSON_NAME] 喜欢猫。

Java

如需了解如何安装和使用 Cloud DLP 客户端库，请参阅 Cloud DLP 客户端库。

如需向 Cloud DLP 进行身份验证，请设置应用默认凭据。如需了解详情，请参阅为本地开发环境设置身份验证。

在 GitHub 上查看反馈


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableInfoTypes {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue(
                                "Charles Dickens name was a curse invented by Shakespeare.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue("There are 14 kisses in Jane Austen's novels.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
                    .build())
            .build();

    deIdentifyTableInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig)
              .build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformation).build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds =
          Stream.of("PATIENT", "FACTOID")
              .map(id -> FieldId.newBuilder().setName(id).build())
              .collect(Collectors.toList());

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

APIs Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ]
      }
    ]
  }
}

根据列的内容阻止行显示

您可以根据任意列中显示的内容完全移除某个行。下面的示例将阻止“查尔斯·狄更斯”的记录显示，因为此患者已超过 89 岁。

输入

转换后的表

年龄	患者	幸福指数
101	查尔斯·狄更斯	95
22	简·奥斯汀	21
55	马克·吐温	75

年龄	患者	幸福指数
22	简·奥斯汀	21
55	马克·吐温	75

Java

如需了解如何安装和使用 Cloud DLP 客户端库，请参阅 Cloud DLP 客户端库。

如需向 Cloud DLP 进行身份验证，请设置应用默认凭据。如需了解详情，请参阅为本地开发环境设置身份验证。

在 GitHub 上查看反馈


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordSuppression;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableRowSuppress {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .build())
            .build();

    deIdentifyTableRowSuppress(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableRowSuppress(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify when the content should be de-identified.
      Condition condition =
          Condition.newBuilder()
              .setField(FieldId.newBuilder().setName("AGE").build())
              .setOperator(RelationalOperator.GREATER_THAN)
              .setValue(Value.newBuilder().setIntegerValue(89).build())
              .build();
      // Apply the condition to record suppression.
      RecordSuppression recordSuppressions =
          RecordSuppression.newBuilder()
              .setCondition(
                  RecordCondition.newBuilder()
                      .setExpressions(
                          Expressions.newBuilder()
                              .setConditions(
                                  Conditions.newBuilder().addConditions(condition).build())
                              .build())
                      .build())
              .build();
      // Use record suppression as the only transformation
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addRecordSuppressions(recordSuppressions).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

APIs Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "recordSuppressions":[
      {
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

仅在满足其他字段的特定条件时才转换结果

在下面的示例中，只有当“年龄”列表明患者年龄超过 89 岁时，才会隐去找到的 PERSON_NAME 结果。

输入

转换后的表

年龄	患者	幸福指数	趣闻
101	查尔斯·狄更斯	95	查尔斯·狄更斯这个名字是一个诅咒，可能是由莎士比亚虚构的。
22	简·奥斯汀	21	简·奥斯汀的小说中共出现了 14 次亲吻。
55	马克·吐温	75	马克·吐温喜欢猫。

年龄	患者	幸福指数	趣闻
101	[PERSON_NAME]	95	[PERSON_NAME] 这个名字是一个诅咒，可能是由 [PERSON_NAME] 虚构的。
22	简·奥斯汀	21	简·奥斯汀的小说中共出现了 14 次亲吻。
55	马克·吐温	75	马克·吐温喜欢猫。

Java

如需了解如何安装和使用 Cloud DLP 客户端库，请参阅 Cloud DLP 客户端库。

如需向 Cloud DLP 进行身份验证，请设置应用默认凭据。如需了解详情，请参阅为本地开发环境设置身份验证。

在 GitHub 上查看反馈


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableConditionInfoTypes {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue(
                                "Charles Dickens name was a curse invented by Shakespeare.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue("There are 14 kisses in Jane Austen's novels.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
                    .build())
            .build();

    deIdentifyTableConditionInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig)
              .build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformation).build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds =
          Stream.of("PATIENT", "FACTOID")
              .map(id -> FieldId.newBuilder().setName(id).build())
              .collect(Collectors.toList());

      // Specify when the above fields should be de-identified.
      Condition condition =
          Condition.newBuilder()
              .setField(FieldId.newBuilder().setName("AGE").build())
              .setOperator(RelationalOperator.GREATER_THAN)
              .setValue(Value.newBuilder().setIntegerValue(89).build())
              .build();
      // Apply the condition to records
      RecordCondition recordCondition =
          RecordCondition.newBuilder()
              .setExpressions(
                  Expressions.newBuilder()
                      .setConditions(Conditions.newBuilder().addConditions(condition).build())
                      .build())
              .build();

      // Associate the de-identification and conditions with the specified fields.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

APIs Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ],
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

使用加密哈希转换来转换结果

以下 JSON 示例使用 infoType 转换来指示 DLP API 检查整个表结构中的特定 infoType，然后使用暂时性 CryptoKey 加密匹配值。

下面的示例演示了如何使用加密哈希转换对两个 infoType 进行去标识化。

输入：

userid	备注
user1@example.org	我的电子邮件是 user1@example.org，电话是 858-555-0222
user2@example.org	我的电子邮件是 user2@example.org，电话是 858-555-0223
user3@example.org	我的电子邮件是 user3@example.org，电话是 858-555-0224

转换后的表：

userid	备注
1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM=	我的电子邮件是 1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM=，电话是 hYXPcsJNBCe1rr51sHiVw2KhtoyMe4HEFKNHWFcDVm0=
4ESy7+rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM=	我的电子邮件是 4ESy7+rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM=，电话是 KKqW1tQwgvGiC6iWJHhLiz2enNSEFRzhmLOf9fSTxRw=
bu1blyd/mbjLmpF2Rdi6zpgsLatSwpJLVki2fMeudM0=	我的电子邮件是 bu1blyd/mbjLmpF2Rdi6zpgsLatSwpJLVki2fMeudM0=，电话是 eNt7qtZVLmxRb8z8NBR/+z00In07CI3hEMStbwofWoc=

APIs Explorer 示例

{
  "inspectConfig":{
    "infoTypes":[
      {
        "name":"EMAIL_ADDRESS"
      },
      {
        "name":"PHONE_NUMBER"
      }
    ]
  },
  "deidentifyConfig":{
    "infoTypeTransformations":{
      "transformations":[
        {
          "infoTypes":[
            {
              "name":"EMAIL_ADDRESS"
            },
            {
              "name":"PHONE_NUMBER"
            }
          ],
          "primitiveTransformation":{
            "cryptoHashConfig":{
              "cryptoKey":{
                "transient":{
                  "name":"[TRANSIENT-CRYPTO-KEY]"
                }
              }
            }
          }
        }
      ]
    }
  },
  "item":{
    "table":{
      "headers":[
        {
          "name":"userid"
        },
        {
          "name":"comments"
        }
      ],
      "rows":[
        {
          "values":[
            {
              "stringValue":"abby_abernathy@example.org"
            },
            {
              "stringValue":"my email is abby_abernathy@example.org and phone is 858-555-0222"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"bert_beauregard@example.org"
            },
            {
              "stringValue":"my email is bert_beauregard@example.org and phone is 858-555-0223"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"cathy_crenshaw@example.org"
            },
            {
              "stringValue":"my email is cathy_crenshaw@example.org and phone is 858-555-0224"
            }
          ]
        }
      ]
    }
  }
}

使用两种单独的加密哈希转换来转换结果

下面的示例演示了如何在单个去标识化配置的不同转换中使用不同的加密密钥。首先，声明“userid”字段的字段转换。该转换不包含任何 infoType 转换，因此每行中的“userid”字段都会进行转换，无论其数据类型为何。然后，声明另一个字段转换，该转换位于“备注”字段上。

输入：

userid	备注
user1@example.org	我的电子邮件是 user1@example.org，电话是 858-555-0222
abbyabernathy1	我的 userid 是 abbyabernathy1，我的电子邮件是 abernauth@example.com

转换后的表：

userid	备注
5WvS4+aJtCCwWWG79cmRNamDgyvJ+CkuwNpA2gaR1VQ=	我的电子邮件是 vjqGLaA6+NUUnZAWXpI72lU1GfwQdOKu7XqWaJPcvQQ=，电话是 BY+mSXXTu6mOoX5pr0Xbse60uelsSHmwRCq6HcscKtk=
t0dOmHvkT0VsM++SVmESVKHenLkmhBmFezH3hSDldDg=	我的 userid 是 abbyabernathy1，我的电子邮件是 TQ3ancdUn9zgwO5qe6ahkmVrBuNhvlMknxjPjIt0N2w=

APIs Explorer 示例

{
  "inspectConfig":{
    "infoTypes":[
      {
        "name":"EMAIL_ADDRESS"
      },
      {
        "name":"PHONE_NUMBER"
      }
    ]
  },
  "deidentifyConfig":{
    "recordTransformations":{
      "fieldTransformations":[
        {
          "fields":[
            {
              "name":"userid"
            }
          ],
          "primitiveTransformation":{
            "cryptoHashConfig":{
              "cryptoKey":{
                "transient":{
                  "name":"[TRANSIENT-CRYPTO-KEY-1]"
                }
              }
            }
          }
        },
        {
          "fields":[
            {
              "name":"comments"
            }
          ],
          "infoTypeTransformations":{
            "transformations":[
              {
                "infoTypes":[
                  {
                    "name":"PHONE_NUMBER"
                  },
                  {
                    "name":"EMAIL_ADDRESS"
                  }
                ],
                "primitiveTransformation":{
                  "cryptoHashConfig":{
                    "cryptoKey":{
                      "transient":{
                        "name":"[TRANSIENT-CRYPTO-KEY-2]"
                      }
                    }
                  }
                }
              }
            ]
          }
        }
      ]
    }
  },
  "item":{
    "table":{
      "headers":[
        {
          "name":"userid"
        },
        {
          "name":"comments"
        }
      ],
      "rows":[
        {
          "values":[
            {
              "stringValue":"user1@example.org"
            },
            {
              "stringValue":"my email is user1@example.org and phone is 858-333-2222"
            }
          ]
        },
        {
          "values":[
            {
              "stringValue":"abbyabernathy1"
            },
            {
              "stringValue":"my userid is abbyabernathy1 and my email is aabernathy@example.com"
            }
          ]
        }
      ]
    }
  }
}