Schedule a Sensitive Data Protection inspection scan

Learn how to create a new job trigger using Sensitive Data Protection in the Google Cloud console.

Job triggers are events that automate running Sensitive Data Protection jobs to scan Google Cloud storage repositories (Cloud Storage, BigQuery, and Firestore in Datastore mode (Datastore)).


To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:

Guide me


Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  5. Make sure that billing is enabled for your Google Cloud project.

  6. Enable the Sensitive Data Protection API.

    Enable the API

Create a job trigger

In the following sections, you configure and create a job trigger for a BigQuery public dataset that contains the street addresses of bike share stations in a city.

When this job trigger runs, Sensitive Data Protection scans around 700 bytes of data. You can inspect up to 1 GB of storage data per month free of charge. For more information about pricing, see Storage inspection job pricing.

Choose input data

  1. In the Sensitive Data Protection section of the Google Cloud console, go to the Create job or job trigger page.

    Go to Create job or job trigger

  2. To configure input data, do the following:

    1. In the Name section, define the following options:

      • For Job ID, enter quickstart-job-trigger.

      • Keep Resource location set to Global (any region).

    2. In the Storage type list, select BigQuery, and then define the following options:

      • For Project ID, enter bigquery-public-data.

      • For Dataset ID, enter austin_bikeshare.

      • For Table ID, enter bikeshare_stations.

    3. In the Maximum number of rows field, enter 10.

  3. Click Continue.

Configure detection parameters

  1. To configure detection, do the following:

    1. In the InfoTypes section, click Manage infoTypes.

    2. In the InfoTypes pane, select STREET_ADDRESS.

    3. To close the infoTypes pane, click Done.

    4. In the Confidence threshold section, select Possible from the Likelihood list.

      The value Possible is sufficient for most purposes. If you routinely get matches that are too broad when you use this job trigger, select a higher confidence threshold value. If you get too few matches, select a lower confidence threshold value.

  2. Click Continue.

Add post-scan actions

  1. Click the Notify by email toggle.

  2. Click Continue.

Set a schedule

  1. In the Time span or schedule list, select Create a trigger to run the job on a periodic schedule.

  2. In the Trigger scan repeats list, select Weekly.

  3. Click Continue.

Review and create the job trigger

After you review the JSON-formatted summary of the job settings you just specified, do the following:

  1. Click Create.

  2. In the Confirm job or job trigger create dialog, click Confirm create.

    Allow a minute for Sensitive Data Protection to create the job trigger.

Run the job trigger and view results

To trigger a job immediately, do the following:

  1. On the Trigger details page, click Run now.

    This operation might take some time to complete.

  2. After the job that you created runs once, do the following:

    1. In the Triggered jobs section, select the job ID of the triggered job in the Job ID column.

    2. On the Job details page, view the job results.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.

Delete the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the Google Cloud console, go to the Manage resources page.

    Go to Manage resources

  2. In the project list, select the project that you want to delete, and then click Delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Delete the job trigger

If you created the job trigger in an existing project and you no longer need the job trigger, follow these steps:

  1. In the Google Cloud console, go to the Sensitive Data Protection page.

    Go to Sensitive Data Protection

  2. If necessary, select the project in which you created a job trigger from the Google Cloud console toolbar.

  3. Click the Inspection tab, and then click the Job triggers tab. The Google Cloud console displays a list of all the job triggers for the current project.

  4. In the Actions column for the job trigger you want to delete, click the trigger actions menu , click Delete, and then click Confirm.

What's next