This section describes how to perform operations on the data profiles that are generated by the Sensitive Data Protection discovery service.
For more information about the discovery service, see Data profiles.
Before you begin
Confirm that you have the IAM permissions that are required to work with scan configurations and data profiles at the organization or project level.
View the data profiles
To respect data residency, Sensitive Data Protection doesn't combine profiles that reside in different regions. Consequently, in the Google Cloud console, you can only see data profiles for the region that you select.
If you want to create or view reports that combine data profiles across regions into a single view, export your data profiles to BigQuery. This feature lets you query the data profiles in BigQuery and generate a premade report in Looker.
To view the data profiles in the Google Cloud console, follow these steps:
Go to the Sensitive Data Protection discovery profiles page.
Make sure you're viewing the correct organization or project:
- If you generated the data profiles through an organization-level or folder-level scan, then view the organization.
- If you generated the data profiles using a project-level scan, then view the proper project.
To switch to a different view, on the toolbar, click the project selector. Then, select the organization or project that you want to view.
Data profiles generated through a project-level scan only appear in the project view and are not combined with the results of organization-level or folder-level scans. Conversely, data profiles generated through an organization-level or folder-level scan only appear in the organization view.
In the Location list, select the region that contains the data profiles that you want to view. Each data profile is stored in the same region as the data it pertains to.
The page loads the data profiles. On this page, you can view data profiles at the project and table levels. When you drill down to a specific table data profile, you can view the column-level data profiles for that table.
Projects view
On the Projects tab, each project that has data that was scanned in your selected region represents one data profile.
The following image shows a list of project data profiles. Click the image to enlarge it.
Each project data profile is an aggregation of the metrics gathered from tables that meet both of the following criteria:
- Tables that belong to that project.
- Tables that reside in the selected region in the Google Cloud console.
Thus, it's possible to have two or more data profiles for the same project—one for each region. Those project data profiles can have different risk and sensitivity levels.
Consider this example: Project A has tables in the us-west1 and us-west2
regions. If you view your project data profiles in the us-west1 region, there
is a data profile for Project A. It includes only the metrics gathered from
Project A's tables in the us-west1 region. If you switch to the us-west2
region, another data profile for Project A is available. It shows only data that
is related to Project A's tables in the us-west2 region.
To learn more about a project's tables, click its project ID. The data profiles list switches to Tables view, filtered for your selected project.
For more information on the metrics gathered in project data profiles, see Project-level data profiles.
Tables view
On the Tables tab, each table that was scanned in your selected region represents one data profile.
The following image shows a list of table data profiles. Click the image to enlarge it.
To view the profile details of a particular table, click Actions and then click View details.
To learn more about a table's columns, click its table ID. The page loads the columns view, which is a list of column data profiles, filtered for your selected table.
To go back to the Tables tab from the columns view, click Sensitive Data Discovery: Table profile details.
For more information on the metrics gathered in table data profiles, see Table-level data profiles.
Columns view
When you click a table data profile in the Tables tab, the columns view appears. In this view, each column of a table that was scanned in your selected region represents one data profile.
The following image shows a list of column data profiles. Click the image to enlarge it.
To view the profile details of a particular column, click Actions and then click View details.
- To go back to the Tables tab from the columns view, click Sensitive Data Discovery: Table profile details.
For more information on the metrics gathered in column data profiles, see Column-level data profiles.
Force a reprofile operation
To force a reprofile operation on a table, you delete the table data profile. If the table is in the scope of an active scan configuration, the table data profile is regenerated automatically. Otherwise, you must create a scan configuration that includes the table.
Reprofiling a table also causes the associated column data profiles and project data profile to be reprofiled.
You might perform this task in the following situations:
- You want to reprofile a BigQuery table without first introducing a change in it.
- You want to reprofile a Cloud SQL table before the next scheduled discovery scan.
To regenerate a table data profile, follow these steps:
- View the details of the table data profile that you want to regenerate.
- Click Delete.
- Review the confirmation message that appears, and click Delete. The table data profile is deleted.
If no active scan configuration includes the table, create one. For more information, see the following:
Perform a deep inspection on a BigQuery table
If you profiled a BigQuery table and you want to learn more about the table's contents, you can perform a deep inspection. To inspect a table, follow these steps:
- View the details of the table data profile.
- Click Create inspection job.
- Fill in the details of the inspection job that you want to perform. For more information on filling in this form, see Inspect a BigQuery table.
What's next
- Learn how to manage scan configurations.
- Learn how to analyze the data profiles.