ADD SENSITIVITY CLASSIFICATION (Transact-SQL)ADD SENSITIVITY CLASSIFICATION (Transact-SQL)

适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions) 是Azure SQL 数据库Azure SQL DatabaseYesAzure SQL 数据库Azure SQL Database 是Azure SQL 托管实例Azure SQL Managed InstanceYesAzure SQL 托管实例Azure SQL Managed Instance 是Azure Synapse AnalyticsAzure Synapse AnalyticsyesAzure Synapse AnalyticsAzure Synapse Analytics适用于:Applies to: 是SQL ServerSQL Server(所有支持的版本)yesSQL ServerSQL Server (all supported versions) 是Azure SQL 数据库Azure SQL DatabaseYesAzure SQL 数据库Azure SQL Database 是Azure SQL 托管实例Azure SQL Managed InstanceYesAzure SQL 托管实例Azure SQL Managed Instance 是Azure Synapse AnalyticsAzure Synapse AnalyticsyesAzure Synapse AnalyticsAzure Synapse Analytics

将有关敏感度分类的元数据添加到一个或多个数据库列中。Adds metadata about the sensitivity classification to one or more database columns. 分类可以包括敏感度标签和信息类型。The classification can include a sensitivity label and an information type.

对于 SQL Server,这在 SQL Server 2019 中进行了引入。For SQL Server, this was introduced in SQL Server 2019.

对你的数据库环境中的敏感数据进行分类可帮助实现更高的可见性和更好的保护。Classifying sensitive data in your database environment helps achieve extended visibility and better protection. 可以在 SQL 信息保护入门中找到更多信息Additional information can be found in Getting started with SQL Information Protection

语法Syntax

    ADD SENSITIVITY CLASSIFICATION TO
    <object_name> [, ...n ]
    WITH ( <sensitivity_option> [, ...n ] )

<object_name> ::=
{
    [schema_name.]table_name.column_name
}

<sensitivity_option> ::=  
{
    LABEL = string |
    LABEL_ID = guidOrString |
    INFORMATION_TYPE = string |
    INFORMATION_TYPE_ID = guidOrString |
    RANK = NONE | LOW | MEDIUM | HIGH | CRITICAL
}

备注

若要查看 SQL Server 2014 及更早版本的 Transact-SQL 语法,请参阅早期版本文档To view Transact-SQL syntax for SQL Server 2014 and earlier, see Previous versions documentation.

参数Arguments

object_name ([schema_name.]table_name.column_name)object_name ([schema_name.]table_name.column_name)

是要进行分类的数据库列的名称。Is the name of the database column to be classified. 目前仅支持列分类。Currently only column classification is supported. - schema_name(可选)- 是已分类的列所属架构的名称。schema_name (optional) - Is the name of the schema to which the classified column belongs to. - table_name - 是已分类的列所属表的名称。table_name - Is the name of the table to which the classified column belongs to. - column_name - 是正在进行分类的列的名称。column_name - Is the name of the column being classified.

LABELLABEL

是敏感度标签的可人工读取名称。Is the human readable name of the sensitivity label. 敏感度标签表示数据库列中存储的数据的敏感度。Sensitivity labels represent the sensitivity of the data stored in the database column.

LABEL_IDLABEL_ID

是与敏感度标签相关联的标识符。Is an identifier associated with the sensitivity label. 这通常由集中式信息保护平台用于唯一标识系统中的标签。This is often used by centralized information protection platforms to uniquely identify labels in the system.

INFORMATION_TYPEINFORMATION_TYPE

是信息类型的可人工读取名称。Is the human readable name of the information type. 信息类型用于描述存储在数据库列中数据的类型。Information types are used to describe the type of data being stored in the database column.

INFORMATION_TYPE_IDINFORMATION_TYPE_ID

是与信息类型相关联的标识符。Is an identifier associated with the information type. 这通常由集中式信息保护平台用于唯一标识系统中的信息类型。This is often used by centralized information protection platforms to uniquely identify information types in the system.

RANKRANK

是基于预定义的一组值的标识符,这组值定义敏感度等级。Is an identifier based on a predefined set of values which define sensitivity rank. 由高级威胁防护等其他服务用于根据其级别来检测异常。Used by other services like Advanced Threat Protection to detect anomalies based on their rank.

备注Remarks

  • 只能向单个对象添加一个分类。Only one classification can be added to a single object. 向已进行分类的对象添加分类将覆盖现有分类。Adding a classification to an object that is already classified will overwrite the existing classification.
  • 可以使用单个 ADD SENSITIVITY CLASSIFICATION 语句对多个对象进行分类。Multiple objects can be classified using a single ADD SENSITIVITY CLASSIFICATION statement.
  • 系统视图 sys.sensitivity_classifications 可用于检索数据库的敏感度分类信息。The system view sys.sensitivity_classifications can be used to retrieve the sensitivity classification information for a database.

权限Permissions

需要“ALTER ANY SENSITIVITY CLASSIFICATION”权限。Requires ALTER ANY SENSITIVITY CLASSIFICATION permission. “ALTER ANY SENSITIVITY CLASSIFICATION”由数据库权限“ALTER”或服务器权限“CONTROL SERVER”表示。The ALTER ANY SENSITIVITY CLASSIFICATION is implied by the database permission ALTER, or by the server permission CONTROL SERVER.

示例Examples

A.A. 对两个列进行分类Classifying two columns

以下示例使用敏感度标签“高度机密”、级别“严重”和信息类型“财务”对列 dbo.sales.price 和 dbo.sales.discount 进行分类。The following example classifies the columns dbo.sales.price and dbo.sales.discount with the sensitivity label Highly Confidential, rank Critical and the Information Type Financial.

ADD SENSITIVITY CLASSIFICATION TO
    dbo.sales.price, dbo.sales.discount
    WITH ( LABEL='Highly Confidential', INFORMATION_TYPE='Financial', RANK=CRITICAL )

B.B. 仅对一个标签进行分类Classifying only a label

以下示例使用标签“机密”和标签 ID 643f7acd-776a-438d-890c-79c3f2a520d6 对列 dbo.customer.comments 进行分类。The following example classifies the column dbo.customer.comments with the label Confidential and label ID 643f7acd-776a-438d-890c-79c3f2a520d6. 未对此列进行信息类型分类。Information type isn't classified for this column.

ADD SENSITIVITY CLASSIFICATION TO
    dbo.customer.comments
    WITH ( LABEL='Confidential', LABEL_ID='643f7acd-776a-438d-890c-79c3f2a520d6' )

另请参阅See Also