Happy Learning! and Happy Innovating!
The Data Loss Prevention (DLP) API provided by Google Cloud Platform offers the following three operations for protecting sensitive data:
In the context of the DLP API, the following table summarizes the key differences between redaction, deidentification, and anonymization:
The choice of which operation to use depends on the specific business requirements. If you need to protect sensitive data from unauthorized access, redaction may be sufficient. However, if you need to comply with privacy regulations, such as GDPR or HIPAA, you may need to deidentify or anonymize the data.
The DLP API provides a variety of features to help you choose the right operation for your needs. You can use the DLP API to:
The DLP API is a powerful tool for protecting sensitive data. By using the DLP API, you can comply with privacy regulations, protect your customers’ privacy, and reduce the risk of data breaches. Please refer to the code sample for some quick references.
Below is a quick start of consuming DLP API using ABAP SDK for Google Cloud to execute an Email ID Deidentification scenario.
The configuration steps in this quickstart guide assumes that the SAP system is hosted on Google cloud platform.
To learn more about authentication step for SAP system hosted outside Google Cloud Platform, please refer to the documentation “Authenticate using tokens for SAP hosted outside Google Cloud”
Before you run this quickstart, make sure that you or your administrators have completed the following prerequisites:
PROJECT_ID
with your Google Cloud project Id)gcloud auth login
gcloud config set project PROJECT_ID
gcloud services enable iamcredentials.googleapis.com
gcloud services enable dlp.googleapis.com
The below configuration will be used by the ABAP SDK to connect to the secret manager API.
PROJECT_ID
with your Google Cloud project Id)Google Cloud Key Name:DEMO_DLP
Google Cloud Service Account Name: abap-sdk-qs@
PROJECT_ID
.iam.gserviceaccount.comGoogle Cloud Scope:https://www.googleapis.com/auth/cloud-platform
Google Cloud Project Identifier:
PROJECT_ID
Authorization Class:/GOOG/CL_AUTH_GOOGLE
NOTE Leave the other fields blank
DEMO_DLP
which will be used by the SDK to connect to the API.REPORT zr_qs_dlp_deidentify.
" data declarations
DATA:
lv_p_projects_id TYPE string,
ls_input TYPE /goog/cl_dlp_v2=>ty_055,
ls_transformations TYPE /goog/cl_dlp_v2=>ty_100.
TRY.
" instantiate api client stub
DATA(lo_dlp) = NEW /goog/cl_dlp_v2( iv_key_name = 'DLP_V2' ).
" pass the sample text for deidentification
lv_p_projects_id = lo_dlp->gv_project_id.
INSERT VALUE #( name = 'EMAIL_ADDRESS' ) INTO TABLE ls_input-inspect_config-info_types.
ls_transformations-primitive_transformation-replace_config-new_value-string_value = '[EMAIL_ID]'.
INSERT ls_transformations INTO TABLE ls_input-deidentify_config-info_type_transformations-transformations.
ls_input-item-value = 'The Email ID of Mr. Foo is foobar@example.com'.
" call the api method to deidentify
CALL METHOD lo_dlp->deidentify_content
EXPORTING
iv_p_projects_id = lv_p_projects_id
is_input = ls_input
IMPORTING
es_output = DATA(ls_output)
ev_ret_code = DATA(lv_ret_code)
ev_err_text = DATA(lv_err_text)
es_err_resp = DATA(ls_err_resp).
IF lo_dlp->is_success( lv_ret_code ).
WRITE: / 'Deidentification Successful'.
WRITE: / 'The replaced text is: ', ls_output-item-value.
ELSE.
MESSAGE lv_err_text TYPE 'E'.
ENDIF.
" close the http connection
lo_dlp->close( ).
CATCH /goog/cx_sdk INTO DATA(lo_exception).
" write code here to handle exceptions
MESSAGE lo_exception->get_text( ) TYPE 'E'.
ENDTRY.Sales Order Header Text Example
Lets see DLP in action! Below is an example where the DLP API was used to deidentify personally identifiable information (PII) from Sales Order Header Text, in case the user enters the same.
For clean up disable the service to avoid any usage.
gcloud services disable dlp.googleapis.com --force
Hope the article was able to give you a quick insight on using Data Los Prevention API with ABAP SDK for Google Cloud.
Ready to start using ABAP SDK for Google Cloud?
Bookmark What’s new with the ABAP SDK for Google Cloud for the latest announcements and follow installation and configuration instructions.
Check out these blog posts to get started with ABAP SDK for Google Cloud
Happy Learning! and Happy Innovating!