> For the complete documentation index, see [llms.txt](https://docs.tonic.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tonic.ai/app/generation/identify-sensitive-data/custom-sensitivity-rules.md).

# Creating and managing custom sensitivity rules

{% hint style="info" %}
**Required license:** Professional

**Required global permission:** Create and manage sensitivity rules
{% endhint %}

By default, when a Structural security scan runs on a workspace, it looks for the [built-in sensitivity types](/app/generation/identify-sensitive-data/sensitivity-types-built-in.md).

You can also define custom sensitivity rules to identify other values and the corresponding recommended generator. Your data might include values that are specific to your organization.

To identify the columns that the sensitivity rule applies to, you can either:

* Match text in the column name.
* Provide a description to tell the LLM what to look for. The LLM-based sensitivity scan then matches the description against the source data columns.

For both types of custom sensitivity rule, you identify the applicable column data type, and select the generator preset to apply to matching columns.

## Enabling LLM-based sensitivity rules

LLM-based sensitivity rules are processed as part of the LLM-based sensitivity detection. When LLM-based sensitivity detection is not used, then the LLM-based sensitivity rules also are not used.

On self-hosted instances, even if LLM-based sensitivity detection is enabled, an additional environment setting specifically enables LLM-based sensitivity rules.

For more information, go to [Structural Cloud LLM configuration](/app/admin/structural-ai-use/structural-cloud-llm-configuration.md) and [Self-hosted LLM configuration](/app/admin/structural-ai-use/self-hosted-llm-configuration.md).

## Displaying the list of custom sensitivity rules <a href="#sensitivity-rules-list" id="sensitivity-rules-list"></a>

To display the current list of sensitivity rules, in the Structural navigation menu, click **Sensitivity Rules**.

<figure><img src="/files/zq7FU7BMJQ7C2zTAS5PT" alt=""><figcaption><p>Sensitivity Rules view with the lists of custom sensitivity rules</p></figcaption></figure>

On the **Sensitivity Rules** page:

* The **Column Name rules** list contains the list of sensitivity rules that check for a text or regular expression match in the column name.
* If LLM-based sensitivity rules are enabled, then the **LLM-based rules** list is displayed and contains the list of sensitivity rules that use the rule description as input for the LLM-based security scan. The LLM-based scan uses the description to check for matching columns.

The lists contain sensitivity rules for a self-hosted Structural instance or a Structural Cloud organization.

For each rule, the list includes:

* The rule name and description
* The recommended generator preset
* When the rule was most recently modified

## Filtering the rules <a href="#sensitivity-rules-filter" id="sensitivity-rules-filter"></a>

You can filter each rule list by the following:

* Rule name
* Rule description
* Generator preset name
* Name of the user who most recently updated the rule

In the filter field, start to type text from any of those values. As you type, the list is filtered to only include matching rules.

Note that when the list is filtered, you cannot change the display sequence of the rules.

## Setting the rule sequence <a href="#sensitivity-rules-sequence" id="sensitivity-rules-sequence"></a>

For each type of rule, Structural applies the rules based on their display order in the list. If a column matches more than one rule, Structural applies the first matching rule.

Column name rules take precedence over LLM-based rules. When a column matches both a column name rule and an LLM-based rule, the column name rule is used.

To change the display order of a rule, drag and drop it to the new location in the list.

Note that you cannot change the rule sequence when the list is filtered.

## Creating and editing a sensitivity rule <a href="#sensitivity-rule-create-edit" id="sensitivity-rule-create-edit"></a>

### Creating a sensitivity rule <a href="#sensitivity-rule-create" id="sensitivity-rule-create"></a>

To create a sensitivity rule:

1. On the **Sensitivity Rules** view, click **New Custom Rule**.
2. On the **Create Custom Rule** view, [configure the new rule](#sensitivity-rule-config).
3. Click **Save**.

### Editing a sensitivity rule <a href="#sensitivity-rule-edit" id="sensitivity-rule-edit"></a>

To change the configuration of a sensitivity rule:

1. On the **Sensitivity Rules** view, click the edit icon for the rule.
2. On the **Edit Custom Rule** view, [update the configuration](#sensitivity-rule-config).
3. Click **Save**.

Note that any changes to a sensitivity rule do not take effect until the next sensitivity scan.

## Sensitivity rule configuration <a href="#sensitivity-rule-config" id="sensitivity-rule-config"></a>

<figure><img src="/files/yNt2oUCN0BBfgnYg7HYg" alt=""><figcaption><p>Details view for a custom sensitivity rule</p></figcaption></figure>

### Rule name <a href="#sensitivity-rule-name-description" id="sensitivity-rule-name-description"></a>

In the **Name** field, type the name of the sensitivity rule. The rule name becomes the sensitivity type for matching columns.

The rule name:

* Must be unique.
* Cannot match the name of a built-in sensitivity type.

### Rule description

For column name sensitivity rules, use the **Description** field to provide an optional longer description of the sensitivity rule and how it is used.

For LLM-based sensitivity rules, the content of the **Description** field is what Structural sends to the LLM during LLM-based sensitivity detection. When providing the description for the LLM, to ensure the most accurate matches, be as specific as possible.

Note that if Structural is configured to not send sample data to the LLM, and the description refers to the column value and not the column name, the LLM cannot identify matching columns.

### Rule type

When both column name and LLM-based sensitivity rules are enabled, then under **Match Type**, click the type of rule.

<figure><img src="/files/kiFc46LCDTMDg5qHvKrH" alt=""><figcaption><p>Match Type setting to determine the type of custom sensitivity rule</p></figcaption></figure>

* To create a column name rule, click **Column Name**.
* To create an LLM-based rule, click **Description (LLM)**.

After you save the rule, you cannot change the rule type.

### Data type <a href="#sensitivity-rule-data-type" id="sensitivity-rule-data-type"></a>

From the **Data Type** dropdown list, select the data type for matching columns. For example, a rule might only be used for columns that contain text.

The available data types are general types that map to specific data types in a given database. The available types are:

* Array
* Binary
* Boolean
* Continuous Numerical
* Date Range
* Datetime
* Integer
* JSON
* MAC Address
* Network Address
* Text
* UUID
* XML

### Column name criteria <a href="#sensitivity-rule-column-name-conditions" id="sensitivity-rule-column-name-conditions"></a>

Under **Column Name Match**, provide the criteria to identify matching columns based on the column name.

Note that a matching column must match both the data type and the column name criteria.

#### Configuring text matching conditions <a href="#column-name-criteria-text-match" id="column-name-criteria-text-match"></a>

When you provide a list of text matching conditions, a matching column must match all of the conditions. In other words, the conditions are joined by `AND`.

To apply the same generator preset to columns that have completely different names, you must create separate sensitivity rules.

To create a list of text matching conditions:

<figure><img src="/files/bm0zmP1G2hPQVQ3q7t8J" alt=""><figcaption><p>Column name text match rules for a custom sensitivity rule</p></figcaption></figure>

1. Click **Text Match**.
2. To add a column name condition, click **Add String Match**.
3. For each condition:
   1. From the comparison type dropdown list, select the type of comparison. For example, **Contains**, **Starts with**, **Ends with**.
   2. In the comparison text field, provide the text to check for.\
      \
      The comparison text is case insensitive. For example, if you set a condition to match column names that contain the text `term`, it also matches column names that contain `TERM` or `Term` or `tErM`.
4. To remove a column name condition, click its delete icon.

#### Providing a regular expression <a href="#column-name-criteria-regex" id="column-name-criteria-regex"></a>

To use a regular expression to identify matching columns based on the column name:

<figure><img src="/files/YGTYklPjJgw1ncd5s6Oc" alt=""><figcaption><p>Column name regular expression field for a custom sensitivity rule</p></figcaption></figure>

1. Click **Regular Expression**.
2. In the field, provide the regular expression.

### Generator preset to apply <a href="#sensitivity-rule-generator-preset" id="sensitivity-rule-generator-preset"></a>

From the **Recommended Generator Preset** dropdown list, select the generator preset that is the recommended generator for matching columns.

To search for a specific preset, begin to type the generator preset name.

## Managing generator preset configuration <a href="#sensitivity-rule-preset-config" id="sensitivity-rule-preset-config"></a>

{% hint style="info" %}
**Required global permission:** Create and manage generator presets
{% endhint %}

When you configure a sensitivity rule, you can also create a new generator preset or update the configuration of the selected generator preset.

To create a new generator preset, click **Create Preset**. On the generator preset details panel, provide the generator preset configuration, then click **Create**.

To edit the selected generator preset, click **Edit Current Preset**. On the generator preset details panel, update the generator preset configuration, then click **Save and Apply**.&#x20;

For more information about generator preset configuration, go to [Managing generator presets](/app/generation/generators-assign-config/generator-presets.md#generator-presets-configure).

## Previewing the rule results

You cannot preview the results of LLM-based sensitivity rules. You can only test column name rules.

If you have access to a workspace, then you can use the workspace to preview the sensitivity rule results.

Under **Test Results**, from the workspace dropdown list, select the workspace to use.

Structural searches the workspace schema for matching columns based on the sensitivity rule configuration.

It displays any matching columns. You can filter the matching columns based on the table or column name.

<figure><img src="/files/Gi0TZdeWDvRYVnn4XecU" alt=""><figcaption><p>Test Results section to preview the results for a sensitivity rule</p></figcaption></figure>

For each matching column, the list includes:

* The column name and table
* A sample value from the source data. The sample source value is only present if you have the **Preview source data** permission for the workspace.
* A sample replacement value, based on the selected generator preset for the sensitivity rule. The sample replacement value is only present if you have the **Preview destination data** permission for the workspace.

## Deleting a sensitivity rule <a href="#sensitivity-rule-delete" id="sensitivity-rule-delete"></a>

To delete a sensitivity rule, on the **Sensitivity Rules** view, click the delete icon for the rule.

Note that existing generator recommendations for the rule remain in place until the next sensitivity scan.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/app/generation/identify-sensitive-data/custom-sensitivity-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.