Suppress a row based on the content of a column. You can remove a row entirely based on the content that appears in any column. This example suppresses the record for "Charles Dickens," as this patient is over 89 years old.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
C#
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
using
System
;
using
Google.Api.Gax.ResourceNames
;
using
Google.Cloud.Dlp.V2
;
public
class
DeidentifyTableWithRowSuppress
{
public
static
Table
DeidentifyTable
(
string
projectId
,
Table
tableToInspect
=
null
)
{
// Instantiate a client.
var
dlp
=
DlpServiceClient
.
Create
();
// Construct the table if null.
if
(
tableToInspect
==
null
)
{
var
row1
=
new
Value
[]
{
new
Value
{
StringValue
=
"101"
},
new
Value
{
StringValue
=
"Charles Dickens"
},
new
Value
{
StringValue
=
"95"
}
};
var
row2
=
new
Value
[]
{
new
Value
{
StringValue
=
"22"
},
new
Value
{
StringValue
=
"Jane Austin"
},
new
Value
{
StringValue
=
"21"
}
};
var
row3
=
new
Value
[]
{
new
Value
{
StringValue
=
"55"
},
new
Value
{
StringValue
=
"Mark Twain"
},
new
Value
{
StringValue
=
"75"
}
};
tableToInspect
=
new
Table
{
Headers
=
{
new
FieldId
{
Name
=
"AGE"
},
new
FieldId
{
Name
=
"PATIENT"
},
new
FieldId
{
Name
=
"HAPPINESS SCORE"
}
},
Rows
=
{
new
Table
.
Types
.
Row
{
Values
=
{
row1
}
},
new
Table
.
Types
.
Row
{
Values
=
{
row2
}
},
new
Table
.
Types
.
Row
{
Values
=
{
row3
}
}
}
};
}
// Construct the byte content item.
var
contentItem
=
new
ContentItem
{
Table
=
tableToInspect
};
// Construct the conditions.
var
conditions
=
new
RecordCondition
.
Types
.
Conditions
{
Conditions_
=
{
new
RecordCondition
.
Types
.
Condition
{
Field
=
new
FieldId
{
Name
=
"AGE"
},
Operator
=
RelationalOperator
.
GreaterThan
,
Value
=
new
Value
{
IntegerValue
=
89
}
}
}
};
// Construct the deidentify config using the record suppression and conditions.
var
deidentifyConfig
=
new
DeidentifyConfig
{
RecordTransformations
=
new
RecordTransformations
{
RecordSuppressions
=
{
new
RecordSuppression
{
Condition
=
new
RecordCondition
{
Expressions
=
new
RecordCondition
.
Types
.
Expressions
{
Conditions
=
conditions
}
}
}
}
}
};
// Construct the request.
var
request
=
new
DeidentifyContentRequest
{
ParentAsLocationName
=
new
LocationName
(
projectId
,
"global"
),
DeidentifyConfig
=
deidentifyConfig
,
Item
=
contentItem
};
// Call the API.
var
response
=
dlp
.
DeidentifyContent
(
request
);
// Inspect the response.
Console
.
WriteLine
(
response
.
Item
.
Table
);
return
response
.
Item
.
Table
;
}
}
Go
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
(
"context"
"fmt"
"io"
dlp
"cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// deidentifyTableRowSuppress de-identifies table data and
// suppress a row based on the content of column
func
deidentifyTableRowSuppress
(
w
io
.
Writer
,
projectID
string
)
error
{
// projectId := "your-project-id"
row1
:=
& dlppb
.
Table_Row
{
Values
:
[]
*
dlppb
.
Value
{
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"22"
}},
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"Jane Austen"
}},
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"21"
}},
},
}
row2
:=
& dlppb
.
Table_Row
{
Values
:
[]
*
dlppb
.
Value
{
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"55"
}},
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"Mark Twain"
}},
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"75"
}},
},
}
row3
:=
& dlppb
.
Table_Row
{
Values
:
[]
*
dlppb
.
Value
{
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"101"
}},
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"Charles Dickens"
}},
{
Type
:
& dlppb
.
Value_StringValue
{
StringValue
:
"95"
}},
},
}
table
:=
& dlppb
.
Table
{
Headers
:
[]
*
dlppb
.
FieldId
{
{
Name
:
"AGE"
},
{
Name
:
"PATIENT"
},
{
Name
:
"HAPPINESS SCORE"
},
},
Rows
:
[]
*
dlppb
.
Table_Row
{
{
Values
:
row1
.
Values
},
{
Values
:
row2
.
Values
},
{
Values
:
row3
.
Values
},
},
}
ctx
:=
context
.
Background
()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client
,
err
:=
dlp
.
NewClient
(
ctx
)
if
err
!=
nil
{
return
err
}
// Closing the client safely cleans up background resources.
defer
client
.
Close
()
// Specify what content you want the service to de-identify.
contentItem
:=
& dlppb
.
ContentItem
{
DataItem
:
& dlppb
.
ContentItem_Table
{
Table
:
table
,
},
}
// Apply the condition to record suppression.
condition
:=
& dlppb
.
RecordCondition
{
Expressions
:
& dlppb
.
RecordCondition_Expressions
{
Type
:
& dlppb
.
RecordCondition_Expressions_Conditions
{
Conditions
:
& dlppb
.
RecordCondition_Conditions
{
Conditions
:
[]
*
dlppb
.
RecordCondition_Condition
{
{
Field
:
& dlppb
.
FieldId
{
Name
:
"AGE"
},
Operator
:
dlppb
.
RelationalOperator_GREATER_THAN
,
Value
:
& dlppb
.
Value
{
Type
:
& dlppb
.
Value_IntegerValue
{
IntegerValue
:
89
},
},
},
},
},
},
},
}
recordSupression
:=
& dlppb
.
RecordSuppression
{
Condition
:
condition
,
}
// Use record suppression as the only transformation
recordTransformations
:=
& dlppb
.
RecordTransformations
{
RecordSuppressions
:
[]
*
dlppb
.
RecordSuppression
{
recordSupression
,
},
}
// Construct the de-identification request to be sent by the client.
req
:=
& dlppb
.
DeidentifyContentRequest
{
Parent
:
fmt
.
Sprintf
(
"projects/%s/locations/global"
,
projectID
),
DeidentifyConfig
:
& dlppb
.
DeidentifyConfig
{
Transformation
:
& dlppb
.
DeidentifyConfig_RecordTransformations
{
RecordTransformations
:
recordTransformations
,
},
},
Item
:
contentItem
,
}
// Send the request.
resp
,
err
:=
client
.
DeidentifyContent
(
ctx
,
req
)
if
err
!=
nil
{
return
err
}
// Print the results.
fmt
.
Fprintf
(
w
,
"Table after de-identification : %v"
,
resp
.
GetItem
().
GetTable
())
return
nil
}
Java
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
import
com.google.cloud.dlp.v2. DlpServiceClient
;
import
com.google.privacy.dlp.v2. ContentItem
;
import
com.google.privacy.dlp.v2. DeidentifyConfig
;
import
com.google.privacy.dlp.v2. DeidentifyContentRequest
;
import
com.google.privacy.dlp.v2. DeidentifyContentResponse
;
import
com.google.privacy.dlp.v2. FieldId
;
import
com.google.privacy.dlp.v2. LocationName
;
import
com.google.privacy.dlp.v2. RecordCondition
;
import
com.google.privacy.dlp.v2. RecordCondition
. Condition
;
import
com.google.privacy.dlp.v2. RecordCondition
. Conditions
;
import
com.google.privacy.dlp.v2. RecordCondition
. Expressions
;
import
com.google.privacy.dlp.v2. RecordSuppression
;
import
com.google.privacy.dlp.v2. RecordTransformations
;
import
com.google.privacy.dlp.v2. RelationalOperator
;
import
com.google.privacy.dlp.v2. Table
;
import
com.google.privacy.dlp.v2. Table
. Row
;
import
com.google.privacy.dlp.v2. Value
;
import
java.io.IOException
;
public
class
DeIdentifyTableRowSuppress
{
public
static
void
main
(
String
[]
args
)
throws
IOException
{
// TODO(developer): Replace these variables before running the sample.
String
projectId
=
"your-project-id"
;
Table
tableToDeIdentify
=
Table
.
newBuilder
()
.
addHeaders
(
FieldId
.
newBuilder
().
setName
(
"AGE"
).
build
())
.
addHeaders
(
FieldId
.
newBuilder
().
setName
(
"PATIENT"
).
build
())
.
addHeaders
(
FieldId
.
newBuilder
().
setName
(
"HAPPINESS SCORE"
).
build
())
.
addRows
(
Row
.
newBuilder
()
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"101"
).
build
())
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"Charles Dickens"
).
build
())
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"95"
).
build
())
.
build
())
.
addRows
(
Row
.
newBuilder
()
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"22"
).
build
())
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"Jane Austen"
).
build
())
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"21"
).
build
())
.
build
())
.
addRows
(
Row
.
newBuilder
()
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"55"
).
build
())
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"Mark Twain"
).
build
())
.
addValues
(
Value
.
newBuilder
().
setStringValue
(
"75"
).
build
())
.
build
())
.
build
();
deIdentifyTableRowSuppress
(
projectId
,
tableToDeIdentify
);
}
public
static
Table
deIdentifyTableRowSuppress
(
String
projectId
,
Table
tableToDeIdentify
)
throws
IOException
{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try
(
DlpServiceClient
dlp
=
DlpServiceClient
.
create
())
{
// Specify what content you want the service to de-identify.
ContentItem
contentItem
=
ContentItem
.
newBuilder
().
setTable
(
tableToDeIdentify
).
build
();
// Specify when the content should be de-identified.
Condition
condition
=
Condition
.
newBuilder
()
.
setField
(
FieldId
.
newBuilder
().
setName
(
"AGE"
).
build
())
.
setOperator
(
RelationalOperator
.
GREATER_THAN
)
.
setValue
(
Value
.
newBuilder
().
setIntegerValue
(
89
).
build
())
.
build
();
// Apply the condition to record suppression.
RecordSuppression
recordSuppressions
=
RecordSuppression
.
newBuilder
()
.
setCondition
(
RecordCondition
.
newBuilder
()
.
setExpressions
(
Expressions
.
newBuilder
()
.
setConditions
(
Conditions
.
newBuilder
().
addConditions
(
condition
).
build
())
.
build
())
.
build
())
.
build
();
// Use record suppression as the only transformation
RecordTransformations
transformations
=
RecordTransformations
.
newBuilder
().
addRecordSuppressions
(
recordSuppressions
).
build
();
DeidentifyConfig
deidentifyConfig
=
DeidentifyConfig
.
newBuilder
().
setRecordTransformations
(
transformations
).
build
();
// Combine configurations into a request for the service.
DeidentifyContentRequest
request
=
DeidentifyContentRequest
.
newBuilder
()
.
setParent
(
LocationName
.
of
(
projectId
,
"global"
).
toString
())
.
setItem
(
contentItem
)
.
setDeidentifyConfig
(
deidentifyConfig
)
.
build
();
// Send the request and receive response from the service.
DeidentifyContentResponse
response
=
dlp
.
deidentifyContent
(
request
);
// Print the results.
System
.
out
.
println
(
"Table after de-identification: "
+
response
.
getItem
().
getTable
());
return
response
.
getItem
().
getTable
();
}
}
}
Node.js
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
// Imports the Google Cloud Data Loss Prevention library
const
DLP
=
require
(
' @google-cloud/dlp
'
);
// Initialize google DLP Client
const
dlp
=
new
DLP
.
DlpServiceClient
();
// The project ID to run the API call under
// const projectId = 'my-project';
// Construct the tabular data
const
tablularData
=
{
headers
:
[{
name
:
'AGE'
},
{
name
:
'PATIENT'
},
{
name
:
'HAPPINESS SCORE'
}],
rows
:
[
{
values
:
[
{
integerValue
:
101
},
{
stringValue
:
'Charles Dickens'
},
{
integerValue
:
95
},
],
},
{
values
:
[
{
integerValue
:
22
},
{
stringValue
:
'Jane Austen'
},
{
integerValue
:
21
},
],
},
{
values
:
[
{
integerValue
:
55
},
{
stringValue
:
'Mark Twain'
},
{
integerValue
:
75
},
],
},
],
};
async
function
deIdentifyTableRowSuppress
()
{
// Specify when the content should be de-identified.
const
condition
=
{
expressions
:
{
conditions
:
{
conditions
:
[
{
field
:
{
name
:
'AGE'
},
operator
:
' GREATER_THAN
'
,
value
:
{
integerValue
:
89
},
},
],
},
},
};
// Apply the condition to record suppression.
const
recordTransformations
=
{
recordSuppressions
:
[
{
condition
,
},
],
};
// Combine configurations into a request for the service.
const
request
=
{
parent
:
`projects/
${
projectId
}
/locations/global`
,
item
:
{
table
:
tablularData
,
},
deidentifyConfig
:
{
recordTransformations
,
},
};
// Send the request and receive response from the service.
const
[
response
]
=
await
dlp
.
deidentifyContent
(
request
);
// Print the results.
console
.
log
(
`Table after de-identification:
${
JSON
.
stringify
(
response
.
item
.
table
)
}
`
);
}
deIdentifyTableRowSuppress
();
PHP
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\RecordCondition;
use Google\Cloud\Dlp\V2\RecordCondition\Condition;
use Google\Cloud\Dlp\V2\RecordCondition\Conditions;
use Google\Cloud\Dlp\V2\RecordCondition\Expressions;
use Google\Cloud\Dlp\V2\RecordSuppression;
use Google\Cloud\Dlp\V2\RecordTransformations;
use Google\Cloud\Dlp\V2\RelationalOperator;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;
/**
* De-identify table data: Suppress a row based on the content of a column
* Suppress a row based on the content of a column. You can remove a row entirely based on the content that appears in any column. This example suppresses the record for "Charles Dickens," as this patient is over 89 years old.
*
* @param string $callingProjectId The Google Cloud project id to use as a parent resource.
* @param string $inputCsvFile The input file(csv) path to deidentify
* @param string $outputCsvFile The oupt file path to save deidentify content */
function deidentify_table_row_suppress(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $inputCsvFile = './test/data/table2.csv',
string $outputCsvFile = './test/data/deidentify_table_row_suppress_output.csv'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
$parent = "projects/$callingProjectId/locations/global";
// Read a CSV file
$csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
$csvHeaders = explode(',', $csvLines[0]);
$csvRows = array_slice($csvLines, 1);
// Convert CSV file into protobuf objects
$tableHeaders = array_map(function ($csvHeader) {
return (new FieldId)
->setName($csvHeader);
}, $csvHeaders);
$tableRows = array_map(function ($csvRow) {
$rowValues = array_map(function ($csvValue) {
return (new Value())
->setStringValue($csvValue);
}, explode(',', $csvRow));
return (new Row())
->setValues($rowValues);
}, $csvRows);
// Construct the table object
$tableToDeIdentify = (new Table())
->setHeaders($tableHeaders)
->setRows($tableRows);
// Specify what content you want the service to de-identify.
$content = (new ContentItem())
->setTable($tableToDeIdentify);
// Specify when the content should be de-identified.
$condition = (new Condition())
->setField((new FieldId())
->setName('AGE'))
->setOperator(RelationalOperator::GREATER_THAN)
->setValue((new Value())
->setIntegerValue(89));
// Apply the condition to record suppression.
$recordSuppressions = (new RecordSuppression())
->setCondition((new RecordCondition())
->setExpressions((new Expressions())
->setConditions((new Conditions())
->setConditions([$condition])
)
)
);
// Use record suppression as the only transformation
$recordtransformations = (new RecordTransformations())
->setRecordSuppressions([$recordSuppressions]);
// Create the deidentification configuration object
$deidentifyConfig = (new DeidentifyConfig())
->setRecordTransformations($recordtransformations);
// Run request
$deidentifyContentRequest = (new DeidentifyContentRequest())
->setParent($parent)
->setDeidentifyConfig($deidentifyConfig)
->setItem($content);
$response = $dlp->deidentifyContent($deidentifyContentRequest);
// Print the results
$csvRef = fopen($outputCsvFile, 'w');
fputcsv($csvRef, $csvHeaders);
foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
$values = array_map(function ($tableValue) {
return $tableValue->getStringValue();
}, iterator_to_array($tableRow->getValues()));
fputcsv($csvRef, $values);
};
printf($outputCsvFile);
}
Python
To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries .
To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment .
from
typing
import
Dict
,
List
,
Union
import
google.cloud.dlp
def
deidentify_table_suppress_row
(
project
:
str
,
table_data
:
Dict
[
str
,
Union
[
List
[
str
],
List
[
List
[
str
]]]],
condition_field
:
str
,
condition_operator
:
str
,
condition_value
:
int
,
)
-
> None
:
""" Uses the Data Loss Prevention API to de-identify sensitive data in a
table by suppressing entire row/s based on a condition.
Args:
project: The Google Cloud project id to use as a parent resource.
table_data: Dictionary representing table data.
condition_field: A table field within the record this condition is evaluated against.
condition_operator: Operator used to compare the field or infoType to the value. One of:
RELATIONAL_OPERATOR_UNSPECIFIED, EQUAL_TO, NOT_EQUAL_TO, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS,
LESS_THAN_OR_EQUALS, EXISTS.
condition_value: Value to compare against. [Mandatory, except for ``EXISTS`` tests.].
Example:
>> $ python deidentify_table_row_suppress.py \
'{"header": ["email", "phone number", "age"],
"rows": [["robertfrost@example.com", "4232342345", "35"],
["johndoe@example.com", "4253458383", "64"]]}' \
"age" "GREATER_THAN" 50
>> '{"header": ["email", "phone number", "age"],
"rows": [["robertfrost@example.com", "4232342345", "35", "21"]]}'
"""
# Instantiate a client.
dlp
=
google
.
cloud
.
dlp_v2
.
DlpServiceClient
()
# Construct the `table`. For more details on the table schema, please see
# https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
headers
=
[{
"name"
:
val
}
for
val
in
table_data
[
"header"
]]
rows
=
[]
for
row
in
table_data
[
"rows"
]:
rows
.
append
({
"values"
:
[{
"string_value"
:
cell_val
}
for
cell_val
in
row
]})
table
=
{
"headers"
:
headers
,
"rows"
:
rows
}
# Construct the `item` containing the table data.
item
=
{
"table"
:
table
}
# Construct condition list.
condition
=
[
{
"field"
:
{
"name"
:
condition_field
},
"operator"
:
condition_operator
,
"value"
:
{
"integer_value"
:
condition_value
},
}
]
# Construct deidentify configuration dictionary
deidentify_config
=
{
"record_transformations"
:
{
"record_suppressions"
:
[
{
"condition"
:
{
"expressions"
:
{
"conditions"
:
{
"conditions"
:
condition
}}
}
}
]
}
}
# Convert the project id into a full resource id.
parent
=
f
"projects/
{
project
}
/locations/global"
# Call the API.
response
=
dlp
.
deidentify_content
(
request
=
{
"parent"
:
parent
,
"deidentify_config"
:
deidentify_config
,
"item"
:
item
}
)
# Print the result.
print
(
f
"Table after de-identification:
{
response
.
item
.
table
}
"
)
What's next
To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .
