DescribeColumns - Data Security Center - Alibaba Cloud Documentation Center

Call the DescribeColumns operation to query data in the columns of data assets, such as MaxCompute and RDS tables, that are authorized for Data Security Center.

Operation description

You can use this operation to view column data in the tables of sensitive data assets. This helps you accurately analyze sensitive data.

Notes

The DescribeColumns operation has been updated to DescribeColumnsV2. We recommend that you use the new version, DescribeColumnsV2, for application development.

QPS limits

Each user can call this operation up to 10 times per second. If you exceed the limit, API calls are throttled. This may affect your business. Plan your API calls accordingly.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sddp:DescribeColumns

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the content within the request and response. Default value: zh_cn. Valid values: zh_cn: Chinese. en_us: English.	zh_cn
Name	string	No	The keyword to search for. Fuzzy search is supported. For example, if you enter test, all data that contains test is returned.	test
TableId	integer	No	The unique ID of the table that contains the column. The table can be in a data asset such as a MaxCompute project or an RDS instance. Note Query column data in a data asset table authorized to Data Security Center using the table ID. To obtain the table ID, call the DescribeTables operation.	11132334
RuleId	integer	No	The unique ID of the sensitive data detection rule that is hit by the column data. Note Query column data in a data asset table authorized to Data Security Center using the ID of the sensitive data detection rule that is hit. Call the DescribeRules operation to obtain the ID of the sensitive data detection rule.	11111
ProductCode	string	No	The name of the product to which the column data in the data asset table belongs. Valid values: MaxCompute, OSS, ADS, OTS, RDS, and more.	MaxCompute
InstanceId	integer	No	The ID of the data asset instance to which the column data belongs. Note Query column data in a data asset table authorized to Data Security Center using the ID of the data asset instance. Call the DescribeInstances operation to obtain the instance ID.	1
InstanceName	string	No	The name of the data asset instance to which the column data belongs.	rm-bp17t1htja573l5i8****
TableName	string	No	The name of the data asset table.	it_table
RuleName	string	No	The name of the sensitive data detection rule that is hit by the column data.	name
SensLevelName	string	No	The name of the sensitivity level. Valid values: N/A: No sensitive data is detected. S1: Sensitivity level 1. S2: Sensitivity level 2. S3: Sensitivity level 3. S4: Sensitivity level 4.	S2
PageSize	integer	No	The number of entries to return on each page.	10
CurrentPage	integer	No	The page number.	1
RiskLevelId	integer	No	The ID of the risk level for the sensitive data detection rule. Valid values: 1: N/A 2: S1 3: S2 4: S3 5: S4	2
TemplateRuleId	string	No	The ID of the template rule that is hit. Note Call the DescribeCategoryTemplateRuleList operation to obtain the ID of the template rule that is hit.	1542
EngineType	string	No	The engine type. Valid values: MySQL MariaDB Oracle PostgreSQL SQLServer	MySQL
ProductId	string	No	The ID of the product to which the data object belongs. Valid values: 1: MaxCompute 2: OSS 3: ADB-MYSQL 4: TableStore 5: RDS 6: SELF_DB 7: PolarDB-X 8: PolarDB 9: ADB-PG 10: OceanBase 11: MongoDB 25: Redis	5
ModelTagId	string	No	The data tag. 101: Personal sensitive information 102: Personal information	101
TemplateId	string	No	The ID of the industry template. Note Call the DescribeCategoryTemplateList operation to obtain the ID of the industry template.	5

Response elements

Element	Type	Description	Example
	object
CurrentPage	integer	The page number of the returned page.	1
RequestId	string	The ID of the request.	769FB3C1-F4C9-4******
PageSize	integer	The number of entries returned on each page.	10
TotalCount	integer	The total number of entries returned.	12
Items	array<object>	The column data.
	array<object>
CreationTime	integer	The time when the column data was created. The value is a UNIX timestamp in milliseconds.	1536751124000
TableName	string	The name of the table to which the revised target column belongs.	it_table
DataType	string	The data type of the column.	String
OdpsRiskLevelValue	integer	The risk level of the asset. Valid values: 1: N/A 2: S1 3: S2 4: S3 5: S4	3
InstanceId	integer	The ID of the instance that contains the column.	1
RiskLevelId	integer	The ID of the risk level for the column data. Valid values: 1: N/A 2: S1 3: S2 4: S3 5: S4	2
RuleName	string	The name of the sensitive data detection rule that is hit by the column data.	name
RuleId	integer	The ID of the sensitive data detection rule that is hit by the column data.	1
Sensitive	boolean	Indicates whether the column contains sensitive data. Valid values: true: The column contains sensitive data. false: The column does not contain sensitive data.	false
SensLevelName	string	The name of the sensitivity level. Valid values: N/A: No sensitive data is detected. S1: Sensitivity level 1. S2: Sensitivity level 2. S3: Sensitivity level 3. S4: Sensitivity level 4.	S2
InstanceName	string	The name of the instance that contains the column.	rm-bp17t1htja573l5i8****
RiskLevelName	string	The name of the risk level for the column data. Valid values: N/A: No sensitive data is detected. S1: Sensitivity level 1. S2: Sensitivity level 2. S3: Sensitivity level 3. S4: Sensitivity level 4.	S2
OdpsRiskLevelName	string	The name of the risk level for the asset. Valid values: N/A: No sensitive data is detected. S1: Sensitivity level 1. S2: Sensitivity level 2. S3: Sensitivity level 3. S4: Sensitivity level 4.	S3
Name	string	The name of the column.	gxdata
TableId	integer	The ID of the table that contains the column.	123
Id	string	The unique ID of the column.	268
ProductCode	string	The name of the product to which the column data belongs. Valid values: MaxCompute, OSS, ADS, OTS, RDS, and more.	MaxCompute
RevisionStatus	integer	The revision status. Valid values: 1: revised 0: not revised	1
RevisionId	integer	The ID of the revision record.	12
ModelTags	array<object>	A list of data tags from the hit detection model.
	object	The data tag object of the hit detection model.
Id	integer	The ID of the data tag for the detection model. 101: Personal sensitive information. 102: Personal information. 103: Important data.	101
Name	string	The name of the data tag for the detection model. Personal sensitive information. Personal information. Important data.	personal sensitive data
RegionId	string	The region where the asset is located.	cn-***
EngineType	string	The type of the database engine.	MySQL
MaskingStatus	integer	The column encryption status. Valid values: -1: not encrypted 1: encryption successful 2: encryption failed	-1
ProductId	integer	The ID of the product to which the data object belongs. Valid values: 1: MaxCompute 2: OSS 3: ADB-MYSQL 4: TableStore 5: RDS 6: SELF_DB 7: PolarDB-X 8: PolarDB 9: ADB-PG 10: OceanBase 11: MongoDB 25: Redis	5

Examples

Success response

JSON format

{
  "CurrentPage": 1,
  "RequestId": "769FB3C1-F4C9-4******",
  "PageSize": 10,
  "TotalCount": 12,
  "Items": [
    {
      "CreationTime": 1536751124000,
      "TableName": "it_table",
      "DataType": "String",
      "OdpsRiskLevelValue": 3,
      "InstanceId": 1,
      "RiskLevelId": 2,
      "RuleName": "name",
      "RuleId": 1,
      "Sensitive": false,
      "SensLevelName": "S2",
      "InstanceName": "rm-bp17t1htja573l5i8****",
      "RiskLevelName": "S2",
      "OdpsRiskLevelName": "S3",
      "Name": "gxdata",
      "TableId": 123,
      "Id": "268",
      "ProductCode": "MaxCompute",
      "RevisionStatus": 1,
      "RevisionId": 12,
      "ModelTags": [
        {
          "Id": 101,
          "Name": "personal sensitive data"
        }
      ],
      "RegionId": "cn-***",
      "EngineType": "MySQL",
      "MaskingStatus": -1,
      "ProductId": 5
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.