DescribeDataAssets - Data Security Center - Alibaba Cloud Documentation Center

Queries the sensitive data detection results of data assets that Data Security Center (DSC) is authorized to access.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sddp:DescribeDataAssets	get	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the content within the request and response. Default value: zh_cn. Valid values: zh_cn: Simplified Chinese en_us: English	zh_cn
Name	string	No	The keyword that is used to search for data assets. Fuzzy search is supported.	test
RiskLevels	string	No	The sensitivity level of the data asset. Separate multiple sensitivity levels with commas (,). Valid values: 2: S1, indicating the low sensitivity level 3: S2, indicating the medium sensitivity level 4: S3, indicating the high sensitivity level 5: S4, indicating the highest sensitivity level	2
RuleId	long	No	The unique ID of the sensitive data detection rule that the data assets to be queried hit. Note If you query sensitive data detection results based on the sensitive data detection rule that the data assets hit, you can call the DescribeRules operation to query the ID of the sensitive data detection rule.	11122200
RangeId	integer	No	The type of the data asset that you want to query. Valid values: 1: MaxCompute project 2: MaxCompute table 3: MaxCompute package 11: AnalyticDB for MySQL database 12: AnalyticDB for MySQL table 21: Object Storage Service (OSS) bucket 22: OSS object 31: Tablestore instance 32: Tablestore table 51: ApsaraDB RDS database 52: ApsaraDB RDS table 61: self-managed database hosted on an Elastic Compute Service (ECS) instance 62: self-managed table hosted on an ECS instance 71: PolarDB-X database 72: PolarDB-X table 81: PolarDB database 82: PolarDB table 91: AnalyticDB for PostgreSQL database 92: AnalyticDB for PostgreSQL table	1
PageSize	integer	No	The number of entries to return on each page. Default value: 20.	20
CurrentPage	integer	No	The number of the page to return.	1

Response parameters

Parameter	Type	Description	Example
	object
CurrentPage	integer	The page number of the returned page.	1
RequestId	string	The ID of the request.	71064826-726F-4ADA-B879-05D8055476FB
PageSize	integer	The number of entries returned per page.	20
TotalCount	integer	The total number of queried data assets that contain sensitive data.	1
Items	array<object>	An array that consists of data assets.
Asset	object
Acl	string	The access control list (ACL) that controls the access permissions on the OSS bucket. Note This parameter is returned only when you set the parameter RangeId to 21.	private
CreationTime	long	The time when the data asset was created. Unit: milliseconds.	1536751124000
DataType	string	The data type of the data asset.	OSS_BUCKET
Owner	string	The account that owns the data asset.	dtdep-239-******
SensitiveRatio	string	The percentage of sensitive data in all data assets.	45%
Protection	boolean	Indicates whether the data protection mechanism is enabled for the data asset. The value is fixed as false. true or false is returned for this parameter only when you set the parameter RangeId to 1. false: The data protection mechanism is disabled. true: The data protection mechanism is enabled. Only data inbound is supported. Data outbound is not supported.	false
Labelsec	boolean	The sensitivity tag of the data. The value is fixed as 0. 0, 1, 2, or 3 is returned for this parameter only when you set the parameter RangeId to 1. 0: unclassified 1: confidential 2: sensitive 3: highly sensitive	0
TotalCount	integer	The total number of data assets. For example, the value can be the total number of MaxCompute projects, packages, or tables, the total number of ApsaraDB RDS databases or tables, or the total number of OSS buckets or objects.	432
RiskLevelId	long	The sensitivity level of the data asset. A higher sensitivity level indicates that the identified data is more sensitive. Valid values: 1: No sensitive data is identified. 2: sensitive data at level 1. 3: sensitive data at level 2. 3: sensitive data at level 3. 5: sensitive data at level 4. 6: sensitive data at level 5. 7: sensitive data at level 6. 8: sensitive data at level 7. 9: sensitive data at level 8. 10: sensitive data at level 9. 11: sensitive data at level 10.	2
RuleName	string	The name of the sensitive data detection rule that the data asset hits.	\\\* rule
Sensitive	boolean	Indicates whether the data asset contains sensitive data. Valid values: true: yes false: no	true
ObjectKey	string	The key value of the OSS object. Note This parameter is returned only when you set the parameter RangeId to 22.	Internal
RiskLevelName	string	The name of the sensitivity level for the data asset.	Medium sensitivity level
OdpsRiskLevelName	string	The sensitivity level of the MaxCompute data asset. Valid values: S1: low sensitivity level S2: medium sensitivity level S3: high sensitivity level S4: highest sensitivity level Note This parameter is returned only when you set the parameter RangeId to 1.	S4
ProductId	string	The ID of the service to which the data asset belongs. Valid values: 1: MaxCompute 2: OSS 3: AnalyticDB for MySQL 4: Tablestore 5: ApsaraDB RDS	5
Name	string	The name of the data asset.	gxdata
SensitiveCount	integer	The total number of sensitive data assets. For example, the value can be the total number of sensitive MaxCompute projects, packages, or tables, the total number of sensitive ApsaraDB RDS databases or tables, or the total number of sensitive OSS buckets or objects.	24
Id	string	The ID of the data asset.	268
ProductCode	string	The name of the service to which the data asset belongs.	RDS

Examples

Sample success responses

JSONformat

{
  "CurrentPage": 1,
  "RequestId": "71064826-726F-4ADA-B879-05D8055476FB",
  "PageSize": 20,
  "TotalCount": 1,
  "Items": [
    {
      "Acl": "private",
      "CreationTime": 1536751124000,
      "DataType": "OSS_BUCKET",
      "Owner": "dtdep-239-******",
      "SensitiveRatio": "45%",
      "Protection": false,
      "Labelsec": true,
      "TotalCount": 432,
      "RiskLevelId": 2,
      "RuleName": "\\*\\*\\* rule\n",
      "Sensitive": true,
      "ObjectKey": "Internal\n",
      "RiskLevelName": "Medium sensitivity level\n",
      "OdpsRiskLevelName": "S4",
      "ProductId": "5",
      "Name": "gxdata",
      "SensitiveCount": 24,
      "Id": "268",
      "ProductCode": "RDS"
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation

No change history