Home PageData Security CenterData Security CenterSupportFAQData asset authorization
Search for Help Content

Data asset authorization

Updated at: 2025-01-24 06:54
Product
Community

This topic provides answers to some frequently asked questions about asset authorization.

Possible causes of authorization failures

When you authorize Data Security Center (DSC) to access MaxCompute, ApsaraDB RDS, and Object Storage Service (OSS), the authorization may fail. You can refer to the following causes to troubleshoot authorization issues.

What are the possible causes for the failure to authorize DSC to access ApsaraDB RDS?

  • The username or password for accessing the ApsaraDB RDS database is invalid.

  • The service IP addresses of DSC are deleted from the whitelist of the ApsaraDB RDS database.

  • The ApsaraDB RDS database resides on the classic network, but the public endpoint of the ApsaraDB RDS database is inaccessible due to access control.

What are the possible causes for the failure to authorize DSC to access MaxCompute?

  • The name of the MaxCompute project is invalid.

  • The DSC account fails to be added to the MaxCompute project.

Are all assets within the current account added to data domains?

No, only the assets that DSC is authorized to access within the account are added to data domains.Data Security Center (DSC) For more information, see Configure data domains to manage assets.

Can I authorize DSC to access self-managed databases?

  • You can authorize DSC to access self-managed databases that are hosted on Elastic Compute Service (ECS) instances and reside in a virtual private cloud (VPC).

  • The database types must be MySQL, SQL Server, and Oracle.

For more information, see Authorize DSC to access a self-managed database hosted on an ECS instance.

Does DSC support China South 1 Finance?

No, DSC does not support China South 1 Finance. For more information about the regions that are supported by DSC, see Supported regions.

Does DSC support regions outside the Chinese mainland?

Yes, DSC supports regions outside the Chinese mainland. DSC supports the Singapore, Malaysia (Kuala Lumpur), and Indonesia (Jakarta) regions.

How do I define an instance when I connect an ApsaraDB for OceanBase database in Oracle tenant mode to DSC?

An ApsaraDB for OceanBase cluster is an instance.

After you purchase the storage protection capacity, which assets are eligible for protection?

The storage protection capacity is the total data capacity that DSC is authorized to access within OSS and Simple Log Service.

You can enable only the data identification feature for the data in Simple Log Service that you authorize DSC to access. For DSC Enterprise Edition, the storage protection capacity is deducted based on 50% of the size of data in Simple Log Service for which DSC is authorized to access. For example, if the size of the data in Simple Log Service is 1,000 GB, you can set the Storage Protection Capacity parameter to 500 GB when you purchase DSC Enterprise Edition.

What are the prerequisites that must be met before I grant DSC the permissions to access specific assets in the DSC console?

  1. The free edition of DSC is activated or a paid edition of DSC is purchased. For more information, see Activate the free edition of DSC or Purchase DSC.

  2. DSC is authorized to access cloud services. For more information, see Authorize DSC to access Alibaba Cloud resources.

  3. Make sure that your database type is supported by DSC.

    • For more information about the supported database types, see Supported data asset types. Supported database types: ApsaraDB RDS, PolarDB, PolarDB-X, Tair (Redis OSS-compatible), ApsaraDB for MongoDB, ApsaraDB for OceanBase, Tablestore, AnalyticDB for MySQL, and AnalyticDB for PostgreSQL.

    • If you want to grant permissions on self-managed databases hosted on an ECS instance, only the self-managed databases that are deployed in VPC networks and run MySQL, SQL Server, or Oracle are supported. Before authorization, you must specify the CIDR blocks that DSC is allowed to access based on the region in which your databases reside and grant DSC the permissions to use a specific database user to access databases. For more information, see Authorize DSC to access a self-managed database hosted on an ECS instance.

  4. Assets are synchronized.

    • The first time you log on to the DSC console, DSC automatically synchronizes assets in the cloud. DSC automatically synchronizes the new assets to the unauthorized asset lists at 00:00 every day. If you want to authorize DSC to access the assets that are created on the current day, you must manually synchronize the assets.

What do I do if I fail to select a specific database instance in the DSC console during authorization?

Troubleshooting item

Troubleshooting content

Solution

Troubleshooting item

Troubleshooting content

Solution

Database type

The supported database types include MySQL, SQL Server, and Oracle. Make sure that your database type is supported.

For more information, see Supported data assets.

Instance status

Make sure that the database instance is in the running state and is displayed in the DSC console.

  • If the database instance is not in the running state, run the instance in the corresponding console.

  • If the database instance is not displayed in the DSC console, you can manually synchronize assets. For more information, see Authorize DSC to access databases.

Region setting

Make sure that the region you select is the region in which the database instance resides. Specify the CIDR blocks that DSC is allowed to access based on the region in which your database instance resides.

In the upper-left corner of the DSC console, select Chinese Mainland or Outside Chinese Mainland based on the region in which your database instance resides.

For more information about the regions inside and outside the Chinese mainland, see Supported regions.

Asset synchronization

If the database instance is newly created, you may need to manually synchronize the instance in the DSC console.

For more information, see Authorize DSC to access databases.

Permission setting

Check whether the Resource Access Management (RAM) policy contains the required permissions on the database instance. Make sure that the RAM user or RAM role has the permissions to access and manage the database instance.

Modify the policy of the RAM user or RAM role. For more information, see Policy management.

Network setting

Make sure that DSC is allowed to access the CIDR blocks of the database instance. If the database instance resides in a VPC network, make sure that the security group rules of the instance allow DSC to access the CIDR blocks of the instance.

Modify the network settings of the database instance. For more information about how to configure the network settings of an ApsaraDB RDS for MySQL instance, see Database connection.

When I synchronize the assets of an RDS instance in the DSC console, I receive a message indicating that no databases are created on the RDS instance. I create databases, but when I synchronize the assets again, I still receive the same message. Why?

A specific amount of time is required to synchronize the data of a new database. You can wait for a period of time and then refresh the page.

Can I upgrade the free edition of DSC when the authorization quota is insufficient?

No, you cannot upgrade the free edition of DSC when the authorization quota is insufficient.

You cannot upgrade or renew DSC Free Edition. If the free resource specifications cannot meet your business requirements, we recommend that you purchase DSC to ensure continuous data security. For more information, see Purchase DSC.

References

Grant access to data assets

Previous: Data securityNext: Sensitive data scanning and identification
  • On this page (1, T)
  • Possible causes of authorization failures
  • What are the possible causes for the failure to authorize DSC to access ApsaraDB RDS?
  • What are the possible causes for the failure to authorize DSC to access MaxCompute?
  • Are all assets within the current account added to data domains?
  • Can I authorize DSC to access self-managed databases?
  • Does DSC support China South 1 Finance?
  • Does DSC support regions outside the Chinese mainland?
  • How do I define an instance when I connect an ApsaraDB for OceanBase database in Oracle tenant mode to DSC?
  • After you purchase the storage protection capacity, which assets are eligible for protection?
  • What are the prerequisites that must be met before I grant DSC the permissions to access specific assets in the DSC console?
  • What do I do if I fail to select a specific database instance in the DSC console during authorization?
  • When I synchronize the assets of an RDS instance in the DSC console, I receive a message indicating that no databases are created on the RDS instance. I create databases, but when I synchronize the assets again, I still receive the same message. Why?
  • Can I upgrade the free edition of DSC when the authorization quota is insufficient?
  • References
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare