Before you use Data Security Center (DSC) to check the data security of Alibaba Cloud resources, you must authorize DSC to access Alibaba Cloud resources. This topic describes how to authorize DSC to access Alibaba Cloud resources.
Prerequisites
The free edition of DSC is activated or a paid edition of DSC is purchased. For more information, see Activate the free edition of DSC or Purchase DSC.
Background information
The first time you log on to the DSC console after you activate DSC, you are prompted to authorize DSC to access Alibaba Cloud resources on the Overview page. After the authorization is complete, DSC can access Alibaba Cloud resources such as Object Storage Service (OSS), ApsaraDB RDS, and MaxCompute. DSC can also scan the Alibaba Cloud resources for sensitive data and analyze the detected sensitive data.
Procedure
- Log on to the DSC console.
On the Welcome page, click Authorize Now.
Then, Alibaba Cloud automatically creates the AliyunServiceRoleForSDDP service-linked role for DSC. You can view the service-linked role on the Roles page of the Resource Access Management (RAM) console. You can also call the ListRoles operation by using OpenAPI Explorer or a CLI to view the service-linked role for DSC in the response. For more information, see Service-linked roles.
After you authorize DSC to access Alibaba Cloud resources, you must authorize DSC to access specific data assets in the resources. This allows DSC to scan the Alibaba Cloud resources for sensitive data and analyze the detected sensitive data. For more information, see Asset authorization.
Service-linked role for DSC
Role name:
AliyunServiceRoleForSDDP.Policy attached to the role:
AliyunServiceRolePolicyForSDDP.Policy description: DSC assumes the role for DSC to access Alibaba Cloud resources.
Policy content:
For more information about the policy content, see AliyunServiceRolePolicyForSDDP.
For more information about policy elements, see Policy elements.
Delete a service-linked role
If you no longer use DSC, you can delete the service-linked role for DSC. You can log on to the RAM console and delete the AliyunServiceRoleForSDDP service-linked role. For more information, see Service-linked roles.
Asset authorization description
Do not confuse the operation that authorizes DSC to access Alibaba Cloud resources with the operation that authorizes DSC to access data assets. The former operation authorizes DSC to access other Alibaba Cloud services. The latter operation authorizes DSC to access specific data assets in the Alibaba Cloud services. After you authorize DSC to access Alibaba Cloud resources, you must authorize DSC to access data assets in the resources. This allows DSC to scan the Alibaba Cloud resources for sensitive data and analyze the detected sensitive data. For more information, see Asset authorization.