All Products
Search

This Product

    Data Security Center:Credential management

    Document Center

    Data Security Center:Credential management

    Last Updated:Aug 13, 2024

    A credential is the username and password that you use to connect to a database in the Data Security Center (DSC) console. The credential management feature of DSC allows you to manage the credentials used to connect to databases and associate the credentials with the databases.

    Credential usage notes

    • Isolate credentials: We recommend that you separate the credentials used to connect to databases in the DSC console from the credentials used by your business system.

    • Follow the principle of least privilege: We recommend that you do not use the privileged account with the highest permissions. Instead, we recommend that you use an account with read and write permissions (DML-only permissions) only when you need to de-identify data in the desired database. In other scenarios, use a read-only account.

    • Keep the password properly: After you add a credential, the password of the credential becomes invisible. To ensure security, DSC stores the password of the credential in an encrypted manner. You cannot retrieve the password from DSC. Keep the password properly. DSC uses this password only when it accesses the corresponding database and does not use it for other purposes.

    • Configure a complex password: Configure a complex password that meets the following requirements:

      • The password must be at least eight characters in length.

      • The password must contain at least three of the following character types:

        • Uppercase letters

        • Lowercase letters

        • Digits

        • Special characters (~, !, @, $, %, ^, &, *, -, _, =, +, #, /, and ?)

      • The password cannot be the username or the username in reverse order.

    Add a credential

    You can create a credential when you connect to a database by using a username and a password. You can also add a credential on the Credential Management tab. This section describes how to add a credential on the Credential Management tab.

    1. Log on to the DSC console.

    2. In the left-side navigation pane, choose Asset Center > Authorization Management.

    3. On the Authorization Management tab, click the Credential Management tab. Then click Add Credential.

    4. In the Add Credential dialog box, set the parameters and click OK.

      Parameter

      Description

      Credential Name

      The name of the credential. The name must be unique.

      Asset Type

      The type of the asset to which the credential is applied.

      Username

      The username that is used to connect to the database.

      Password

      The password that is used to connect to the database.

      Credential Type

      The type of permissions owned by the credential.

      The permission type selected here only identifies the type of permissions owned by the credential. For more information about the permissions of the credential, visit the corresponding database account management page. Set this parameter based on the database access permissions that the credential has.

    5. Perform the following operations to associate the credential with an asset:

      1. Find the required credential and click Associate Asset in the Actions column. In the Associate Asset panel, select the database with which you want to associate the credential and click Associate.

      2. In the Tips message, the message Do you want to scan sensitive data in new data assets? is displayed. Select OK or Cancel based on your business requirements.

        After you perform the association operation, DSC automatically connects to the database. If an asset is associated and the connection status of the database is Connected, DSC creates a default data identification task for each database connected to the asset. DSC performs the following operations based on your selections in the Tips message:

        • OK: DSC immediately creates and runs the default identification tasks.

        • Cancel: DSC only creates but not run the default data identification tasks. To run the default data identification tasks, you must manually run them on the Data Insights > Tasks page.

      3. Click OK.

    Modify a credential

    To modify the name, username, password, or credential type of a credential, find the required credential on the Credential Management tab and click Edit in the Actions column.

    After the credential is modified, DSC immediately uses the modified credential to connect to databases. On the Authorization Management tab, you can view the connection status of databases.

    Delete a credential

    Before you delete a credential, you must disassociate the credential from databases.

    1. Log on to the DSC console.

    2. In the left-side navigation pane, choose Asset Center > Authorization Management.

    3. On the Authorization Management tab, click the Credential Management tab, find the required credential, and then click Associate Asset in the Actions column.

    4. Click Associated, select all associated databases, and then click Disassociate.

      image

    5. On the Credential Management tab, find the credential that you want to delete and click Delete in the Actions column.

      If the connection status of the databases associated with the credential is Connected, the credential cannot be deleted.

    References