Authorize SDDP to access Alibaba Cloud resources

Procedure

1. Log on to the SDDP console.
2. On the Overview page, click Authorize Now.
   After you click Authorize Now, Alibaba Cloud automatically creates the service linked role AliyunServiceRoleForSDDP for you. It is a Resource Access Management (RAM) role that only SDDP can assume. You can view the created service linked role on the RAM Roles page of the RAM console. You can also retrieve a list of created service linked roles by using the API or CLI to call the ListRoles operation. For more information, see Service linked roles.

   After you authorize SDDP to access Alibaba Cloud resources, you must grant SDDP the access to specific data assets before SDDP can scan the data assets for sensitive data and analyze the detected sensitive data. For more information, see Grant access to data assets.

Service linked role for SDDP

Role name: AliyunServiceRoleForSDDP

Policy name: AliyunServiceRolePolicyForSDDP

Delete the AliyunServiceRoleForSDDP role

If you no longer need to use SDDP, you can delete the AliyunServiceRoleForSDDP role in the RAM console. For more information, see Service linked roles.

Usage notes

Do not confuse the operation of authorizing SDDP to access Alibaba Cloud resources with the operation of granting access to data assets. The former operation authorizes SDDP to access other data services of Alibaba Cloud, whereas the latter operation authorizes SDDP to access specific data assets in these data services. After you authorize SDDP to access Alibaba Cloud resources, you must grant SDDP the access to specific data assets before SDDP can scan the data assets for sensitive data and analyze the detected sensitive data. For more information, see Grant access to data assets.