Before you use Sensitive Data Discovery and Protection (SDDP), you must authorize SDDP to access Alibaba Cloud resources. This topic describes how to authorize SDDP to access Alibaba Cloud resources.

Prerequisites

SDDP is activated.

Background information

When you log on to the SDDP console for the first time after you activate SDDP, the Overview page displays a wizard for you to authorize SDDP to access Alibaba Cloud resources and then your specific data assets. SDDP can only access Alibaba Cloud services, such as Object Storage Service (OSS), Relational Database Service (RDS), and MaxCompute, and scan your data assets for sensitive data after the authorization is complete.

Procedure

  1. Log on to the SDDP console.
  2. On the Overview page, click Authorize Now.
    After you click Authorize Now, Alibaba Cloud automatically creates the service linked role AliyunServiceRoleForSDDP for you. It is a Resource Access Management (RAM) role that only SDDP can assume. You can view the created service linked role on the RAM Roles page of the RAM console. You can also retrieve a list of created service linked roles by using the API or CLI to call the ListRoles operation. For more information, see Service linked roles.

    After you authorize SDDP to access Alibaba Cloud resources, you must grant SDDP the access to specific data assets before SDDP can scan the data assets for sensitive data and analyze the detected sensitive data. For more information, see Grant access to data assets.

Service linked role for SDDP

Role name: AliyunServiceRoleForSDDP

Policy name: AliyunServiceRolePolicyForSDDP

Delete the AliyunServiceRoleForSDDP role

If you no longer need to use SDDP, you can delete the AliyunServiceRoleForSDDP role in the RAM console. For more information, see Service linked roles.

Usage notes

Do not confuse the operation of authorizing SDDP to access Alibaba Cloud resources with the operation of granting access to data assets. The former operation authorizes SDDP to access other data services of Alibaba Cloud, whereas the latter operation authorizes SDDP to access specific data assets in these data services. After you authorize SDDP to access Alibaba Cloud resources, you must grant SDDP the access to specific data assets before SDDP can scan the data assets for sensitive data and analyze the detected sensitive data. For more information, see Grant access to data assets.