Queries the access records of the risky sensitive data in all DataWorks workspaces of a tenant on a specified date.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes GetOpRiskData

The operation that you want to perform.

Date String Yes 20210221

The date on which the access records were queried. Specify the value in the yyyyMMdd format.

PageNo Integer Yes 1

The number of the page to return. Minimum value: 1.

PageSize Integer Yes 100

The number of entries to return on each page. Maximum value: 1000.

RegionId String Yes cn-shenzhen

The region ID. For example, the ID of the China (Shanghai) region is cn-shanghai, and that of the China (Zhangjiakou) region is cn-zhangjiakou. The system automatically determines the value of this parameter based on the endpoint used to call the operation.

Name String No [ {"dbType":"hologres","instanceName":"ABC","databaseName":"abc"}, {"dbType":"ODPS.ODPS","projectName":"adbc"} ]

The parameters that you can specify to query the access records. Valid values:

  • dbType: the data type
  • instanceName: the name of the instance
  • databaseName: the name of the database
  • projectName: the name of the workspace
  • clusterName: the name of the cluster

The following example shows the parameters configured to query the access records of the sensitive data in the abc database of the ABC Hologres instance:

{"dbType":"hologres","instanceName":"ABC","databaseName":"abc"}

You must specify the parameters based on the compute engine that you use in your business.

RiskType String No Manual identification

The method that you use to identify risks.

  • You can manually identify risks.
  • You can also use a risk rule to identify risks. You can go to the DataWorks console to obtain the name of the risk rule on the Custom Identification Rules page of Data Security Guard.

Response parameters

Parameter Type Example Description
RequestId String 0000-ABCD-EFG****

The ID of the request.

RiskData String { "opRiskDatas": [ { "riskType": "Level dimension, EMR compute engine dimension, workspace dimension, operational data of the EMR compute engine and workspace dimensions, export method dimension, and EMR compute engine", "opTime": "2021-01-04 23:39:13", "opType": "SQL_SELECT", "opAccount": "user", "sensType": "Email address/Name/Phone number", "sql": "SELECT * FROM default.jiade_1219_test_create LIMIT 20" } ], "totalCount": 499 }

The information of the risky sensitive data returned. The information includes totalCount and opRiskDatas.

opRiskDatas includes the following parameters:

  • sensType: the type of the sensitive data
  • sensLevel: the sensitivity level of the sensitive data
  • opType: the type of the operation
  • sql: the SQL statement that is executed
  • opAccount: the account that is used to perform the operation
  • opTime: the time when the operation was performed

Examples

Sample requests

http(s)://[Endpoint]/?Action=GetOpRiskData
&Date=20210221
&PageNo=1
&PageSize=100
&RegionId=cn-shenzhen
&<Common request parameters>

Sample success responses

XML format

<RequestId>0000-ABCD-EFG****</RequestId>
{     "opRiskDatas": [       {         "riskType": "Level dimension, EMR compute engine dimension, workspace dimension, operational data of the EMR compute engine and workspace dimensions, export method dimension, and EMR compute engine",         "opTime": "2021-01-04 23:39:13",         "opType": "SQL_SELECT",         "opAccount": "user",         "sensType": "Email address/Name/Phone number",         "sql": "SELECT * FROM default.jiade_1219_test_create LIMIT 20"       }     ],     "totalCount": 499   }</RiskData>

JSON format

{
    "RequestId": "0000-ABCD-EFG****",
    "RiskData": "{     \"opRiskDatas\": [       {         \"riskType\": \"Level dimension, EMR compute engine dimension, workspace dimension, operational data of the EMR compute engine and workspace dimensions, export method dimension, and EMR compute engine\",         \"opTime\": \"2021-01-04 23:39:13\",         \"opType\": \"SQL_SELECT\",         \"opAccount\": \"user\",         \"sensType\": \"Email address/Name/Phone number\",         \"sql\": \"SELECT * FROM default.jiade_1219_test_create LIMIT 20\"       }     ],     \"totalCount\": 499   }"
}

Error codes

Http status code Error code Error message Description
403 Forbidden.NoTenant The tenant information cannot be obtained using user ID. The error message returned because the tenant information cannot be obtained.
400 Invalid.Param The request parameter is invalid. The error message returned because one or more request parameters are invalid.
500 InternalError.DQC.BizError An internal error occurred. The error message returned because an internal server error has occurred.

For a list of error codes, visit the API Error Center.