After you activate Sensitive Data Discovery and Protection (SDDP), it automatically scans your data stored in MaxCompute, Relational Database Service (RDS), or Object Storage Service (OSS) for sensitive data, and marks the sensitive data with risk levels. You can check the overall risks and details of the sensitive data in the SDDP console.


  • At least one of the MaxCompute, RDS, OSS, Distributed Relational Database Service (DRDS), and Apsara PolarDB services is activated.
  • A data source is created in the activated MaxCompute, RDS, OSS, DRDS, or Apsara PolarDB service to make sure that SDDP has data to scan. You can follow these instructions to create a data source based on business needs:
    • Create a project in MaxCompute and import data to the project for SDDP to scan.

      For more information, see Create a project.

    • Create a database for an RDS instance.

      For more information, see Create a database.

    • Create a bucket in OSS and upload objects to the bucket.

      For more information, see OSS topics Create buckets and Upload objects.

    • Create a database for a DRDS instance.
    • Create an Apsara PolarDB cluster.

      For more information, see Create a PolarDB MySQL cluster.


  1. Activate SDDP.
    After you activate SDDP, it automatically scans for sensitive data in your data assets on the cloud, including existing data and any new data that is generated from now on.
  2. Authorize SDDP to access your assets in cloud services such as MaxCompute, RDS, and OSS. For more information, see Grant access to data assets.
    SDDP must be authorized to access your cloud assets before it can scan for sensitive data in the assets.
  3. Configure sensitive data detection rules.
    SDDP identifies sensitive data in files or tables and generates alerts based on sensitive data detection rules. SDDP provides a bunch of built-in rules, which can be used immediately after SDDP is activated without any configuration. If the built-in rules cannot meet your requirements, you can customize rules based on your business needs. For more information, see Create a custom rule.
  4. View the sensitive data identified by SDDP and relevant statistics.
  5. Process anomalous events that are detected or de-identify sensitive data.
    For more information about how to de-identify sensitive data, see Perform static de-identification.