All Products
Search

This Product

    DataWorks:Sensitive data access

    Document Center

    DataWorks:Sensitive data access

    Last Updated:Nov 20, 2025

    The sensitive data access feature facilitates compliance audits for data access by recording the details of every access to sensitive data. The records include key information, such as the operation time, operator, and operation content. This provides security administrators with comprehensive audit tracking capabilities to evaluate and track each access event. This ensures that data access activities comply with your organization's security policies and compliance requirements. This topic describes the sensitive data access feature in detail.

    Limitations

    • Applicable users: This feature is available to users who have activated DataWorks Standard, Professional, or Enterprise Edition and have selected the new data security features in Security Center.

    • Supported regions: China (Hangzhou), China (Shanghai), China (Beijing), China (Shenzhen), and China (Chengdu).

    • Supported compute engine: MaxCompute.

    Prerequisites

    • The Alibaba Cloud account or a RAM user that you use must meet one of the following conditions:

      • The Alibaba Cloud account or RAM user is attached with the AliyunDataWorksFullAccess policy.

      • The Alibaba Cloud account or RAM user is assigned the tenant security administrator role of DataWorks.

      • The Alibaba Cloud account or RAM user is assigned the tenant administrator role of DataWorks.

    • You have completed the instructions in New user guide.

    View sensitive data access records

    Important

    Sensitive data refers to the results that are identified by detection tasks in Sensitive Data Protection > Data classification grading. These records are subject to a one-day delay.

    1. Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose Data Governance > Security Center. On the page that appears, click Go to Security Center.

    2. In the navigation pane on the left, choose Audit > Sensitive Data Access.

    3. Select the MaxCompute or Hologres tab to view the corresponding sensitive data access records.

      • On the page, click the Details button to view the details of a sensitive data access event.

      • You can filter access records by Involved data types and Operation time. Then, click the Export Tasks button to export the records.

        Field

        Description

        Time

        The date and time when the operator accessed the sensitive data.

        Operator

        The account information used by the operator in the event. This can be the logon account, or the RAM user or Alibaba Cloud account specified as the default access identity for the data source.

        Operation Type

        The type of operation performed by the operator on the sensitive data.

        Involving data types

        The types of sensitive data included in the access event.

        Type of behavior

        The behavior type. Valid values: System Behavior and User Behavior. Data sampling performed by a sensitive data detection task is a System Behavior.

        Operation

        View the SQL statement that the operator executed in the event.