All Products
Search

This Product

    Data Management:IP address whitelists

    Document Center

    Data Management:IP address whitelists

    Last Updated:Mar 30, 2026

    Data Management (DMS) provides the IP address whitelist feature for enhanced access control. This feature allows enterprises to restrict DMS access to authorized users within trusted network environments. When enabled, only users connecting from whitelisted IP addresses can access DMS.

    How it works

    After DMS is activated, the IP address whitelist feature is enabled by default with the value 0.0.0.0/0, which allows access from all IP addresses. To enforce IP-based access control, add your authorized IP addresses or CIDR blocks to the whitelist, and then delete the 0.0.0.0/0 entry. Users cannot access DMS from the IP addresses that are not added to the whitelists.

    Important

    The default 0.0.0.0/0 entry allows all IP addresses. Adding new whitelist entries does not automatically remove 0.0.0.0/0. You must manually delete it to restrict access.

    DMS provides two additional security layers regardless of whitelist configuration:

    • Users must authenticate with a valid Alibaba Cloud account and password.

    • Enterprise users cannot access effective user data in DMS Enterprise unless their Alibaba Cloud account or Resource Access Management (RAM) user is registered with DMS Enterprise.

    Use cases

    IP address whitelists work best in enterprise networks with static public outbound IP addresses. Add these addresses to restrict DMS access to authorized network locations.

    You can contact technical support to configure outbound IP addresses of your enterprise network.

    Go to the Access IP Whitelists page

    1. Log on to the DMS console V5.0.

    2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All Features > Security and Disaster Recovery (former DBS) > Access IP Whitelists.

    Note

    If you use the DMS console in normal mode, choose Security and Disaster Recovery (former DBS) > Access IP Whitelists in the top navigation bar.

    Manage IP address whitelists

    Note

    Adding or changing IP addresses in the whitelist does not take effect in real time. Changes take up to five minutes to take effect.

    Create a whitelist

    1. On the Access IP Whitelists page, click Create Whitelist.

    2. In the Add IP Whitelist dialog box, configure the following parameters:

      ParameterDescription
      IP AddressesOne or more IP addresses or CIDR blocks. Separate multiple entries with semicolons (;).
      DescriptionA note to identify the whitelist, such as the office location or team name.

    3. Click Submit.

    Edit a whitelist

    1. On the Access IP Whitelists page, find the whitelist and click Edit in the Actions column.

    2. In the Change IP Whitelist dialog box, modify the IP Addresses or Description parameter.

    3. Click Submit.

    Delete a whitelist

    1. On the Access IP Whitelists page, find the whitelist and click Delete in the Actions column.

    2. In the Prompt message, click OK.

    Note

    At least one whitelist entry must exist. You cannot delete the last remaining entry.

    Whitelist operations

    Enable or disable the feature

    On the Access IP Whitelists page:

    • To disable the feature, click Click to Close. All IP addresses are allowed and existing whitelist entries are preserved but not enforced.

    • To enable the feature, click Click to Open. Only whitelisted IP addresses can access DMS.

    Enable and disable

    FAQ

    How do I access DMS from home when IP whitelists are configured?

    If your company provides a VPN, connect through the VPN. Because the VPN routes traffic through the corporate network, DMS sees the office outbound IP and no whitelist change is needed.

    Without a VPN, ask the DMS administrator to add your home IP address to the whitelist.

    How do I handle multiple office branches with different IP addresses?

    Add the outbound IP addresses of each branch to the whitelist. Use the Description field to label each entry by branch for easier management.

    How do I revoke temporary access for an IP address?

    Remove the IP address from the whitelist to revoke access.

    What do I do if the enterprise IP address changes after a power outage?

    If the new IP address is not whitelisted and you cannot access the DMS console:

    1. Submit a ticket to Alibaba Cloud with the ID of the Alibaba Cloud account that activated DMS Enterprise.

    2. Log on to the DMS console and submit a ticket to request disabling the IP address whitelist feature.

    3. After the feature is disabled, a DMS administrator can log on and update the whitelist entries with the new IP addresses.

    In a future release, a DMS administrator will be able to disable the feature through Short Message Service (SMS) verification and then update the entries directly.

    Does the default 0.0.0.0/0 setting create a security risk?

    No security risks exist because DMS Enterprise provides two additional security assurances. After the IP address whitelist feature is enabled, you can add the specified IP addresses to a whitelist or disable the IP address whitelist feature as a DMS administrator based on your business requirements. The following two additional security assurances are provided:

    • Users can access DMS only by using a valid Alibaba Cloud account and password.

    • Enterprise users cannot access effective user data in DMS Enterprise by using an Alibaba Cloud account or a Resource Access Management (RAM) user if these accounts are not registered with DMS Enterprise.

    What do I do if I get an "Access Denied" error?

    Your IP address is not on the whitelist. Contact the administrator to add your IP address to the IP address whitelist, or disable the IP address whitelist feature as prompted.