Data Security Center:Authorize DSC to access cloud resources

Prerequisites

Before you begin, ensure that you have:

• An activated DSC instance: Activate the free edition or purchase a paid edition

How authorization works

DSC uses a service-linked role to access your Alibaba Cloud resources. A service-linked role makes authorization straightforward — DSC defines and manages the permissions automatically, so you don't have to configure them manually.

Once authorized, DSC can access resources such as Object Storage Service (OSS), ApsaraDB RDS, and MaxCompute to scan for and analyze sensitive data.

Authorize DSC

1. Log on to the DSC console.

2. In the RAM-based Authorization dialog box on the Overview page, click Authorize.

   Alibaba Cloud automatically creates the AliyunServiceRoleForSDDP service-linked role for DSC. To verify, go to the Roles page in the RAM console, or call the ListRoles operation using OpenAPI Explorer or the CLI. For more information, see Service-linked roles.

Service-linked role for DSC

For the full policy document, see AliyunServiceRolePolicyForSDDP. For a description of policy elements, see Policy elements.

Delete the service-linked role

If you stop using DSC and want to remove its permissions, delete the AliyunServiceRoleForSDDP role in the RAM console.

For detailed steps, see Service-linked roles.

What's next

This authorization grants DSC access to Alibaba Cloud services at the service level. To scan specific data assets — such as individual OSS buckets or RDS databases — complete asset authorization. See Asset authorization.