All Products
Search
Document Center

Data Security Center:CreateScanTask

Last Updated:Jul 07, 2026

Calls the CreateScanTask operation to create a custom scan task for detecting sensitive data in assets that have been successfully authorized for detection.

Operation description

This operation is applicable to users who want to create custom scan tasks for authorized assets. It allows users to flexibly control the interval between scan tasks and the runtime of each scan task.

QPS limit

The single-user QPS limit for this operation is 10 calls per second. If this limit is exceeded, the API calls are throttled, which may affect your business. Call this operation as appropriate.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sddp:CreateScanTask

create

*All Resource

*

  • acs:ResourceGroupId
None

Request parameters

Parameter

Type

Required

Description

Example

DataLimitId

integer

Yes

The unique ID of the data asset such as an instance, database, or bucket. You can call DescribeDataLimits to obtain the ID.

1

IntervalDay

integer

Yes

The interval in days between two consecutive custom scan tasks. Valid values: 1 to 2147483648.

1

RunHour

integer

Yes

The runtime of the next scan task. Unit: hours.

12

RunMinute

integer

Yes

The runtime of the next scan task. Unit: minutes.

30

TaskName

string

Yes

The name of the scan task.

scan-test-sample****

TaskUserName

string

No

The account that creates the scan task.

demo

OssScanPath

string

No

The scan scope for OSS assets. Prefix match, suffix match, and regular expression match are supported.

/test/test

ScanRange

integer

Yes

The scan scope matching rule for the custom scan task. This parameter takes effect only when used together with ScanRangeContent. Valid values:

  • 0: full match.

  • 1: prefix match.

  • 2: suffix match.

  • 3: regular expression match.

0

ScanRangeContent

string

Yes

The content to match within the scan scope of structured data assets by using prefix match, suffix match, or regular expression match.

Note

When ScanRange is set to 0, all content in this field is fully matched. When ScanRange is set to 1, the content in this field is matched by prefix. For example, if this field is set to test/abc, file paths that start with test/abc are matched. When ScanRange is set to 2, the content in this field is matched by suffix. When ScanRange is set to 3, the content in this field is matched by regular expression.

datamask/

ResourceType

integer

Yes

The resource type of the product to query. Valid values:

  • 1: MaxCompute.

  • 2: OSS.

  • 3: ADS.

  • 4: OTS.

  • 5: RDS.

  • 6: SELF_DB.

2

SourceIp

string

No

This parameter is deprecated.

106.11.XX.XX

FeatureType

integer

No

This parameter is deprecated.

1

Lang

string

No

The language of the request and response. Valid values:

  • zh: Chinese.

  • en: English.

zh

Response elements

Element

Type

Description

Example

object

Id

integer

The resource ID of the custom scan task.

100

RequestId

string

The request ID.

B1F2BB1F-04EC-5D36-B136-B4DE17FD8DE0

Examples

Success response

JSON format

{
  "Id": 100,
  "RequestId": "B1F2BB1F-04EC-5D36-B136-B4DE17FD8DE0"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.