Data Security Center (DSC) enforces the following quotas and constraints across its modules. Review these limits before designing your data security workflows to avoid unexpected behavior.
Free tier
Redis authorization does not consume your authorized quota. Only baseline checks are supported for Redis. For more information, see Manage authorizations.
Purchasing a paid edition of DSC includes free resources. For more information, see Billing overview.
Specification limits
Asset Center
| Constraint | Limit |
|---|---|
| Maximum database credentials | 500 |
| Asset synchronization frequency | Auto-synced daily. Manual sync is allowed once every 5 minutes. |
Data classification and categorization
Detection templates and models
| Constraint | Limit |
|---|---|
| Maximum custom detection templates | 10 |
| Maximum enabled templates | 3 |
| Maximum primary templates among enabled templates | 1 |
| Maximum detection models in a single template | 1,000 |
| Maximum templates applied to a single detection task | 2 |
Detection tasks
| Constraint | Limit |
|---|---|
| Maximum authorized databases for detection | 5,000 |
| Maximum concurrent databases scanned in a detection task | 2 |
| Maximum concurrent tables scanned in a single database | 4 |
| Maximum custom active detection tasks | 5 (active = Not Started, Scanning, Paused, or Completed for auto-triggered tasks) |
| Maximum files in a single-file detection scan | 50 |
| Detection duration for the aggregate data dashboard (Asset Overview and data domains) | 1 day |
Sampling defaults
| Constraint | Default | Range |
|---|---|---|
| Data entries sampled per detection task (relational databases) | 10 | — |
| Data entries sampled per model (unstructured data) | 10 | — |
| Max rows scanned per table in a detection task | 200 | 1–1,000 |
| Max file size scanned in a detection task | 200 MB | 1 MB–1,000 MB |
| Documents detected in a single MongoDB database | 10,000 | — |
Compressed and archived files
| Constraint | Limit |
|---|---|
| Maximum sub-files scanned within a single compressed or archived file | 1,000 |
| Directory depth limit within compressed files | None |
Export tasks
| Constraint | Limit |
|---|---|
| Maximum export tasks per day | 30 |
| Maximum concurrent export tasks (Exporting state) | 3 |
| Maximum data entries in a single export task | 1,000,000 |
| Maximum samples in a single export task | 5 |
| Maximum sample size per model | 64 KB |
| Maximum samples per model | 10 |
| Maximum length of each sample | 100 characters |
Image masking
| Constraint | Limit |
|---|---|
| Supported image types | PNG, JPG, JPEG, BMP, WEBP, PDF |
| Maximum image file size | 10 MB |
| Unsupported regions | Alibaba Gov Cloud and Alibaba Finance Cloud |
Detection and Response
| Constraint | Limit |
|---|---|
| Maximum leaked intelligence entries (manual entry) | 10,000 |
| Maximum file size for batch import of leaked intelligence | 10 MB |
| Detection duration for plaintext credential storage events | 1 day |
| Detection duration for public storage of sensitive information | 1 day |
| Detection duration for AccessKey pair access to bucket statistics | 1 day |
| Retention period for data in the access tracing graph | 7 days |
Detection duration limits indicate how far back DSC scans when calculating statistics or detecting events. Data outside these windows is not included in results.
Column encryption
| Constraint | Limit |
|---|---|
| Detection duration for total and sensitive column statistics | 5 minutes |
| Detection duration for account quantity statistics | 5 minutes |
Data Audit
| Constraint | Limit |
|---|---|
| Minimum online storage period for log archiving | 7 days |
| Audit alert notification period | Within 15 minutes |
| Effective period for custom rule or whitelist changes | 1–3 minutes |
| Maximum PrivateLink traffic collection bandwidth (agent-reported) | 300 MB |
| Effective period for enabling or disabling an audited asset (first log report latency) | 5 minutes |
| Collection period for MaxCompute audit logs | T+1 |
| Detection duration for log storage capacity calculation | 1 day |
Report Center
| Constraint | Limit |
|---|---|
| Maximum reports exported per day | 60 |
| Maximum detection duration for hourly statistics in daily reports | 2 hours |
Alert Notifications
| Constraint | Limit |
|---|---|
| Total verification codes sent to different email addresses and phone numbers per day | 20 |
| Total verification codes sent to the same email address or phone number | 100 |
| Notifications per day per channel (email, SMS, and voice call) | 0–10 |
| Notifications per day per channel (DingTalk and Lark robots) | 0–100 |
Feature limits
For limits on specific features, see the following topics:
Supported file types for detection — OSS file types supported for detection
Supported database types — Supported data asset types
Supported sensitive data types — Supported sensitive data types for detection
Built-in detection templates — Supported industry-specific templates for detection
Built-in audit policies — View built-in audit policies
Data masking algorithms — Supported data masking algorithms