This topic describes the limits on instance resources for Data Security Center (DSC).
Free tier
Redis authorization does not consume your authorized quota. Currently, only baseline checks are supported. For more information, see Manage authorizations.
When you purchase a paid edition of DSC, you receive free resources. For more information, see Billing overview.
Specification limits
Module | Limit | Value |
Asset Center | Maximum number of database credentials that you can add. | 500 |
Asset synchronization (including instances, databases, and accounts). | Assets are automatically synchronized daily. You can also synchronize them manually. You can perform a manual synchronization only once every 5 minutes. | |
Data classification and categorization | Maximum number of custom detection templates that you can add. | 10 |
For relational databases, the default number of data entries to sample for a detection task. | 10 | |
For unstructured data, the default number of data entries to sample for each model. | 10 | |
Maximum total size of samples for each model. | 64 KB | |
Maximum number of samples for each model. | 10 | |
Maximum number of databases that can be authorized for detection. | 5,000 | |
Maximum number of templates that can be enabled. | 3 | |
Maximum number of primary templates among enabled templates. | 1 | |
Maximum number of detection models in a single detection template. | 1,000 | |
Maximum number of samples in a single export task. | 5 | |
Maximum number of data entries in a single export task. | 1,000,000 | |
Maximum number of export tasks per day. | 30 | |
Maximum number of concurrent export tasks (tasks in the Exporting state). | 3 | |
Maximum length of each sample in a single export task. | 100 characters | |
Maximum number of databases that can be concurrently scanned in a detection task. | 2 | |
Maximum number of data tables that can be concurrently scanned in a single database for a detection task. | 4 | |
Maximum number of sub-files that can be scanned within a single compressed or archived file in a detection task. There is no limit on the directory depth of compressed packages. | 1,000 | |
Default number of documents to detect in a single MongoDB database. | 10,000 | |
Default maximum size of a single file that can be scanned in a detection task. | Default: 200 MB. Range: 1 MB to 1,000 MB | |
Default maximum number of rows that can be scanned in a single table for a detection task. | Default: 200. Range: 1 to 1,000 | |
Maximum number of custom active detection tasks. Active tasks are tasks in the Not Started, Scanning, Paused, or Completed (for auto triggered tasks) state. | 5 | |
Maximum number of templates that can be applied to a single detection task. | 2 | |
Maximum number of files supported in a single-file detection scan. | 50 | |
Detection duration for the aggregate data dashboard in Asset Overview and data domains. | 1 day | |
Image masking | Region limits. | Alibaba Gov Cloud and Alibaba Finance Cloud are not supported. |
Supported image types. |
| |
Maximum size of a single image file. | 10 MB | |
Detection and Response | Maximum number of leaked intelligence entries that can be manually entered. | 10,000 |
Maximum size of a file for batch import of leaked intelligence. | 10 MB | |
Detection duration for events of plaintext credential storage and public storage of sensitive information. | 1 day | |
Detection duration for statistics on AccessKey pair access to buckets. | 1 day | |
Retention period for data in the access tracing graph. | 7 days | |
Column encryption | Detection duration for statistics on the total number of columns and sensitive columns. | 5 minutes |
Detection duration for account quantity statistics. | 5 minutes | |
Data Audit | For log archiving, the minimum online storage period. | 7 days |
Audit alert notification period. | Within 15 minutes | |
Effective period for changes to custom rules or whitelists. | 1 to 3 minutes | |
Maximum bandwidth for PrivateLink traffic collection (traffic reported by the agent). | 300 MB | |
Effective period for enabling or disabling an audited asset (latency for the first log report). | 5 minutes | |
Collection period for MaxCompute audit logs. | T+1 | |
Detection duration for calculating log storage capacity. | 1 day | |
Report Center | Maximum number of reports that can be exported per day. | 60 |
For daily reports, the maximum detection duration for hourly statistics. | 2 hours | |
Alert Notifications | Total number of verification codes that can be sent to different email addresses and phone numbers per day. | 20 |
Total number of verification codes that can be sent to the same email address or phone number. | 100 | |
Number of notifications that can be sent per day through each channel (email, text message, and voice call). | 0 to 10 | |
Number of notifications that can be sent per day through each channel (DingTalk and Lark robots). | 0 to 100 |
Feature limits
For information about the file types that sensitive data detection tasks support, see OSS file types supported for detection.
Data Security Center provides features such as data classification and categorization, data audit, data masking, audit alerting, and baseline checks. For information about the database types that these features support, see Supported data asset types.
For information about the sensitive data types that DSC can detect, see Supported sensitive data types for detection.
For information about the built-in detection templates available in the Data Discovery feature of DSC, see Supported industry-specific templates for detection.
For information about the built-in audit policies available in the Audit Alerting feature of DSC, see View built-in audit policies.
For information about the algorithms supported by data masking, see Supported data masking algorithms.