All Products
Search

This Product

    Data Security Center:Authorize DSC to access a self-managed database on an ECS instance

    Document Center

    Data Security Center:Authorize DSC to access a self-managed database on an ECS instance

    Last Updated:Nov 18, 2025

    After you purchase a Data Security Center (DSC) instance, you must authorize the asset instance. This authorization is required before you can use DSC to detect sensitive data or monitor abnormal operations in a self-managed database on an ECS instance.

    Limits

    • The self-managed database on the ECS instance must be in a virtual private cloud (VPC).

    • Only MySQL, SQL Server, and Oracle databases are supported.

    Prerequisites

    Step 1: Grant DSC permissions to access the self-managed database

    Log on to the database and run the following command to grant DSC permissions to access the database as a specific user. The following command uses a self-managed MySQL database on an ECS instance as an example. For other database types, run the corresponding authorization commands.

    GRANT SELECT ON *.* TO 'username'@'IP segment' IDENTIFIED BY 'password';

    The following table describes the parameters in the command.

    • username: The username used to connect to the self-managed database on the ECS instance.

    • IP segment: The IP segment in the authorization command varies by region. For example, for the China (Qingdao) region, set the IP segment to 100.104.69.0/26,100.104.48.128/26. For more information about IP segments, see IP segments.

    • password: The password used to connect to the self-managed database on the ECS instance.

    Note

    If you want to use the self-managed database on the ECS instance as a destination database for data masking, add ,INSERT after SELECT in the command.

    Step 2: Authorize the asset instance

    1. Log on to the Data Security Center console.

    2. In the navigation pane on the left, select Asset Center.

    3. On the Authorization Management tab, click Asset Authorization Management.

    4. In the navigation pane on the left of the Asset Authorization Management panel, click Self-Managed Database.

    5. Click Add Asset. In the dialog box that appears, set the database parameters and click OK or Add and Configure Permissions.

      Configuration item

      Description

      Database Engine Type

      Select the type and version of the database from the drop-down list.

      Server Type

      The default value is ECS Asset. You cannot change this value.

      Region

      Select the region where the database is deployed. The region must be the same as the region of the IP address that you specified in Step 1: Grant DSC permissions to access the self-managed database.

      Instance ID

      Select the ECS instance where the database is located from the drop-down list.

      Port

      Enter the port used to connect to the database.

      Permission Configuration Item

      Select at least one permission configuration item:

      • Data Identification: Select this item if you want to use DSC to detect sensitive data in the database and perform operations such as data classification, categorization, and masking.

      • Audit: Select this item if you want to use DSC to audit database activities. For more information about audit configurations, see Configure and enable the audit mode.

    6. In the Configure Permissions dialog box, click Add Database and Account. Enter the database name, select the permissions for the database user, enter the database username and password, and then click Save.

    7. Return to the Authorization Management page to view the connection status of the self-managed database.

    IP segments

    Region

    IP segment

    China (Qingdao)

    • 100.104.69.0/26

    • 100.104.48.128/26

    China (Beijing)

    • 100.104.250.0/26

    • 100.104.51.192/26

    China (Zhangjiakou)

    • 100.104.37.128/26

    • 100.104.191.64/26

    China (Hohhot)

    • 100.104.234.192/26

    • 100.104.26.128/26

    China (Hangzhou)

    • 100.104.207.192/26

    • 100.104.232.64/26

    China (Shanghai)

    • 100.104.238.64/26

    • 100.104.198.192/26

    China (Shenzhen)

    • 100.104.247.0/26

    • 100.104.150.64/26

    China (Hong Kong)

    • 100.104.153.64/26

    • 100.104.65.192/26

    References

    • For more information about databases and deployment methods, see Deploy databases.

    • For more information about custom sensitive data identification tasks, see Add a custom identification task.

    • You can use data domains to categorize and manage data assets based on dimensions such as business attributes, organizational structures, and data features. For more information, see Manage assets by data domain.

    FAQ

    For frequently asked questions about data asset authorization and their solutions, see Data authorization.