Data Security Center (DSC) enforces the following quotas and constraints across its modules. Review these limits before designing your data security workflows to avoid unexpected behavior.
Free tier
-
Redis authorization does not consume your authorized quota. Only baseline checks are supported for Redis. For more information, see Manage authorizations.
-
Purchasing a paid edition of DSC includes free resources. For more information, see Billing overview.
Specification limits
Asset Center
| Constraint | Limit |
|---|---|
| Maximum database credentials | 500 |
| Asset synchronization frequency | Auto-synced daily. Manual sync is allowed once every 5 minutes. |
Data classification and categorization
Detection templates and models
| Constraint | Limit |
|---|---|
| Maximum custom detection templates | 10 |
| Maximum enabled templates | 3 |
| Maximum primary templates among enabled templates | 1 |
| Maximum detection models in a single template | 1,000 |
| Maximum templates applied to a single detection task | 2 |
Detection tasks
| Constraint | Limit |
|---|---|
| Maximum authorized databases for detection | 5,000 |
| Maximum concurrent databases scanned in a detection task | 2 |
| Maximum concurrent tables scanned in a single database | 4 |
| Maximum custom active detection tasks | 5 (active = Not Started, Scanning, Paused, or Completed for auto-triggered tasks) |
| Maximum files in a single-file detection scan | 50 |
| Detection duration for the aggregate data dashboard (Asset Overview and data domains) | 1 day |
Sampling defaults
| Constraint | Default | Range |
|---|---|---|
| Data entries sampled per detection task (relational databases) | 10 | — |
| Data entries sampled per model (unstructured data) | 10 | — |
| Max rows scanned per table in a detection task | 200 | 1–1,000 |
| Max file size scanned in a detection task | 200 MB | 1 MB–1,000 MB |
| Documents detected in a single MongoDB database | 10,000 | — |
Compressed and archived files
| Constraint | Limit |
|---|---|
| Maximum sub-files scanned within a single compressed or archived file | 1,000 |
| Directory depth limit within compressed files | None |
Export tasks
| Constraint | Limit |
|---|---|
| Maximum export tasks per day | 30 |
| Maximum concurrent export tasks (Exporting state) | 3 |
| Maximum data entries in a single export task | 1,000,000 |
| Maximum samples in a single export task | 5 |
| Maximum sample size per model | 64 KB |
| Maximum samples per model | 10 |
| Maximum length of each sample | 100 characters |
Image masking
| Category | Constraint | Limit |
|---|---|---|
Image masking |
Supported image types | PNG, JPG, JPEG, BMP, WEBP, PDF |
| Maximum image file size | 10 MB | |
| Unsupported regions | Alibaba Gov Cloud and Alibaba Finance Cloud |
Detection and Response
| Constraint | Limit |
|---|---|
| Maximum leaked intelligence entries (manual entry) | 10,000 |
| Maximum file size for batch import of leaked intelligence | 10 MB |
| Detection duration for plaintext credential storage events | 1 day |
| Detection duration for public storage of sensitive information | 1 day |
| Detection duration for AccessKey pair access to bucket statistics | 1 day |
| Retention period for data in the access tracing graph | 7 days |
Detection duration limits indicate how far back DSC scans when calculating statistics or detecting events. Data outside these windows is not included in results.
Column encryption
| Constraint | Limit |
|---|---|
| Detection duration for total and sensitive column statistics | 5 minutes |
| Detection duration for account quantity statistics | 5 minutes |
Data Audit
| Constraint | Limit |
|---|---|
| Minimum online storage period for log archiving | 7 days |
| Audit alert notification period | Within 15 minutes |
| Effective period for custom rule or whitelist changes | 1–3 minutes |
| Maximum PrivateLink traffic collection bandwidth (agent-reported) | 300 MB |
| Effective period for enabling or disabling an audited asset (first log report latency) | 5 minutes |
| Collection period for MaxCompute audit logs | T+1 |
| Detection duration for log storage capacity calculation | 1 day |
Report Center
| Constraint | Limit |
|---|---|
| Maximum reports exported per day | 60 |
| Maximum detection duration for hourly statistics in daily reports | 2 hours |
Alert Notifications
| Constraint | Limit |
|---|---|
| Total verification codes sent to different email addresses and phone numbers per day | 20 |
| Total verification codes sent to the same email address or phone number | 100 |
| Notifications per day per channel (email, SMS, and voice call) | 0–10 |
| Notifications per day per channel (DingTalk and Lark robots) | 0–100 |
Feature limits
For limits on specific features, see the following topics:
-
Supported file types for detection — OSS file types supported for detection
-
Supported database types — Supported data asset types
-
Supported sensitive data types — Supported sensitive data types for detection
-
Built-in detection templates — Supported industry-specific templates for detection
-
Built-in audit policies — View built-in audit policies
-
Data masking algorithms — Supported data masking algorithms