Personal Data Protection
To prevent personal data (such as the username, password, and mobile number) from being accessed by unauthorized entities or individuals, IAM encrypts the data before storing it, controls access to the data, and can check all operations performed on the data from operation logs.
Personal Data
Table 1 lists the personal data generated or collected by IAM.
Type |
Source |
Modifiable |
Mandatory |
---|---|---|---|
Username |
|
No |
Yes Usernames are used to identify users. |
Password |
|
Yes |
No You can also choose AK/SK authentication. |
Email address |
Entered when you create a user, modify user credentials, or change the email address on the management console. |
Yes |
No |
Mobile number |
Entered when you create a user, modify user credentials, or change the mobile number on the management console. |
Yes |
No |
AK/SK |
Created on the My Credentials page or the IAM console. |
No AK/SK cannot be modified, but they can be deleted and created again. |
No AK/SK are used to sign the requests sent to call APIs. |
Personal Data Storage
IAM uses encryption algorithms to encrypt sensitive user data before storing it.
- Usernames and AKs are non-sensitive data and are stored in plaintext.
- Passwords, email addresses, mobile numbers, and SKs are sensitive data and are encrypted before storage.
Access Control
Personal data is stored in the IAM database after being encrypted. A whitelist is configured to control access to the database.
MFA Authentication
You can enable login protection and critical operation protection by choosing Security Settings > Critical Operations. If you enable these functions, users under your account must verify their identity by SMS, email, or virtual MFA device before they log in or perform a critical operation.
API Constraints
- AK/SK authentication is required for calling APIs. You can create an access key (AK/SK) and download the file containing the access key. If you are unable to locate the file, you can create an access key again and download the file. Do not share your access key with anyone else.
- IAM does not provide APIs for batch querying and modifying personal data.
Operation Logs
IAM logs all personal data operations, including adding, modifying, querying, and deleting personal data. It uploads operation logs to CTS, and allows users to query only their own operation logs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.