Multi-Account Management Overview

With DSC, you can securely and reliably aggregate data and access resources across accounts. If your account is managed by an organization, you can also protect the data security of all member accounts without logging in to each one.

To use DSC to protect data security of organization member accounts, follow the following steps (using account A to show how to manage account B's assets):

1. If account A is an organization administrator, skip this step. If account A is not an organization administrator, the organization administrator should add account A as a delegated administrator. For details, see Specifying a Delegated Administrator.
   

   The administrator can delegate the administrator rights to a member and revoke them. The right change takes effect after you refresh the page 1-2 minutes later.

2. The organization administrator or delegated administrator invites account B to join the organization. For details, see Inviting an Account to Join Your Organization.
3. After account B is added to the organization, log in to DSC as account A and choose Multi-Account Management to view the asset information of account B.

For details, see Overview of Organizations.

To access the data asset information of account B, DSC automatically creates a service agency in account B.

• The agency is a cloud service agency. The agency permission is DSCServiceLinkedAgencyPolicy. The agency name is ServiceLinkedAgencyForDataSecurityCenter. The authorization scope is Creating, deleting, and querying a v5 service agency, and binding the v5 policy (DSCServiceAgencyPolicy) to the agency. (The creation and deletion of the agency are limited to dsc_depend_agency_v5.)
• If account B is deleted, DSC automatically deletes the DSC agency in account B.