Adding and Authorizing Big Data Assets

To identify sensitive data, perform static masking, or add/extract data watermarks for big data assets, authorize DSC to access the databases within your big data instances.

For self-built big data assets: Add instances to DSC (refer to "Adding a Database Instance"), then authorize DSC to access the databases or indexes within the instances (refer to Authorizing Databases/Indexes Within Big Data Instances).
For cloud big data assets: Instance addition is not required. Authorize DSC to access your databases or indexes (refer to Authorizing Databases/Indexes Within Big Data Instances).
For DLI databases: Add the databases by referring to Adding a DLI Database.

Prerequisites

DSC has been allowed to access big data assets. For details, see Allowing or Disallowing Access to Cloud Assets.
You have obtained the version, server, and index information of the self-built ES, HBase, and Hive data sources, and there are available IP addresses in the subnets of these data sources.
You have applied for an ECS instance and installed big data assets on it. For details, see Purchasing and Using a Windows ECS.
You have applied for a security group. For details, see Creating a Security Group.

Adding and Authorizing Big Data Assets

This section describes how to add your big data assets to DSC for data security management.

Instances of self-built big data types need to be manually added. This section uses Elasticsearch as an example to describe how to add instances of self-built big data types.

Log in to the DSC console.
Click in the upper left corner and select a region or project.
In the navigation pane on the left, choose Asset Management > Asset Center.
Click Elasticsearch and choose the ElasticSearch Instance tab.
Click the Elasticsearch instance tab.
Click Add in the upper left corner of the instance list. The Add Instance dialog box is displayed.

Set the related parameters according to the Table 1, and then click OK.

**Table 1** Parameters for adding an instance
Parameter	Description
ECS	Select an ECS from the drop-down list box.
Big Data Type	Big data instance type to be added. In this case, select Elasticsearch.
Security Group	Select a security group from the drop-down list.
Version	Select a version from the drop-down list box. For details about the supported asset types and versions, see section Constraints.
Database Server Address	Select a server address from the drop-down list box.
Database Port	Enter an integer from 0 to 65535.
Index	Enter an index name, which can contain only letters, digits, underscores (_), and hyphens (-).
Username/Password	Enter the username and password of the index.
Asset	Enter a user-defined asset name containing 4 to 255 characters.

After an instance is added, if you need to identify and mask sensitive data in the databases or indexes of the instance, authorize access to the databases or indexes first. For details, see Authorizing Databases/Indexes Within Big Data Instances.

Log in to the DSC console.
Click in the upper left corner and select a region or project.
In the navigation pane on the left, choose Asset Management > Asset Center.
Click DLI. The Database tab is displayed.

Figure 1 DLI database list
Click Adding a database in the upper left corner of the database list. The Add Database dialog box is displayed.

Set parameters according to Table 2 and click OK.

**Table 2** Parameters for adding a database
Parameter	Description
Asset	Enter a user-defined asset name containing 4 to 255 characters.
Big Data Type	Select DLI from the drop-down list box.
Queue	Select a queue from the drop-down list box.
DLI Database	Select the DLI database to be added from the drop-down list box.

After the asset is added, the Connectivity of the asset is Checking, which means DSC is checking the asset connectivity.
- If DSC can access the added asset, the Connectivity is Succeeded.
- If the DSC cannot access the added asset, the Connectivity is Failed. Move the cursor to Failed to view the failure cause or rectify the fault by referring to section How Do I Troubleshoot the Failure in Connecting to the Added Database?

Before authorizing big data instance databases or indexes, ensure the following prerequisites are met: DLI and CSS services are enabled; assets exist within DLI and CSS; available IP address quotas are present in the respective subnet; and the Status of the instance is Successful.

The Elasticsearch big data type is used as an example to describe how to authorize access to big data assets. To authorize access to other types of big data assets, click the corresponding big data type.

Log in to the DSC console.
Click in the upper left corner and select a region or project.
In the navigation pane on the left, choose Asset Management > Asset Center.
Click Elasticsearch and choose the ElasticSearch Instance tab.
Click the Elasticsearch instance tab. Authorization can be performed in either of the following ways:
- Method 1: Click Authorize in the Operation column of the ElasticSearch instance list, and enter the Elasticsearch index information to perform authorization.
- Method 2: Click an instance name to go to the instance details page and view the status of all indexes of the instance.
  Then click Authorize in the Operation column to authorize unauthorized indexes.
  
  Click Set as Default. The metadata task creates a connection with the default database and draws the metadata of the instance.
Click the Index tab to view the connection status of authorized assets.
After the asset authorization is complete, the Connectivity of the asset is Checking, which means DSC is checking the database connectivity.
- If DSC can access the added asset, the Connectivity is Succeeded.
- If the DSC cannot access the added asset, the Connectivity is Failed. Move the cursor to Failed to view the failure cause or rectify the fault by referring to section How Do I Troubleshoot the Failure in Connecting to the Added Database?

Related Operations

Deleting an instance
A big data instance can be deleted only when the big data instance is a self-built instance and the number of authorized databases or indexes in it is 0.

Select multiple self-built instances and click Batch Delete in the upper left corner of the instance list to delete the instances. You can also click Delete in the Operation column of the instance list to delete a single instance.
Drawing metadata of an instance
- If the number of authorized databases in the MRS_Hive instance is greater than 0, click More > Refresh in the Operation column of the Hive instance list to automatically create a metadata task to obtain the database, table, and column information of the instance.
- If you enable the function of automatically creating a metadata task when adding a Hive instance, the system automatically creates a metadata task to obtain all metadata of the instance after the instance is created.
- You can manually create a metadata task by referring to section Step 1: Scanning Metadata.
Creating an identification task
In the Databases tab, locate the target asset and click Create Identification Task in the Operation column. For details, see Creating an Identification Task.