This page describes how to create, view, pause, resume, edit, and delete an existing discovery scan configuration.
A discovery scan configuration (sometimes called discovery configuration or scan configuration) specifies how Sensitive Data Protection should profile your data. For more information, see Discovery scan configuration.
Create a scan configuration
For information about how to create a discovery scan configuration, see the following pages:
Discovery for BigQuery data
Discovery for Cloud SQL data
Discovery for Cloud Storage data
Discovery for Vertex AI data (Preview)
Report secrets in Cloud Run environment variables to Security Command Center (no profiles generated)
View a scan configuration
Go to the discovery scan configurations list.
Make sure you're viewing the correct organization or project:
- To manage a discovery scan configuration that you created at the organization or folder level, view the organization.
- To manage a discovery scan configuration that you created at the project level, view the project.
- To manage a discovery scan configuration that you created at the table level, view the project that contains the table.
To switch to a different view, on the toolbar, click the project selector. Select the organization or project that you want to view.
To open the Scan configuration details page, click the name of the resource associated with the scan configuration.
Pause a scan configuration
Go to the discovery scan configurations list.
Make sure you're viewing the correct organization or project:
- To manage a discovery scan configuration that you created at the organization or folder level, view the organization.
- To manage a discovery scan configuration that you created at the project level, view the project.
- To manage a discovery scan configuration that you created at the table level, view the project that contains the table.
To switch to a different view, on the toolbar, click the project selector. Select the organization or project that you want to view.
Click
Actions, and then click Pause scan.As long as a scan configuration is paused, Sensitive Data Protection doesn't generate any new profiles under that configuration.
Resume a scan configuration
Go to the discovery scan configurations list.
Make sure you're viewing the correct organization or project:
- To manage a discovery scan configuration that you created at the organization or folder level, view the organization.
- To manage a discovery scan configuration that you created at the project level, view the project.
- To manage a discovery scan configuration that you created at the table level, view the project that contains the table.
To switch to a different view, on the toolbar, click the project selector. Select the organization or project that you want to view.
Click
Actions, and then click Resume scan.
Edit a scan configuration
If you edit a scan configuration that has already been used to profile tables, you might end up having different tables scanned according to different configurations.
To edit a scan configuration, follow these steps:
Go to the discovery scan configurations list.
Make sure you're viewing the correct organization or project:
- To manage a discovery scan configuration that you created at the organization or folder level, view the organization.
- To manage a discovery scan configuration that you created at the project level, view the project.
- To manage a discovery scan configuration that you created at the table level, view the project that contains the table.
To switch to a different view, on the toolbar, click the project selector. Select the organization or project that you want to view.
Click
Actions, and then click Edit.Edit the configuration as needed. For more information about the options on this page, see Profile data in a project or Profile data in an organization or folder.
Click Save.
Delete a scan configuration
Deleting a scan configuration doesn't delete the data profiles that have been generated through it. In addition, deleting a scan configuration and creating a new one doesn't cause a reprofile operation on tables that are in the scope of the new scan configuration.
Sensitive Data Protection reprofiles data as described in Frequency of data profile generation. You can customize the profiling frequency in your scan configuration by creating a schedule. To force the discovery service to reprofile your data, see Force a reprofile operation.
For information on how long Sensitive Data Protection retains data profiles, see Retention of data profiles.
To delete a scan configuration, follow these steps:
Go to the discovery scan configurations list.
Make sure you're viewing the correct organization or project:
- To manage a discovery scan configuration that you created at the organization or folder level, view the organization.
- To manage a discovery scan configuration that you created at the project level, view the project.
- To manage a discovery scan configuration that you created at the table level, view the project that contains the table.
To switch to a different view, on the toolbar, click the project selector. Select the organization or project that you want to view.
Click
Actions, and then click Delete.To confirm the deletion, in the dialog that appears, click Delete.
What's next
- Learn more about data profiles.
- Learn how to profile data in a project.
- Learn how to profile data in an organization or folder.
- Learn how to troubleshoot issues with data profiles.
- Refer to a list of metrics included in data profiles.