Data Management (DMS) allows you to generate risk audit reports for database instances. Risk audit reports collect and assess various risks that are involved in the operations and maintenance (O&M) of instances. Risk audit reports also provide optimization suggestions for you to improve the security and stability of your instances.
A risk audit report is generated based on a database instance in DMS. The report diagnoses and analyzes the risks that are involved in the O&M of the instance or a specific database in the instance. The report is only for your reference and does not affect the database instance.
The following table describes the risk audit items that are contained in risk audit reports.
|Risk audit item||Description||Supported database engines|
|SQL Review||For this item, DMS checks whether the SQL statements that are executed in the DMS
console to manage the current database instance conform to the R&D specifications.
By default, DMS checks the SQL statements that are executed in the previous week.
The statements include those that are executed on the SQLConsole tab and those that
are executed after tickets are submitted, such as Normal Data Modify and Lockless change tickets.
For example, DMS may find the following misoperation: A whole table was accidentally
updated because the
|Metadata||For this item, DMS assesses the risks of all the schemas in the current database instance.
For example, DMS may identify the following risk: An auto-increment primary key of the INT data type runs out of valid values.
|Sensitive Data||For this item, DMS checks whether the current database instance contains sensitive
For example, if the instance contains sensitive fields, such as mobile numbers, ID card numbers, or passwords, DMS checks whether these fields are prone to sensitive data breaches.
- Only DMS administrators, security administrators, database administrators (DBAs), instance owners, and database owners can generate risk audit reports.
- You can keep only a limited number of risk audit reports for an instance. The number
depends on the control mode of the instance.
- For an instance that is managed in Flexible Management mode, you can keep up to three reports. You cannot view the details of the reports.
- For an instance that is managed in Stable Change mode, you can keep up to 20 reports.
- For an instance that is managed in Security Collaboration mode, you can keep up to 50 reports.
- Log on to the DMS console.
- In the left-side instance list of the DMS console, right-click the instance for which you want to generate a risk audit report and
choose Audit > Risk Audit.Note You can use one of the following methods to go to the Risk Audit tab of a database:
- In the left-side instance list of the DMS console, click the instance where the database resides, right-click the database, and then choose Audit > Risk Audit.
- On the SQLConsole tab of the database, move the pointer over the icon and select .
- On the Risk Audit tab, select a database for which you want to generate a risk audit
report from the Database drop-down list.Note If you do not select a specific database, a risk audit report is generated based on all the databases in the current instance.
- Click Real-time Diagnostics.Note By default, DMS does not automatically diagnose an instance. If this is the first time for the instance to be diagnosed, you can click Diagnose.
- In the Real-time Diagnostics dialog box, select the risk audit items as needed and
Wait until the Status column of the report that is being generated displays Completed.
- Click Details in the Operation column of the newly generated report.
- On the Report Details tab, you can find a risk audit item and click Details in the Operation column to view the details.
Risk audit item Description SQL ReviewThe SQL Review details tab displays the risks of the latest SQL statements that are executed in the current database and optimization suggestions. You can configure rules to avoid some medium- and high-risk SQL statements. For more information, see SQL review optimization.Note For the SQL Review item and the Metadata item, high-level risks, medium-level risks, and low-level risks correspond to the following behavioral actions in order: Must Improve, Potential Issue, and Suggest Improve. For more information, see SQL review optimization. Metadata The Metadata details tab displays the risks of the schemas in the current database and optimization suggestions. You can optimize the schemas based on the suggestions. You can also find a schema and click Ignore in the Operation column to ignore the risk. Sensitive Data The Sensitive Data details tab displays the risks of sensitive data breaches in the current database and optimization suggestions. You can find a field and click Set as Sensitive Data or Set as Confidential Data in the Operation column to adjust the security level of the field. You can also click Ignore to ignore the risk.