Security rules use a domain-specific language (DSL) to achieve the fine-grained management of databases. These rules allow you to manage Data Management (DMS) features such as querying, exporting, and changing data. This way, you can formulate operation guidelines and define development processes for your databases.
Scenarios
Scenario | Solution |
---|---|
You must use external communication systems such as email and instant messaging (IM) services to communicate with others. In addition, you must manually apply data changes. An online process management system is required. |
|
You want to manage the development process of databases to ensure schema consistency between databases in different environments. For example, design and verify a database in a development environment and publish the database to an environment for joint debugging and test. After the joint debugging and test, publish the database to a staging environment. After the database is verified in the staging environment, publish the database to a production environment. | |
You want to manage the standards for schema design in databases. For example, a table must be created with a primary key, and a field that is added to an existing table cannot be empty. | |
You do not allow the execution of high-risk SQL statements, such as the SQL statements
that are used to delete data or tables. Only SELECT statements are allowed.
|
|
You want differentiated approval processes for database operations. For example, no approval is required for writing data, the approval of a business manager is required for changing 10,000 data records or less, and the approval of a business manager and a database administrator (DBA) is required for changing more than 10,000 data records. | |
You want differentiated approval processes for granting permissions on databases. For example, no approval is required for granting permissions on databases in a test environment, and the approval of a business manager is required for granting permissions on databases in a production environment. |
Supported database engines
The following database engines are supported:
- MySQL series: native MySQL, Apsara RDS for MySQL, PolarDB for MySQL, PolarDB-X, AnalyticDB for MySQL, and ApsaraDB OceanBase for MySQL
- PostgreSQL series: native PostgreSQL, PolarDB for PostgreSQL, and AnalyticDB for PostgreSQL
- Oracle series: native Oracle, ApsaraDB OceanBase for Oracle, and PolarDB O Edition
- SQL Server
- MariaDB
- Data Lake Analytics (DLA)
- Redis
- MongoDB
- MaxCompute
- HBase
- ClickHouse
Usage notes
You are authorized to perform the operations described in this topic only as a DBA or DMS administrator.
Create security rules
You can create multiple security rules for databases in different environments.
Change the security rules of a database instance
Note This section applies only to database instances whose control mode is Security Collaboration. Database instances whose control mode is Flexible Management or Stable Change must use the default security rules. You cannot change the security rules.