Data Management (DMS) allows you to generate risk audit reports for database instances. Risk audit reports collect and assess various risks that are involved in the O&M of instances. Risk audit reports also provide optimization suggestions for you to improve the security and stability of your instances.

Overview

A risk audit report is generated based on a database instance in DMS. The report diagnoses and analyzes the risks that are involved in the O&M of the instance or a specific database in the instance. The report is only for your reference and does not affect the database instance.

The following table describes the risk audit items that are contained in risk audit reports.
Risk audit item Description Supported database engine
SQL review For this item, DMS checks whether the SQL statements that are executed in the DMS console to manage the current database instance conform to the R&D specifications. By default, DMS checks the SQL statements that are executed in the previous week. The statements include those that are executed on the SQLConsole tab and those that are executed after tickets, such as tickets for Change regular data and lock-free data changes, are submitted.

For example, DMS may find the following misoperation: A whole table was accidentally updated because the WHERE clause was missing in an UPDATE statement.

Note This audit item depends on optimization suggestions for SQL review. For information about SQL specifications, see SQL review optimization.
Self-managed MySQL databases, ApsaraDB RDS for MySQL databases, PolarDB for MySQL databases, PolarDB-X databases, and AnalyticDB for MySQL databases
Metadata For this item, DMS assesses the risks of all the schemas in the current database instance.

For example, DMS may identify the following risk: An auto-increment primary key of the INT data type runs out of valid values.

Note This audit item depends on optimization suggestions for SQL review. For information about SQL specifications, see SQL review optimization.
Self-managed MySQL databases, ApsaraDB RDS for MySQL databases, PolarDB for MySQL databases, PolarDB-X databases, and AnalyticDB for MySQL databases
Sensitive data For this item, DMS checks whether the current database instance contains sensitive fields.

For example, if the instance contains sensitive fields, such as mobile numbers, ID card numbers, or passwords, DMS checks whether these fields are prone to sensitive data breaches.

  • MySQL databases

    Self-managed MySQL databases, ApsaraDB RDS for MySQL databases, PolarDB for MySQL databases, PolarDB-X databases, and AnalyticDB for MySQL databases

  • SQL Server databases

    Self-managed SQL Server databases and ApsaraDB RDS for SQL Server databases

  • PostgreSQL databases

    Self-managed PostgreSQL databases and PolarDB for PostgreSQL databases

  • MaxCompute

Limits

  • Only DMS administrators, security administrators, database administrators (DBAs), instance owners, and database owners can generate risk audit reports.
  • You can keep only a limited number of risk audit reports for an instance. The number depends on the control mode of the instance.
    • For an instance that is managed in Flexible Management mode, you can keep up to three reports. You cannot view the details of the reports.
    • For an instance that is managed in Stable Change mode, you can keep up to 20 reports.
    • For an instance that is managed in Security Collaboration mode, you can keep up to 50 reports.

Procedure

  1. Log on to the DMS console V5.0.
  2. In the left-side navigation pane of the DMS console, right-click the instance for which you want to generate a risk audit report and choose Audit > Risk Audit.
  3. Click Real-time Diagnostics. In the Real-time Diagnostics dialog box, select one or more risk audit items and click Diagnose. By default, all risk audit items are selected.

    If the status of the report becomes Completed, the analysis is complete and the risk audit report is generated.

  4. Click Details next to Report ID to view the report details.
    On the report details page, click the blue numbers next to the risk items of different levels to view the details.