Data Management (DMS) allows you to manage the security rules for relational and non-relational databases on the SQL Console tab. The definition and classification of security rules on this tab are different for relational and non-relational databases. This topic describes how to configure security rules for Redis databases on the SQL Console tab.

Checkpoints on the SQL Console tab

Checkpoint Description
Permission Execution Statement Criteria Allows you to set constraints on the permissions for command execution. For example, you can configure this checkpoint so that DMS checks whether a user has required permissions on a database, table, or column when the user submits a command to perform operations on the object.
Statement Criteria: Keys Allows you to set constraints on key-related commands.
Statement Criteria: String Allows you to set constraints on string-related commands.
Statement Criteria: List Allows you to set constraints on list-related commands.
Statement Criteria: SET Allows you to set constraints on set-related commands.
Statement Criteria: SortedSet Allows you to set constraints on sorted set-related commands.
Statement Criteria: Hash Allows you to set constraints on hash table-related commands.
Statement Criteria: Cpc Allows you to set constraints on TairCpc commands.
Statement Criteria: Ts Allows you to set constraints on TairTS commands.
Statement Criteria: Roaring Allows you to set constraints on TairRoaring commands.
Statement Criteria: Search Allows you to set constraints on TairSearch commands.
Statement Criteria: Other Allows you to set constraints on commands of other types.
Note DMS provides a large number of predefined configurations and rules for checkpoints. You can modify the configurations, change the state of rules, and create custom rules based on your business requirements. For more information, see Configure security rules.

The following flowchart shows how checkpoints work.

liu

Factors and actions

Factors

A factor is a predefined variable in DMS. You can use factors to obtain the context to be validated by security rules. The context includes command types and the number of rows to be affected.
Note
  • A factor name consists of the prefix @fac. and the display name of the factor.
  • Each tab on the Details page of a security rule set displays different factors for different checkpoints.
Table 1. Factors provided on the SQL Console tab
Factor Description
@fac.cmd_type The type of the command. For more information about valid values, see Redis commands supported by DMS.
@fac.env_type The type of the environment. The value is the display name of the environment type, such as DEV or PRODUCT. For more information, see Change the environment type of an instance.
@fac.is_read Indicates whether the current command is a read command. Valid values:
  • true
  • false
@fac.is_write Indicates whether the current command is a write command. Valid values:
  • true
  • false
@fac.current_sql The current SQL statement.
@fac.user_is_admin Indicates whether the current user is a DMS administrator. Valid values:
  • true
  • false
@fac.user_is_dba Indicates whether the current user is a database administrator (DBA). Valid values:
  • true
  • false
@fac.user_is_inst_dba Indicates whether the current user is a DBA of the current database instance. Valid values:
  • true
  • false

Actions

An action is an operation that the system performs if the conditions specified in the IF statement are met. The action that you specify for a security rule shows the purpose of the security rule. For example, you can forbid the submission of a ticket, select an approval process, allow the execution of SQL statements, or reject the execution of SQL statements.
Note
  • An action name consists of the prefix @act. and the display name of the action.
  • Each tab on the Details page of a security rule set displays different actions for different checkpoints.
Table 2. Actions provided on the SQL Console tab
Action Description
@act.reject_execute Rejects the execution of the current SQL statement.
@act.allow_execute Allows the current SQL statement to be executed.

Redis commands supported by DMS

The following table describes the command types and commands that DMS can recognize based on syntax analysis.

Type Command
Key-related read command
  • EXISTS
  • TTL
  • PTTL
  • RANDOMKEY
  • TYPE
  • SCAN
Key-related write command
  • DEL
  • DUMP
  • EXPIRE
  • EXPIREART
  • MOVE
  • PERSIST
  • RENAME
  • RENAMENX
  • TOUCH
  • UNLINK
String-related read command
  • GET
  • GETRANGE
  • BITCOUNT
  • GETBIT
  • MGET
  • STRLEN
String-related write command
  • APPEND
  • DECR
  • DECRBY
  • GETSET
  • INCR
  • INCRBY
  • INCRBYFLOAT
  • MSET
  • MSETNX
  • SET
  • SETRANGE
  • SETBIT
List-related read command
  • LINDEX
  • LLEN
  • LRANGE
List-related write command
  • BLPOP
  • BRPOP
  • BRPOPLPUSH
  • LINSERT
  • LPOP
  • LPUSH
  • LPUSHX
  • LREM
  • LSET
  • LTRIM
  • RPOP
  • RPOPLPUSH
  • RPUSH
  • RPUSHX
Set-related read command
  • SCARD
  • SISMEMBER
  • SRANDMEMBER
  • SSCAN
  • SDIFF
  • SINTER
  • SMEMBERS
  • SUNION
Set-related write command
  • SADD
  • SMOVE
  • SPOP
  • SREM
  • SDIFFSTORE
  • SINTERSTORE
  • SUNIONSTORE
Sorted set-related read command
  • ZCARD
  • ZCOUNT
  • ZLEXCOUNT
  • ZRANGE
  • ZRANGEBYLEX
  • ZRANGEBYSCORE
  • ZRANK
  • ZREVRNGE
  • ZREVRANGEBYLEX
  • ZREVRANGEBYSCORE
  • ZREVRANK
  • ZSCAN
  • ZSCORE
Sorted set-related write command
  • ZADD
  • ZINCRBY
  • ZINTERSTORE
  • ZPOPMAX
  • ZPOPMIN
  • ZREM
  • ZUNIONSTORE
  • BZPOPMIN
  • BZPOPMAX
  • ZREMRANGEBYLEX
  • ZREMRANGEBYRANK
  • ZREMRANGEBYSCORE
  • ZUNIONSTORE
Hash table-related read command
  • HEXISTS
  • HGET
  • HLEN
  • HMGET
  • HSCAN
  • HSTRLEN
  • HGETALL
  • HKEYS
  • HVALS
Hash table-related write command
  • HDEL
  • HINCRBY
  • HINCRBYFLOAT
  • HMESET
  • HSET
  • HSETNX
Server read command
  • DBSIZE
  • CLIENT LIST
  • INFO
  • SLOWLOG
Connection command PING
HyperLogLog command
  • PFCOUNT
  • PFADD
  • PFMERGE
TairDoc command For more information about TairDoc commands, see TairDoc.
TairString command For more information about TairString commands, see TairString.
TairBloom command For more information about TairBloom commands, see TairBloom.
TairGIS command For more information about TairGIS commands, see TairGIS.
TairHash command For more information about TairHash commands, see TairHash.
TairCpc command For more information about TairCpc commands, see TairCpc.
TairTS command For more information about TairTS commands, see TairTS.
TairRoaring command For more information about TairRoaring commands, see TairRoaring.
TairSearch command For more information about TairSearch commands, see TairSearch.