Data Management (DMS) integrates the SQL review optimization feature into security rules. After you submit SQL statements for data changes or on the SQLConsole tab, DMS reviews the submitted SQL statements based on the specifications in security rules and offers optimization suggestions. This topic shows you how to configure security rules for reviewing SQL statements and perform data changes.
Security rules contain default SQL review rules. For example, the table must contain
remarks, a NULL value cannot be inserted into a NOT NULL column in the INSERT statement,
and the names of fields in the INSERT statement cannot be duplicated.
When developers submit SQL statements, the SQL review optimization feature reviews the submitted SQL statements and checks whether the table properties, column properties, index properties, data query rules, and data change rules meet the requirements. This helps database administrators (DBAs) review the submitted SQL statements and improves the quality of R&D. For more information, see SQL review optimization.
Create a table named
migration_job. You can use the following SQL statement to create the table:
CREATE TABLE `migration_job` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Primary key', `gmt_create` datetime NOT NULL COMMENT 'Creation time', `ref_id` bigint(20) unsigned NOT NULL COMMENT '', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='Test';
- If a database instance is managed in Security Collaboration mode, you can create a custom security rule set and associate the instance with the security rule set that you create. For more information, see Create security rules and Change the security rules of a database instance.
Step 1: Configure security rules
- Log on to the DMS console V5.0.
- Find the security rule set that you want to modify and click Edit in the Actions column. Note To configure a security rule set of the Flexible Management or Stable Change mode, click SQL audit optimization recommendations in the Actions column of the control mode.
- On the Details page, click the SQL audit optimization recommendations tab in the left-side pane.
- Find the rule named
The table must have a primary keyand click Edit in the Actions column.Note You can click the icon to the right of Tag, Behavioral action, or Status to filter rules. The Tag parameter specifies the scope to which a rule applies. A rule can apply to DDL and DML statements. The Status parameter specifies whether a rule is enabled or disabled.
- In the Rule content configuration dialog box, set the parameters as required. The following table describes the parameters.
Parameter Description Behavioral action The type of action to be performed based on the security rule. In this example, set the Behavioral action parameter to Must Improve.Note Default SQL review rules in DMS do not contain Must Improve. For more information about the Behavioral action parameter, see Behavioral actions. Remarks The description of the behavioral action for this rule, such as the background information.
- Click OK.
If you use the features such as data development, data change, and SQL review, the SQL review optimization feature verifies SQL statements based on the configured security rules.
Step 2: Change data
After you configure the security rules, submit a ticket to change data.
- Log on to the DMS console V5.0.
- In the top navigation bar, click Database Development. In the left-side navigation pane, choose . Note If you are using the previous version of the DMS console, move the pointer over the More icon in the top navigation bar and choose Data Plans > .
- On the Data Change Ticket Application page, set the parameters as required and click Submit. Note For more information about the parameters, see Table 1.
- Select the database instance that is associated with the security rule set that you have configured.
- Execute the following SQL statements for data changes:
CREATE TABLE test1 ( id bigint COMMENT 'id', name varchar(60) COMMENT 'name' ) DEFAULT CHARSET = utf8mb4 COLLATE utf8mb4_bin ENGINE = INNODB; INSERT INTO migration_job(id, ref_id, gmt_create, gmt_create) VALUES(1, null, now(), now());
- After you submit the ticket, DMS checks whether your configurations are valid based
on the security rules that are configured in Step 1. The SQL review optimization feature reviews the submitted statements and returns suggestions. In this example, the following suggestions are returned: One item must be improved, two potential issues exist, and one item can be improved.
- Click View Details. Move the pointer over the items in the SQL Review column to view details.
- Click SQL Statements for Modification. Optimize the SQL statements based on the suggestions and click Confirm Change. You can modify the statements by performing the following operations:
The following SQL statements are obtained after modification:
- In the
CREATE TABLEstatement, add a primary key and remarks for the
- In the
INSERTstatement, remove the duplicate field named
gmt_createand insert values for the
CREATE TABLE test1 ( id bigint PRIMARY KEY COMMENT 'id', name varchar(60) COMMENT 'name' ) DEFAULT CHARSET = utf8mb4 COLLATE utf8mb4_bin ENGINE = INNODB COMMENT = 'Remarks'; INSERT INTO migration_job(id, ref_id, gmt_create) VALUES(1, 2, now());
- In the
- DMS reviews the SQL statements again. The statements pass the review.
- Click Submit for Approval and wait for approval. After approval, a task is generated.
- Click Execute Change. In the Task Settings dialog box, set the parameters as required and click Confirm Execution. The following table describes the parameters. Note If you set the Execution Method parameter to After Audit Approved, Auto Execute in the Apply step, this step is automatically skipped.
Parameter Description Execute Immediately Specifies whether to run the task immediately or at a scheduled time. Valid values:
- Running immediately: DMS runs the task immediately after you submit the task.
- Schedule: DMS runs the task at the scheduled time that you specify.
Transaction Control Specifies whether to enable transaction control. Valid values:
- on: If an SQL statement fails to be executed, all the executed DML statements in the same transaction are rolled back. DDL statements cannot be rolled back.
- off: One SQL statement is executed at a time. If an SQL statement fails to be executed, the transaction is stopped. The other executed SQL statements in the same transaction are not rolled back.
Data Backup Specifies whether to back up data. Default value: on. Valid values:
- on: DMS generates
INSERTscripts to back up the data that will be affected when
DELETEstatements are executed.
- off: DMS does not generate backup files.
- Data backup is supported only for UPDATE and DELETE statements.
- You cannot back up data for MongoDB and Redis databases.