When you need to proactively check a database instance for security and stability issues, run a risk audit report. The report scans SQL quality, schema metadata, and sensitive data exposure, then surfaces optimization suggestions — without affecting your database.
How it works
A risk audit report performs on-demand diagnosis for a single instance or a specific database within it. Select one or more risk categories, and DMS produces a report with risk items grouped by severity. Click the count next to a severity level to view the details for that level.
Three risk categories are assessed:
| Risk category | What it checks | Supported databases |
|---|---|---|
| SQL review | SQL statements submitted through DMS for the instance — covering the past week by default, including statements from SQL Console and tickets such as Normal Data Modify and Lock-free Change. Example: an UPDATE statement without a WHERE clause causes a full table update. | Self-managed MySQL, RDS for MySQL, PolarDB for MySQL, AnalyticDB for MySQL, PolarDB Distributed Edition |
| Metadata | Table schemas across all databases in the instance. Example: an auto-increment primary key of the integer type nearing its maximum value. | Self-managed MySQL, RDS for MySQL, PolarDB for MySQL, AnalyticDB for MySQL, PolarDB Distributed Edition |
| Sensitive data | Fields that may contain sensitive values such as phone numbers, ID numbers, or passwords — which can lead to data breaches if left unprotected. | MySQL series (self-managed MySQL, RDS for MySQL, PolarDB for MySQL, AnalyticDB for MySQL, PolarDB Distributed Edition), SQL Server series (self-managed SQL Server, RDS for SQL Server), PostgreSQL series (self-managed PostgreSQL, PolarDB for PostgreSQL), MaxCompute |
The SQL review and metadata categories depend on SQL review optimization suggestions. To configure SQL standards, see Configure SQL review optimization suggestions.
Limitations
Access: Your DMS account must have one of the following roles: administrator, security administrator, DBA, or regular user (instance owner or database owner).
Report retention: Each instance retains a limited number of recent reports. The limit depends on the control mode:
| Control mode | Reports retained |
|---|---|
| Flexible Management | 3 (details not available for viewing) |
| Stable Change | 20 |
| Security Collaboration | 50 |
Run a risk audit
Risk audits are triggered on demand.
Prerequisites
Before you begin, ensure that you have:
A DMS account with administrator, security administrator, DBA, or regular user (instance owner or database owner) role
Steps
Log on to the DMS console V5.0.
In the instance list in the navigation pane, right-click the target instance, then select Audit > Risk Audit.
Click Real-time Diagnosis.
In the Real-time Diagnosis dialog box, select the functional modules to diagnose, then click Diagnose Now. All modules are selected by default. Wait until the Status changes to Completed.
Click Details next to the report ID to open the Report Details page. The report groups risk items by severity level. Each severity level shows a count of flagged items.
On the Report Details page, click the blue number next to a risk level to view the items at that level.
Next steps
Configure SQL review optimization suggestions — set SQL standards that the SQL review and metadata categories use to flag risky statements.
Manage sensitive data — configure sensitive data identification rules to improve the accuracy of sensitive data assessment.