Security rules use a domain-specific language (DSL) to achieve the fine-grained management of databases. These rules allow you to manage Data Management (DMS) features such as querying, exporting, and changing data. This way, you can formulate operation guidelines and define development processes for your databases in DMS. This topic describes how to create, configure, and apply security rules.
Prerequisites
- You are a DMS administrator or a database administrator (DBA). For more information about how to view the role of a user, see View owned system roles.
- Your database instance is managed in Security Collaboration mode.
Note Database instances that are managed in Flexible Management or Stable Change mode support only default security rules.
Scenarios
Scenario | Solution |
---|---|
You must use external communication systems such as email and instant messaging (IM) services to communicate with others and apply data changes. An online process management system is required. |
|
You want to manage the development process of databases to ensure schema consistency between databases in different environments. For example, design and verify a database in a development environment and publish the database to an environment for joint debugging and test. After the joint debugging and test, publish the database to a staging environment. After the database is verified in the staging environment, publish the database to a production environment. | |
You want to manage the standards for schema design in databases. For example, a table must be created with a primary key, and a field that is added to an existing table cannot be empty. | |
You do not allow the execution of high-risk SQL statements, such as the SQL statements
that are used to delete data or tables. Only SELECT statements are allowed.
|
|
You want differentiated approval processes for database operations. For example, no approval is required for writing data, the approval of a business manager is required for changing 10,000 data records or less, and the approval of a business manager and a DBA is required for changing more than 10,000 data records. | |
You want differentiated approval processes for granting permissions on databases. For example, no approval is required for granting permissions on databases in a test environment, and the approval of a business manager is required for granting permissions on databases in a production environment. |
Create security rules
You can create multiple sets of security rules for databases in different environments.
Configure security rules
On the Details page of a security rule set, you can modify the configurations of default security rules or create custom security rules based on your business requirements.For example, you can disable the Whether the result set supports export rule on the SQL Console tab to forbid the export of query result sets on an SQLConsole tab of a database.
Apply security rules
You can use one of the following methods to apply a security rule to one or more database instances as required.Method 1
Method 2
- Log on to the DMS console V5.0.
- In the left-side instance list, right-click the instance to which you want to apply a security rule.
- Choose and select a security rule as required.
- In the Modify control mode message, click OK.