All Products
Search

This Product

    Data Management:Enable the secure access proxy feature

    Document Center

    Data Management:Enable the secure access proxy feature

    Last Updated:Apr 19, 2024

    Data Management (DMS) provides the secure access proxy feature to better ensure data security when you access databases. The secure access proxy feature generates proxy endpoints for database instances. You can use the proxy endpoints to access database instances in a secure manner over the MySQL or HTTPS protocol. This topic describes how to enable the secure access proxy feature for a database instance.

    Prerequisites

    • DMS is deployed in Singapore or Indonesia (Jakarta). For more information about how to view DMS deployment regions, seeSwitch regions.

    • The database and DMS are located in the same region.

    • The database instance uses MySQL or MariaDB as the database engine. One of the following types of databases is used:

      • MySQL: ApsaraDB RDS for MySQL, PolarDB for MySQL, MyBase for MySQL, PolarDB for Xscale, AnalyticDB for MySQL, and third-party MySQL databases

      • MariaDB: ApsaraDB for MariaDB and third-party MariaDB databases

      Note

      To view the database engine used by a database instance, log on to the DMS console and move the pointer over the instance name in the left-side instance list on the Home tab.

    • You are a DMS administrator, or a database administrator (DBA). For more information about how to view system roles, see View system roles.

    Feature description

    The secure access proxy feature reuses security rules, data permissions, and sensitive fields in DMS. This feature provides comprehensive security management, access control, data masking, and operation audit capabilities for enterprise databases.

    dataprotect

    Procedure

    1. Log on to the DMS console V5.0.

    2. In the left-side instance list on the Home tab, right-click the database instance for which you want to enable the secure access proxy feature and select Secure Access Proxy.

      Note

      If you are a DMS administrator or DBA, you can also enable the secure access proxy feature by using the following methods:

      • In the top navigation bar of the DMS console, click Security and Specifications. In the left-side navigation pane, click Secure Access Proxy. On the Disabled tab, find the database instance for which you want to enable the secure access proxy feature and click Enable in the Actions column.

      • In the top navigation bar of the DMS console, click Data Asset . In the left-side navigation pane, click Instances. On the Instance List tab, find the database instance for which you want to enable the secure access proxy feature and choose More > Secure Access Proxy in the Actions column.

    3. On the Secure Access Proxy/Details page, click Enable Secure Access Proxy.

    4. In the Enable Secure Access Proxy dialog box, specify Database Account and Database password, and click Next Step.

    5. In the Secure Access Proxy - Authorize dialog box, specify the users to be authorized, whether to use a custom database account, and the security policy. Authorized users can use the credentials generated by the secure access proxy feature to access the database instance. For more information, see Authorize users to access a database instance by using proxy endpoints.

    6. Click OK.

      The following figure shows the Secure Access Proxy/Details page after the secure access proxy feature is enabled.Enable Secure Access Proxy

    Supported operations

    After the secure access proxy feature is enabled for the database instance, you can perform the following operations on the database instance on the Secure Access Proxy/Details page:

    • Disable the secure access proxy feature for the database instance: In the upper-left corner of the Secure Access Proxy/Details page, click Disable Secure Access Proxy.

    • Enable access from the Internet: You may want to allow local programs or programs that do not reside in the same virtual private cloud (VPC) as the database instance to access the database instance. In this case, click Enable next to Public Endpoint in the Basic Information section of the Secure Access Proxy/Details page to obtain the public proxy endpoints.

    • Change the database account that is used to log on to the database instance: Click the Edit icon next to Database Account to change the database account.

    Related API operations

    API

    Description

    CreateProxy

    Enables the secure access proxy feature for a database instance.

    DeleteProxy

    Disables the secure access proxy feature for a database instance.

    ListProxies

    Queries the proxy endpoints that are generated by the secure access proxy feature.

    GetProxy

    Queries the details of a proxy endpoint that is generated by the secure access proxy feature.