All Products
Search

This Product

    Data Security Center:Description of data audit custom rules

    Document Center

    Data Security Center:Description of data audit custom rules

    Last Updated:Aug 02, 2025

    This document describes important considerations for configuring custom data audit rules.

    Background

    When you configure custom data audit rules, all conditions are combined using the AND operator. This means that the intersection of the conditions is used. Therefore, multiple conditions can be mutually exclusive. You must configure the conditions with caution to avoid conflicts that can cause the configuration to become invalid.

    Scenarios

    When you configure custom data audit rules, you can refer to the following mutually exclusive scenarios to avoid configuration conflicts.

    Scenario 1: Mutually exclusive asset scopes

    When you configure asset conditions, the instance, database, and database table must have a hierarchical inclusion relationship. If the configured database does not belong to the selected instance, the condition is not met and no alert is triggered.

    For example, in the configuration shown in the following figure, the instance name, database name, and table name do not have a hierarchical inclusion relationship. Therefore, the condition is not met.

    image

    Scenario 2: Mutually exclusive behavior content and operations

    When you configure the Behavior condition, the configured SQL Content must match the selected Operation Type. Otherwise, the condition is not met and no alert is triggered.

    For example, in the configuration shown in the following figure, login failed! is a logon failure error message. It corresponds to the Login Operation Type and is unrelated to the Select Operation Type. Therefore, this condition is not met.

    image

    Scenario 3: Mutually exclusive behavior and result configurations

    The settings for the Behavior and Result conditions must be compatible. Otherwise, the condition is not met and no alert is triggered.

    • Example 1: In the configuration shown in the following figure, login failed! is a logon failure error message and does not affect the number of rows in a database table. Therefore, this condition is not met.

      image

      image

    • Example 2: In the configuration shown in the following figure, the login failed! configured in Behavior indicates a Failed logon, which is mutually exclusive with the Success execution status configured in Result. Therefore, this condition is not met.

      image