Access control

  • Network isolation
    As a one-stop real-time data warehouse engine developed by Alibaba Cloud, Hologres must meet the requirements of security isolation specifications. Take note of the following items:
    • The classic network, virtual private cloud (VPC), and public network of each Hologres instance are isolated from each other. You can access the Hologres instance over a network by using the endpoint and virtual IP addresses (VIPs) that correspond to the network.
    • To access a Hologres instance over a VPC, you can associate the Hologres instance with the VPC. If you do so, the Hologres instance can be accessed only from the specified VPC.
    • If you configure an IP address whitelist for a Hologres instance, the Hologres instance can be accessed only by servers whose IP addresses are in the whitelist.
  • IP address whitelists

    Hologres supports multiple levels of access control to guarantee security, such as the security authentication mechanism. Only users who have the authorized AccessKey ID and AccessKey secret are allowed to access data based on the granted permissions. The following content describes how to configure access control policies by using IP address whitelists. For more information, see Configure IP address whitelists.

    You can determine the IP addresses that you want to add to IP address whitelists by using the following methods:
    • If you use the PostgreSQL client to access a Hologres instance, add the IP address of the server where the PostgreSQL client resides to the whitelist.
    • If you use a proxy server to access a Hologres instance, add the IP address of the last-hop proxy server to the whitelist.
    • If you access Hologres from an Elastic Compute Service (ECS) instance, add the IP address of the NAT gateway to the whitelist.
    • If you want to configure multiple IP addresses, separate the IP addresses with commas (, ). The following formats are supported for configuring multiple IP addresses:
      • Individual IP addresses.
      • An IP address with a subnet mask.
      Example:
      -- Individual IP addresses
      10.32.180.8,10.32.180.9,10.32.180.10
      -- An IP address with a subnet mask. 
      10.32.180.0/23

Authentication

  • Identity verification
    • You can create an AccessKey pair in the Alibaba Cloud Management Console. An AccessKey pair consists of an AccessKey ID and AccessKey secret. The AccessKey ID is public and uniquely identifies a user, whereas the AccessKey secret is private and used to authenticate a user.
    • Before you send a request to Hologres, you must create a string to be signed in the format specified by Hologres and then create a signature for the request by using the AccessKey secret. After Hologres receives the request, it finds the AccessKey secret based on the AccessKey ID and generates a signature. If the signature is the same as that sent by the client, the request is valid. Otherwise, Hologres denies the request and returns the HTTP status code 403.
  • Permission control
    You can access a Hologres instance by using an Alibaba Cloud account or as a RAM user. To implement flexible permission control, you can create RAM users with different permissions for your Alibaba Cloud account. Hologres applies permission-based authorization policies when you access a Hologres instance by using an Alibaba Cloud account or as a RAM user.
    • If you use an Alibaba Cloud account, Hologres checks whether the Alibaba Cloud account is the owner account of the Hologres instance. Only the owner has the permissions to access the Hologres instance.
    • If you access a Hologres instance as a RAM user, the policy attached to the RAM user is checked. Hologres checks whether the Alibaba Cloud account that owns the Hologres instance grants the RAM user the permissions to access the Hologres instance.
  • Permission models

    Hologres supports the following three permission models to control the access permissions of RAM users. For more information, see Overview.

    Permission model Scenario Description
    Standard PostgreSQL authorization model This model is suitable for scenarios in which permissions are strictly managed. This model allows you to grant a RAM user the permissions on a specific table. For example, you can grant the zinan.tang user the read permissions on the table1 table. In this model, permissions are granted in a fine-grained and flexible manner. This way, a RAM user can be granted the permissions on a specific table. You can call the GRANT/REVOKE command and specify a database, schema, table, or view to manage the permissions on the specified object.
    Simple permission model (SPM) This model allows you to manage database-level permissions and is suitable for scenarios in which permissions are managed in a coarse-grained manner. In this model, specific permissions of each user group on databases cannot be changed. This model is suitable for most scenarios and the authorization operations are simple.
    Schema-level permission model (SLPM) This model allows you to manage schema-level permissions and is suitable for scenarios in which permissions are managed in a fine-grained manner and a simple authorization process is required. In this model, specific permissions of each user group on schemas cannot be changed. The authorization operations are simple.
  • RAM authorization
    • Hologres supports RAM authentication. Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage permissions on resources. You can create RAM users for your Alibaba Cloud account in RAM. The created RAM users are subordinate to the Alibaba Cloud account. All Hologres instances belong to the Alibaba Cloud account. The Alibaba Cloud account can grant access permissions on the Hologres instances to the RAM users.
    • You can also log on to Alibaba Cloud and access Hologres by using role-based SSO. In this case, the RAM role becomes a member of a Hologres instance. The user who assumes this RAM role has the same permissions as an Alibaba Cloud account or a RAM user. For more information, see RAM authorization mode.

Data security

  • Data reliability

    Hologres is certified by Payment Card Industry Data Security Standard (PCI DSS). Hologres uses a distributed file system to store data. The data is stored in three replicas. These replicas are stored on different nodes of a cluster based on specific policies. This ensures data reliability.

  • Data de-identification

    Hologres supports the data masking feature. You can de-identify data in columns and customize de-identification configurations for specific users. After you enable this feature, sensitive information is de-identified in query results. This helps you protect sensitive and private data. Hologres supports multiple de-identification rules, such as IP address de-identification, email address de-identification, and hashing. For more information, see Data masking (Beta).

  • Encrypt stored data.

    Hologres allows you to use Key Management Service (KMS) to encrypt data for secure storage. This way, data is stored in a secure manner. Supported encryption algorithms include AES256, AESCTR, RC4, and SM4. For more information, see Encrypt data in Hologres.

Log audit

  • Hologres allows you to query the events of instances within 90 days in the ActionTail console, by calling API operations, or by using developer tools. This way, you can monitor events, set alert rules for events, audit events in real time, and troubleshoot issues. For more information, see Query event logs.
  • Hologres provides query logs. The system records all DDL statements within the last 30 days, and the DML and DQL statements that consume more than 100 ms within the last 30 days. For more information, see Query and analyze slow query logs.