DMS SQL Audit
Prerequisites
• You need to have the permission to go to the SQL Audit page. For menu permissions, see Permission Description.
• Enter and log in to the instance. Then, change or query the data within the instance to generate SQL audit logs.
Procedure
1. Log in to DMS.
2. On the left menu bar, click Security Center > Audit Log in succession.
3. Click the DMS SQL Audit tab to go to the Audit interface.
Precautions
• The DMS SQL Audit logs can be saved for 7 days in the Basic Version and 180 days in the Enterprise Version.
• DMS SQL Audit does not audit all types of SQL statements. For example, SHOW, USE, and other routine database operations that do not involve sensitive data are not audited.
• Only the super administrator and administrators can go to the DMS SQL Audit interface to view the relevant audit records.
Function Introduction
The DMS SQL Audit log records the types of SQL statements executed by a user, the executed database source, and the execution time, and provides three levels of risk assessment for the operation: high risk, medium risk, and low risk. Data source records can be audited down to the table level. In addition, SQL execution results, query duration, number of rows affected, and other information are also recorded. If the execution fails, the corresponding error message is also recorded.
DMS SQL Audit Search
DMS SQL Audit supports the following search items: execution time, SQL type, execution risk, operation user, instance name, instance address, database name/schema name, table name, function, and execution status. Among them, a fuzzy search is supported for search items such as operation user, instance name, instance address, database name/schema name, table name, and more. If you want to clear the already selected search items, you can click the Reset button.
DMS SQL Audit Details
In addition to the above basic information, when you click the Details button, the pop-up Details interface also displays the specific execution statement.
DMS SQL Audit Objects
The DMS SQL Audit objects include SQL statements from four function modules: query window, visualized editing, instance metadata, and SQL change. The audited SQL statements include SELECT, INSERT, CREATE_TABLE, CREATE_SELECT, INSERT_SELECT, ALTER_TABLE, CREATE_DATABASE, ALTER_DATABASE, CREATE_SCHEMA, ALTER_SCHEMA, REVOKE, GRANT, DROP_DATABASE, DROP_SCHEMA, DROP_TABLE, DELETE, UPDATE, TRUNCATE, CREATE_INDEX, DROP_INDEX, and ALTER_INDEX.
DMS SQL Audit Export
DMS SQL Audit supports exporting the current page of records to local. The export format options include csv and xlsx. You select the search item as required, click Query, and then click the Export button. After selecting the file format, you can download the audit logs to the local. You can adjust the number of page breaks and download more audit log records.
Configure Execution Risk
The DMS SQL Audit allows users to customize the execution risk level based on the SQL type. Click Configure Execution Risk to set different execution risk levels for each SQL type.
DMS Operation Audit
Prerequisites
• You need to have the permission to go to the Operation Audit page. For menu permissions, see Permission Description.
• You can change the instances, user roles, organization information, and team information within an organization to generate operation audit records.
Procedure
1. Log in to DMS.
2. On the left menu bar, click Security Center > Audit Log in succession.
3. Click the DMS Operation Audit tab to go to the Audit interface.
Precautions
• The DMS Operation Audit logs can be saved for 7 days in the Basic Version and 180 days in the Enterprise Version.
• DMS operation audit does not audit all user operations. For instance, routine system operations without risk threats are not audited, such as viewing the instance list within a team, and viewing/changing personal information.
• Only the super administrator and administrators can go to the DMS Operation Audit interface to view the relevant operation audit records of the audit.
Function Introduction
The DMS Operation Audit records the operation for an event by the user, the used menu in the DMS, and the operation time, and provides three levels of risk assessment for the event operation: high risk, medium risk, and low risk. Instance information, order information, operation contents, and operation results are also recorded.
DMS Operation Audit Search
The search items of DMS Operation Audit include: execution time, operation risk, operation user, instance name, instance address, order number, function menu, event type, and operation result. Among them, a fuzzy search is supported for search items such as operation user, instance name, instance address, order number, and more. The Function menu is a secondary search box. You need to select one item from Development Space, Data Source Management, Security Center, Personal Center, and O&M Management, and then select the secondary menu in the pop-up option. If you want to clear the already selected search items, you can click the Reset button.
DMS Operation Audit Details
When you click the Details button, the Details interface appears. In addition to the above basic information, the Details interface also displays specific operations.
Viewing Order Details
When you click Order Number in the log record, the system navigates to the Order Details interface, which displays the key contents such as order number, order type, order status, creator, creation time, order description, pre-check result, order approval process, exception information, and more.
Configuring Operation Risks
The DMS Operation Audit allows users to customize the operation risk level based on the event type. Click Configure Operation Risk to set different operation risk levels for each event type. When configuring, you can directly select the risk level in the secondary menu. Then, all the events under the secondary menu will be set to the same risk level.
