Help Center/ GaussDB(DWS)/ Management Guide/ Cluster Security Management/ Protection for Mission-Critical Operations
Updated on 2024-09-05 GMT+08:00
View PDF

Protection for Mission-Critical Operations

Scenario

GaussDB(DWS) protects mission-critical operations. If you want to perform a mission-critical operation on the management console, you must enter a credential for identity verification. You can perform the operation only after your identity is verified. For account security, it is a good practice to enable operation protection. The setting will take effect for both the account and users under the account.

Currently, the following operations are supported: scaling out a cluster, deleting a cluster, restarting a cluster, adding a CN, and deleting a CN.

Enabling Critical Operation Protection

Operation protection is disabled by default. To enable it, perform the following steps:

  1. Log in to the GaussDB(DWS) console.
  2. Move the cursor to the username in the upper right corner of the page and click Security Settings from the drop-down list.
  3. On the Security Settings page, click the Critical Operations tab. Click Enable in the Operation Protection area.

    Figure 1 Critical Operations

  4. On the Operation Protection page, select Enable to enable operation protection.

    • When IAM users created using your account perform a critical operation, they will be prompted to choose a verification method from email, SMS, and virtual MFA device.
      • If a user is only associated with a mobile number, only SMS verification will be available.
      • If a user is only associated with an email address, only email verification will be available.
      • If the user has not bound an email address, a mobile number, or a virtual MFA device, the user needs to bind one to continue with the critical operation.
    • Change your phone number or email address for verification in My Account on the management console.

  5. After operation protection is enabled, when you perform a mission-critical operation, the system will protect the operation.

    For example, when you delete a cluster, a verification dialog box for mission-critical operation protection is displayed. You need to select a mode to perform verification. This helps avoid risks and losses caused by misoperations.

Disabling Operation Protection

To disable operation protection, perform the following steps:

  1. Log in to the GaussDB(DWS) console.
  2. Move the cursor to the username in the upper right corner of the page and click Security Settings from the drop-down list.
  3. On the Security Settings page, click the Critical Operations tab. Click Change in the Operation Protection area.

    Figure 2 Modifying operation protection settings

  4. On the Operation Protection page, select Disable and click OK.