Help Center/ Database Security Service/ Service Overview/ DBSS
Updated on 2025-04-29 GMT+08:00
View PDF

DBSS

Database Security Service (DBSS) provides database audit, database encryption and access control functions. It records user access to the database in real time, generates fine-grained audit reports, and sends real-time alarms for risky operations and attack behaviors. As a proxy encryption gateway, the system is deployed between the database and client applications. Any access must pass through the gateway to implement data encryption and access control.

Supported Databases

Database audit provides the audit function in out-of-path disposition pattern for the following databases on Huawei Cloud:

  • Relational Database Service (RDS)
  • Databases built on ECS
  • Databases built on BMS

Databases of some types and versions can be audited without using agents, as shown in Table 1.

Table 1 Agent-free relational databases

Type

Supported Edition

GaussDB(for MySQL)

All editions are supported by default.

RDS for SQLServer

All editions are supported by default.

RDS for MySQL
  • 5.6 (5.6.51.1 or later)
  • 5.7 (5.7.29.2 or later)
  • 8.0 (8.0.20.3 or later)

GaussDB(DWS)
  • 8.2.0.100 or later

PostgreSQL

NOTICE:

If the size of an SQL statement exceeds 4 KB, the SQL statement will be truncated during auditing. As a result, the SQL statement is incomplete.
  • 14 (14.4 or later)
  • 13 (13.6 or later)
  • 12 (12.10 or later)
  • 11 (11.15 or later)
  • 9.6 (9.6.24 or later)
  • 9.5 (9.5.25 or later)

RDS for MariaDB

All editions are supported by default.

Database audit supports the following database types and versions.

Table 2 Database types and versions supported by database audit

Database Type

Edition

MySQL
  • 5.0, 5.1, 5.5, 5.6, 5.7
  • 8.0 (8.0.11 and earlier)
  • 8.0.30
  • 8.0.35
  • 8.1.0
  • 8.2.0

Oracle
  • 11g

    11.1.0.6.0, 11.2.0.1.0, 11.2.0.2.0, 11.2.0.3.0, and 11.2.0.4.0

  • 12c

    12.1.0.2.0, 12.2.0.1.0

  • 19c

PostgreSQL
  • 7.4
  • 8.0, 8.1, 8.2, 8.3, 8.4
  • 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.6
  • 10.0, 10.1, 10.2, 10.3, 10.4, 10.5
  • 11
  • 12
  • 13
  • 14

SQL Server
  • 2008
  • 2012
  • 2014
  • 2016
  • 2017

GaussDB(for MySQL)

8.0

DWS
  • 1.5

DAMENG

DM8

KINGBASE

V8

SHENTONG

V7.0

GBase 8a

V8.5

GBase 8s

V8.8

Gbase XDM Cluster

V8.0

Greenplum

V6.0

HighGo

V6.0

GaussDB
  • 1.3 Enterprise Edition
  • 1.4 Enterprise Edition
  • 2.8 Enterprise Edition
  • 3.223 Enterprise Edition

MongoDB

V5.0

DDS

4.0

Hbase

(Supported by CTS instance 23.02.27.182148 and later versions)
  • 1.3.1
  • 2.2.3

Hive
  • 1.2.2
  • 2.3.9
  • 3.1.2
  • 3.1.3

MariaDB

10.6

TDSQL

10.3.17.3.0

Vastbase

G100 V2.2

TiDB
  • V4
  • V5
  • V6
  • V7
  • V8

Database encryption supports the following database types and versions, as shown in Table 3.

Table 3 Database types and versions supported by database encryption

Type

Edition

MySQL
  • 5.5, 5.6, and 5.7
  • 8.0

Oracle
  • 11g
  • 12c

PostgreSQL
  • 9.4
  • 11.5

SQL Server

2012

DAMENG
  • DM6
  • DM7.6
  • DM8.1

KINGBASE
  • V8R3
  • V8R6

TBASE

V2.15

HOTDB

2.5.6

GaussDB

A

TDSQL

10.3

Service Features

  • Help you meet security compliance requirements.
    • Comply with DJCP (graded protection) standards for database audit.
    • Comply with security laws and regulations, and provide compliance reports that meet data security standards (such as Sarbanes-Oxley).
  • Back up and restore database audit logs and meet the audit data retention requirements.
  • Monitor risks, sessions, session distribution, and SQL distribution in real time.
  • Report alarms for risky behaviors and attacks and responds to database attacks in real time.
  • Locate internal violations and improper operations and keep data assets secure.
Deployed in out-of-path pattern, database audit can perform flexible audit on the database without affecting user services.
  • Monitors database login, operation type (data definition, operation, and control), and operation object based on risky operations to effectively audit the database.
  • Analyzes risks, sessions, and SQL injection to help you master the database situation in a timely manner.
  • Provides a report template library to generate daily, weekly, or monthly audit reports according to your configurations. Sends real-time alarm notifications to help you obtain audit reports in a timely manner.