Help Center/ Database Security Service/ User Guide/ Database Security O&M/ Series 2/ Introduction to Database Security Operations and Maintenance
Updated on 2026-07-07 GMT+08:00

Introduction to Database Security Operations and Maintenance

Product Overview

Database Operations and Maintenance Management is a data security product designed to enforce security controls over the operational activities of database maintenance personnel.

Database operations and maintenance leverage technologies such as unified login, permission management, multi-factor authentication, data anonymization, and operation approval to minimize permission controls for maintenance personnel, block risky operations, and enable behavior auditing.

Figure 1 Implementation process

Usage Scenario

The database operation and maintenance management is specifically designed for database operation scenarios, effectively addressing data security risks faced by database maintenance personnel during their work.

Figure 2 Application scenarios

Personnel Identity Authentication

Complete strong identity authentication through multi-factor authentication (MFA) and other methods, enabling traceable operation audits to individual users.

Controllable O&M Permissions

All O&M operations are subject to fine-grained authorization control, preventing user misoperations and risky actions to avoid data leakage.

Approval Required for Sensitive Operations

Operations involving sensitive tables and sensitive fields are subject to mandatory approval workflows, with data desensitization applied automatically.

Comprehensive Operation Logging

All operations performed by O&M personnel on all databases are recorded in tamper-proof, independent logs, supporting centralized auditing.

Product Superiority

The database operations and maintenance management system offers advantages including support for diverse database types, fine-grained operation and maintenance permission control, centralized identity management, multi-dimensional monitoring, comprehensive security policies, and support for High Availability (HA).

Comprehensive Database Protocol Support

The database operation and maintenance management system supports not only mainstream databases such as MySQL, Oracle, SQL Server, PostgreSQL, and DB2, but also various domestic, specialized, and big data databases, fully meeting data security requirements across diverse industries and business scenarios.

Fine-grained and Operational Permission Management

The database operations and maintenance management system implements access control based on three dimensions: subject conditions, object scope, and access behaviors, with each category further subdivided into multiple sub dimensions. With over a hundred policy combinations available, the system enables precise security protection at various data levels.

  • The granular level can be refined to operational users, roles, organizational units, database users, time periods, and more.
  • The object granularity can be set for rows, columns, and other properties.
  • Behavior granularity desensitization operations, blocking operations, SQL statements, etc.
Figure 3 Permission Management

Flexible Protection Targets and Policies

The database operations and maintenance management system supports multi-dimensional control of data assets. Through policy configuration, users can flexibly define protected entities—including databases, tables, fields, records, keywords, and conditions. Strict control policies can be applied to these entities: modifications, deletions, or even visibility restrictions require prior approval.

Product Function

This section introduces the main functions of the database operations and maintenance management system.

Table 1 Product function

Function Name

Description

Section

Home Page

Introduce the three core security capabilities of the exhibits: data access permission control, dynamic data masking, and operational bastion host capabilities.

Home Page

O&M Asset Management

Supports adding, editing and deleting assets. It enables management of accounts in the asset library, and access approval for the asset library is available in the O&M asset control module. Security policies based on identities and access conditions can be configured for asset control, including sensitive data masking policies, high-risk operation blocking policies, row-level access control policies, SQL replacement policies, whitelist & blacklist policies, and audit policies.

O&M Asset Management

User Management

The system includes built-in administrators, security administrators, and security auditors, supporting the separation of three roles with mutual checks and balances to prevent data leaks caused by excessive role permissions.

User Management

Rule Management

The system includes built-in rule management, covering discovery rules and desensitization rules, and also supports user-defined rules.

Rule Management

Behavior Audit

The audit log content provides detailed information about the specific characteristics of access events, enabling a complete reconstruction of user access activities.

In addition to recording platform operation logs, the audit log also contains access logs of operational staff to business data.

Behavior Audit

System Management

Display device information and status, manage devices, diagnose system resource usage (including memory, CPU, hard disk, and network traffic), and perform system upgrades.

Supports network card management. permite exporting and restoring user configuration information.

System Management

O&M Bastion Host Entrance

Administrators can open a dedicated O&M interface via this entrance and conduct daily operations with the WebSQL tool.

Database operators can submit work orders during O&M. Once approved, they can operate databases through the WebSQL secure client.

O&M Bastion Host Entrance

Deployment Method

The database operations and maintenance management system supports proxy deployment. The proxy can be deployed via physical bypass or logical serial methods.

The system integrates with the database operations and maintenance management platform online, enabling maintenance personnel to directly access the device addresses and ports of the platform. Serving as an intermediate node, the platform processes and forwards network traffic.

Figure 4 Agent deployment