Updated on 2026-07-07 GMT+08:00

Strategy Template

Policy Template: When creating or editing policies under the path Ops Asset Control > Security Control > Policy Management, users can directly reference policy templates. This effectively reduces workload and operation time for administrators and enables rapid configuration of policy rules. Policy templates are available for all O&M asset repositories with the same database type.

Adding Policy Template

  1. Logging in to the Database Operations and Maintenance Management System using the sysadmin system administrator account.
  2. In the left navigation bar, select Rule Management> Strategy Template. The page displays policy template information by database type.
  3. The right side of the page defaults to the policy template under the first database type.
  4. Select one rule type from: Fuzzy Matching Desensitization, SQL Block, Row Access Control, SQL Replace, Table Name Replacement, or Access Audit.
  5. Click the Add Template button.
  6. Configure basic information of the policy template.

    Figure 1 Basic information
    Table 1 Parameter escription for basic information of new policy template

    Parameter

    Description

    Template Name

    Enter any character-based string for easy management and memorization. (Required)

    Template Type

    Including Fuzzy Matching Desensitization, SQL Block, Row Access Control, SQL Replace, Table Name Replacement, and Access Audit policy types. (Required)

    Group by DB

    Database type: Supported database types include, but are not limited to, MySQL, PostgreSQL, Oracle, DB2, SQL Server, MariaDB, Kingbase, Dameng, Greenplum and OpenGauss. (Required)

    Template Description

    Enter the descriptive information for the current rule.

  7. Condition information for the configuration policy template.

    Figure 2 onditional information
    Table 2 Parameter escription for condition information of new policy template

    Parameter

    Description

    Operations and Maintenance User

    Used to define the prevention and control scope for application users.

    Operations and Maintenance Role

    The role information defined in the User Management > System Roles feature allows each user to belong to one or more roles.

    Organization.

    The User Management > Company feature defines organizational information, and each user can belong to one organization.

    Database User

    Used to define the protection scope for database users.

    Client IP

    Define the range of IP addresses and determine the scope of security controls using various IP address operators such as equal to, includes, and excludes. It also supports direct reference to IP templates.

    Client Hostname

    Terminal host name (available for ORACLE, Dameng, and MS_SQLSERVER database types).

    Client OS User

    Client-side OS user (available when using the ORACLE database type).

    Client Tools

    The name of the client tool used by operations personnel to access data, such as WebSQL.

    Impact Period

    Effective time range of the current rule: Select Start Time - End Time.

  8. Configure matching information of the policy template.

    • Template Type: Fuzzy Matching Desensitization.
      Figure 3 Matching nformation – Fuzzy Matching Desensitization
      Table 3 Parameter escription for Fuzzy Matching Desensitization of new policy template

      Parameter

      Description

      Matching content

      This option applies when you select Fuzzy Matching Desensitization under Template Type.

      One type of matching condition. Matches SQL statements using regular expressions.

      Enter a regular expression, for example: *. represents all SQL statements. select.* represents statements starting with select.

      Column Masking

      One type of matching condition. It matches schema names, table names and column names via regular expressions, and bulk-configures desensitization rules for dictionaries that meet the criteria by setting the data domain.

      Displayed only when the rule type is set to Fuzzy Matching Desensitization.

      Example:

      • Schema name: .* .This is a regular expression for any pattern.
      • Table name: .* .This is a regular expression applicable to any table.
      • Column name: .*name.* .This is a regular expression that matches any field whose name contains the substring name.
    • Template Type-SQL Block
      Figure 4 Matching Information-SQL Block
      Table 4 Parameter escription for SQL Blocking of new policy template

      Parameter

      Description

      Matching Content

      The Template Type option takes effect when SQL Block is selected.

      Select the usage scenario for SQL matching.

      One type of matching condition. Matches SQL statements using regular expressions.

      Enter a regular expression, for example: .* represents all SQL statements. select .* represents statements starting with select.

    • Template Type-Row Access Control
      Figure 5 Matching nformation-Row Access Control
      Table 5 Parameter escription for Row Access Control of new policy template

      Parameter

      Description

      Accessible Number of Rows

      The Template Type option takes effect when you select Row Access Control.

      The number of rows returned to control data access. Must be entered as a numeric value.

    • Template Type-SQL Replace
      Figure 6 Matching nformation-SQL Replace
      Table 6 Parameter escription for SQL Replacement of new policy template

      Parameter

      Description

      Matching Content

      The Template Type option takes effect when you select SQL Replace.

      One type of matching condition. Matches SQL statements using regular expressions.

      Enter a regular expression, for example: .* represents all SQL statements. select .* represents statements starting with select.

      Replace SQL

      Display when the rule type is SQL replacement type.

      Enter an SQL statement here; the system will replace all SQL statements that meet this policy condition with this statement.

    • Template Type-Table Name Replacement
      Figure 7 Matching nformation-Table Name Replacement
      Table 7 Parameter escription for Table Name Replacement of new policy template

      Parameter

      Description

      Matching Content

      The Template Type option takes effect when you select Table Name Replacement.

      Select the usage scenario for SQL matching.

      One type of matching condition. Matches SQL statements using regular expressions.

      Enter a regular expression, for example: .* represents all SQL statements. select .* represents statements starting with select.

      Replace Table

      Display when the rule type is: Table Name Replacement Type.

      Configure the original table name and the replaced table name.

      You can replace table names for multiple tables simultaneously here.

  9. Configure response action information of the policy template.

    Figure 8 Response ction
    Table 8 Parameter escription for response actions of new policy template

    Parameter

    Description

    Audit

    By default, no audit is performed; you can choose Audit or Alarm Audit.

    When auditing is enabled, record the user's data access behavior in the Policy Matching Audit if it meets the policy conditions.

    When enabling alert auditing, the system records data access behaviors that meet policy conditions in the Policy Matching Audit. Additionally, email alerts are selected based on the alert method, and the alert information is sent to administrators via email. Recipients of these alerts are configured through the Data Specialist role in Operations Asset Control.

    Alarm Method

    Display when the Audit parameter is set to Alarm Audit.

    You can choose email alert notification.

    Configure the alert email server. See Alert Notification.

    Control Action

    Display when the rule type is SQL Block. The display tab is Block.

    Block return messages

    Display when the rule type is SQL Block. (Required)

    The feature allows you to customize SQL blocking messages.

  10. Click OK.

Related Operations

Subsequently, you may perform the following operations on the Policy Template Management page as needed:

  • Edit: Modify the policy template information to reset its basic settings. To modify the policy template, perform the following steps:
    1. Click the eye icon next to the database type name in the left tree.
    2. On the right side of the page, display the strategy template for the current database type. Click the Edit button.
    3. Modify the policy template information. The steps are similar to add strategy template.
    4. Click OK.
  • Delete: To delete the policy template, perform the following steps:
    1. In the database type list on the left tree, select the database type to which the policy template you want to modify belongs.
    2. Click the eye icon next to the database type name.
    3. Display the policy template for the current database type on the right side of the page.
    4. To delete a policy template, select the template and click Delete.
    5. Deleting cannot be undone, are you sure?
    6. Click OK to delete the policy template.

Configure policy templates based on database type because the system uses modified access SQL. Database functions vary across different database types, so separate policy templates must be configured for each type.