Example of Real-time Data Access Permission Request/Approval
For operational tasks beyond standard access control permissions, the database operations management system provides a work order approval mechanism when maintenance personnel genuinely require such actions. Maintenance staff can pre-populate the required operations—including statements, scripts, objects, and necessary permissions—into a work order for submission. These tasks may only be executed within the specified time window after approval by the system-designated reviewer.
Upon completion of the operation, the system automatically revokes permissions based on the specified expiration time, ensuring optimal balance between security and business operations.
NOTE: This feature requires collaboration between the sysadmin and secadmin roles.
- sysadmin: System administrator responsible for daily maintenance of the database operations management system, including configuring data assets, setting protection policies, and approving operations tickets. Required permissions include asset management, policy protection, and ticket approval menus. The system supports database operations-daily maintenance via a secure client and high-risk operations initiated through tickets-with ticket submission permission required.
- secadmin: Security administrator responsible for managing the system database operations and maintenance, including personnel permission management and system role configuration.
Real-time application for data access permissions
- Logging in to the Database Operations and Maintenance Management System using the sysadmin system administrator account.
- Connect to and access the database successfully via the web terminal of the O&M bastion host.
- Use the security client: In the left navigation bar, select Ops Bastion Host Inventory and click One-Click Login. A new tab for the O&M bastion host will open in the browser .
- On the O&M bastion host management page, select the newly added O&M asset and click the WEB terminal icon.
- A new WebSQL tab will launch in the browser, and the database will be connected successfully through the proxy service.
- Double-click a table name in the lower area; the corresponding query statement will be automatically filled into the SQL editing area on the right.
- Click the Execute button. Figure 1 WebSQL execution button location
- The result area displays returned data or permission restriction notifications.
- Click the Authorization application button to initiate a real-time work order for data access permission application.
- A new page titled User Access Permission Application opens in the browser.
- Fill in the application reason and valid access duration, then click Submit Application.
Data Permission Approval
- Logging in to the Database Operations and Maintenance Management System using the sysadmin system administrator account.
- In the left navigation bar, select Ops Asset Management > Ops Asset Control, and the asset control list is displayed on the page.
- Select the Ops asset control submitted by the applicant and click Config; a new page will open in the browser.
- Select Security Control > Data Access Approval to display the pending approval list.
- Pick the pending permission item and click Pending Approval to pop up the Permission Approval Details window.
- Verify the detailed pending information and click Pass Through to grant permissions to the applicant.
- The database operator may proceed with subsequent data access operations.
Verify Configuration Effect
- Logging in to the Database Operations and Maintenance Management System using the sysadmin system administrator account.
- Access the database successfully via the web terminal of the O&M bastion host.
- Use the security client: In the left navigation bar, select Ops Bastion Host Inventory and click One-Click Login. A new tab for the O&M bastion host will open in the browser .
- On the O&M bastion host management page, select the newly added O&M asset and click the WEB terminal icon.
- A new WebSQL tab will launch in the browser, and the database will be connected successfully through the proxy service.
- Double-click a table name in the lower area; the corresponding query statement will be automatically filled into the SQL editing area on the right.
- Click the Execute button. Figure 2 WebSQL execution button location
- The query result area displays the returned data.
Verification of O&M Access Audit Effect
Log in to the database O&M management system with a security administrator account to view audit log information.
- Logging in to the Database Operations and Maintenance Management System using the sysadmin system administrator account.
- Select Behavioral Auditing > Ops Access Audit from the left navigation bar to check daily data access logs of database operators.
- Any access operation that triggers security policies will be recorded under Behavioral Auditing > Policy Matching Audit.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot