Help Center/ Cloud Bastion Host/ Best Practices/ Secondary Authorization for High-Risk Database Operations
Updated on 2022-11-30 GMT+08:00

Secondary Authorization for High-Risk Database Operations

With CBH editions, you can delete, modify, and view your database instances by running commands. To secure sensitive database information and prevent key information from being lost or disclosed, CBH gives you the ability to configure an approval process for high-risk database operations and monitor key information.

Use administrator admin_A as an example to describe how to authorize O&M user User_A to perform secondary authorization for high-risk operations on MySQL database instance RDS_A.

Application Scenarios

With Cloud Bastion Host (CBH), you can dynamically identify and intercept high-risk commands (including deleting databases, modifying key information, and viewing sensitive information) to interrupt database O&M sessions by setting database control policies and preset command execution policies. In addition, the system automatically generates a database authorization ticket and sends it to the administrator for secondary authorization. O&M users can resume interrupted O&M sessions only after the administrator approves the ticket and authorizes the high-risk operations.

Constraints

Currently, secondary authorization of high-risk operations only applies to the commands executed on the MySQL or Oracle database instances.

Prerequisites

  • The security group to which the CBH instance belongs has enabled the database access port, and the network connection between the database and the CBH system is normal.
  • Database RDS_A has been managed as a host resource.
  • O&M user User_A has obtained the access control permission for RDS_A.

Configuring the Secondary Authorization Policy

To approve high-risk operations on database instances, you need to preset command rules on the DB Rules page in the Policy module and enable Dynamic approval in the Action field.

  1. Log in to the CBH system as admin_A.
  2. Choose Policy > DB Rules to go to the DB Rules page.
  3. Configure the database rule set and select the preset high-risk operation commands.

    1. Click the RegSet tab.
      Figure 1 RegSet
    2. Click New to create a rule set for MySQL databases. Use the DB-test rule set as an example.
      Figure 2 New RegSet
    3. Click Add Regulation in the Operation column of the DB-test row to add a library, table, or command rule. The following describes how to add the DELETE command for deleting table content.
      • The Cmd field is mandatory. You must select at least one command. You can select multiple commands at a time.
      • Set the Lib or Table field to restrict operation commands on the database library or tables.
      • If the Lib or Table field is left blank, all operation commands in the database are restricted.
      Figure 3 Add regulation

  4. Configure a DB rule.

    1. Click the DB Rules tab.
      Figure 4 DB Rules
    2. Click New to create a Dynamic approval rule for the database. Use database rule DB-ACL as an example.
      Figure 5 Configuring dynamic approval
    3. Relate the rule to rule set DB-test.
      Figure 6 Relating a new database rule to a rule set (RegSet)
    4. Relate user User_A to resource RDS_A.
      Figure 7 Relating users to resources

Verifying the Secondary Authorization Policy

An O&M user performs a high-risk operation and applies for operation permissions after the operation is intercepted. The administrator authorizes the high-risk operation after review to strengthen the management and control of core database assets.

  1. Log in to RDS_A as O&M user User_A.

    1. Log in to the CBH system.
    2. Choose Operation > Host Ops.
    3. Click Log In to log in to database resource RDS_A using an SSO tool.
      Figure 8 Database login

  2. Use the Navicat client as an example. O&M user User_A deletes table content from RDS_A. The DELETE command is automatically intercepted, and a message is displayed indicating that User_A does not have the permission to delete the table content.
  3. O&M user User_A submits a database authorization ticket to administrator admin_A for approval of the deletion operation.

    1. Log in to the CBH system as O&M user User_A.
    2. Choose Ticket > DB Tickets and view the tickets generated due to the interception of the deletion.
    3. Click Submit to submit the application for granting the required permissions on RDS_A.
      Figure 9 DB Tickets

  4. The admin_A approves or rejects the O&M operations performed by User_A based on situation.

    1. Log in to the CBH system as administrator admin_A.
    2. Choose Ticket > Approve and review the ticket submitted by User_A.
    3. Click Approve or Reject to approve or reject the ticket.

      Only after the administrator approves the ticket, the O&M user can resume the intercepted high-risk operations.

      Figure 10 Ticket approval