Help Center/ GaussDB(DWS)/ User Guide/ GaussDB(DWS) Cluster Data Security and Encryption/ Enabling Critical Operation Protection for the GaussDB(DWS) Console
Updated on 2024-10-21 GMT+08:00
View PDF
Share

Enabling Critical Operation Protection for the GaussDB(DWS) Console

Scenario

GaussDB(DWS) protects mission-critical operations. If you want to perform a mission-critical operation on the management console, you must enter a credential for identity verification. You can perform the operation only after your identity is verified. For account security, it is a good practice to enable operation protection. The setting will take effect for both the account and users under the account.

Currently, the following operations are supported: scaling out a cluster, deleting a cluster, restarting a cluster, adding a CN, and deleting a CN.

Enabling Critical Operation Protection

Operation protection is disabled by default. To enable it, perform the following steps:

  1. Log in to the GaussDB(DWS) console.
  2. Move the cursor to the username in the upper right corner of the page and click Security Settings from the drop-down list.
  3. On the Security Settings page, click the Critical Operations tab. Click Enable in the Operation Protection area.

    Figure 1 Critical Operations

  4. On the Operation Protection page, select Enable to enable operation protection.

    • When IAM users created using your account perform a critical operation, they will be prompted to choose a verification method from email, SMS, and virtual MFA device.
      • If a user is only associated with a mobile number, only SMS verification will be available.
      • If a user is only associated with an email address, only email verification will be available.
      • If the user has not bound an email address, a mobile number, or a virtual MFA device, the user needs to bind one to continue with the critical operation.
    • Change your phone number or email address for verification in My Account on the management console. For details, see IAM Basic Information.

  5. After operation protection is enabled, when you perform a mission-critical operation, the system will protect the operation.

    For example, when you delete a cluster, a verification dialog box for mission-critical operation protection is displayed. You need to select a mode to perform verification. This helps avoid risks and losses caused by misoperations.

Disabling Operation Protection

To disable operation protection, perform the following steps:

  1. Log in to the GaussDB(DWS) console.
  2. Move the cursor to the username in the upper right corner of the page and click Security Settings from the drop-down list.
  3. On the Security Settings page, click the Critical Operations tab. Click Change in the Operation Protection area.

    Figure 2 Modifying operation protection settings

  4. On the Operation Protection page, select Disable and click OK.