このページは、お客様の言語ではご利用いただけません。Huawei Cloudは、より多くの言語バージョンを追加するために懸命に取り組んでいます。ご協力ありがとうございました。
Policy Management
The administrator creates policies for database audit, watermarking, and static masking on the policy management page of the policy center, and then deploys these policies to the relevant services or instances.
Policy Types
- Database audit: Monitor and records database activities to ensure data integrity, security, and compliance.
- Database watermarking: Embed invisible identifiers into data to verify data authenticity and ownership and trace data leakage sources.
- Static database masking: Mask sensitive data to ensure privacy and security while retaining the data structure and statistics features.
Creating a Policy
The following part describes how to create a policy.
Connect to the DBSS service to monitor and record database instances that do not require agent audits, ensuring data integrity, security, and compliance.
Prerequisites
DBSS has been enabled and an instance has been added.
- Log in to the management console.
- Click
in the upper left corner and select a region or project. - In the navigation tree on the left, click
. Choose . - Choose Policy Center > Policy Management. The Policy Management page is displayed.
- Click Create Policy in the upper left corner. The Create Policy page is displayed.
- Select the Database audit policy type.
- Click Start configuring. The page for configuring the database audit policy type is displayed.
- Set the parameters by referring to Table 1.
Table 1 Parameters for configuring a database audit policy Parameter
Description
Policy Name
Enter a policy name. The name can contain a maximum of 255 characters, including letters, digits, underscores (_), and hyphens (-).
Associated Instance
Select a database audit instance from the drop-down list.
Target Data Source
Select the target data source from the drop-down list. Only database instances that do not require agent audit are supported.
Display Result Set
When the function for recording result sets is enabled, the system logs the SQL result content. You can view this content in the logs. If the function is disabled, the SQL result in the log details will be empty.
Recording result sets may lead to information leakage. Therefore, it is recommended not to enable this function.
Mask Privacy Data
You are advised to set masking rules to prevent sensitive data leakage.
- Click Save and Deliver. The policy list is displayed, showing the newly created policy.
Embed invisible identifiers into data to verify data authenticity and ownership and trace data leakage sources.
- Log in to the management console.
- Click
in the upper left corner and select a region or project. - In the navigation tree on the left, click . Choose .
- Choose Policy Center > Policy Management. The Policy Management page is displayed.
- Click Create Policy in the upper left corner. The Create Policy page is displayed.
- Select the Database Watermark policy type.
- Click Start configuring. On the Database Watermarking page that is displayed, create a watermark injection or watermark extraction task. For details, see Injecting Watermarks to Databases and Extracting Watermarks from Databases.
Mask sensitive data to ensure privacy and security while retaining the data structure and statistics features.
- Log in to the management console.
- Click
in the upper left corner and select a region or project. - In the navigation tree on the left, click . Choose .
- Choose Policy Center > Policy Management. The Policy Management page is displayed.
- Click Create Policy in the upper left corner. The Create Policy page is displayed.
- Select the Static database masking policy type.
- Click Start configuring. On the displayed data masking page, create a data masking task. For details, see Static Data Masking.
Connect to the DBSS service to monitor and record database instances that do not require agent audits, ensuring data integrity, security, and compliance.
Prerequisites
DBSS has been enabled and an instance has been added.
- Log in to the management console.
- Click in the upper left corner and select a region or project.
- In the navigation tree on the left, click . Choose .
- Choose Policy Center > Policy Management. The Policy Management page is displayed.
- Click Create Policy in the upper left corner. The Create Policy page is displayed.
- Select the Database audit policy type.
- Click Start configuring. The page for configuring the database audit policy type is displayed.
- Set the parameters by referring to Table 1.
Table 1 Parameters for configuring a database audit policy Parameter
Description
Policy Name
Enter a policy name. The name can contain a maximum of 255 characters, including letters, digits, underscores (_), and hyphens (-).
Associated Instance
Select a database audit instance from the drop-down list.
Target Data Source
Select the target data source from the drop-down list. Only database instances that do not require agent audit are supported.
Display Result Set
When the function for recording result sets is enabled, the system logs the SQL result content. You can view this content in the logs. If the function is disabled, the SQL result in the log details will be empty.
Recording result sets may lead to information leakage. Therefore, it is recommended not to enable this function.
Mask Privacy Data
You are advised to set masking rules to prevent sensitive data leakage.
- Click Save and Deliver. The policy list is displayed, showing the newly created policy.
Embed invisible identifiers into data to verify data authenticity and ownership and trace data leakage sources.
- Log in to the management console.
- Click in the upper left corner and select a region or project.
- In the navigation tree on the left, click . Choose .
- Choose Policy Center > Policy Management. The Policy Management page is displayed.
- Click Create Policy in the upper left corner. The Create Policy page is displayed.
- Select the Database Watermark policy type.
- Click Start configuring. On the Database Watermarking page that is displayed, create a watermark injection or watermark extraction task. For details, see Injecting Watermarks to Databases and Extracting Watermarks from Databases.
Mask sensitive data to ensure privacy and security while retaining the data structure and statistics features.
- Log in to the management console.
- Click in the upper left corner and select a region or project.
- In the navigation tree on the left, click . Choose .
- Choose Policy Center > Policy Management. The Policy Management page is displayed.
- Click Create Policy in the upper left corner. The Create Policy page is displayed.
- Select the Static database masking policy type.
- Click Start configuring. On the displayed data masking page, create a data masking task. For details, see Static Data Masking.
Related Operations
- Disabling a policy: You can click Disable in the Operation column of a policy that is enabled and successfully delivered to disable the policy. After you click Disable, the policy status changes to Disabled (Delivering). When the policy status changes to Disabled (Delivered), the policy is disabled.
NOTE:
After an encryption policy is enabled and delivered, it cannot be disabled or deleted. You can click Decrypt under Operation > More to decrypt the corresponding encryption policy. After decryption, a suffix is appended to the encryption policy name. A new decryption policy will not be generated.
- Deleting a policy: Click Delete in the Operation column of a policy that is successfully delivered to delete the policy. After you click Delete, a message is displayed in the upper right corner of the page, indicating that the policy is successfully deleted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
