Updated on 2026-07-07 GMT+08:00

Managing Backup and Restoration

Database audit logs can be backed up to OBS buckets to achieve high availability for disaster recovery. You can back up, restore, or delete database audit logs.

Audit logs are backed up to OBS. Buckets are automatically created for you and billed per use. For details about OBS pricing, see Pricing Details.

Prerequisites

  • The database audit instance is in the Running state.
  • For details about how to enable database audit, see Enable Database Audit.
  • If a user has the Security Administrator permission of IAM, DBSS automatically grants authorization permissions for the user. Users who lack this permission must have an IAM Security Administrator manually create and grant it to them. For details, see OBS Fine-grained Authorization.

Managing Backup and Restoration

  1. Log in to the DBSS console.
  2. Click in the upper left corner on the displayed page and select a region.
  3. In the navigation tree on the left, choose Settings.
  4. In the Instance drop-down list, select an instance to configure alarm notifications.
  5. Click the Backup and Restoration tab page.

Automatically Backing Up Database Audit Logs

  1. Click Modify Automated Backup Settings in the upper right corner. In the displayed dialog box, configure auto backup parameters. For details, see Table 1.

    Figure 1 Configure Automatic Backup dialog box
    Table 1 Parameters

    Parameter

    Description

    Example Value

    Automatic Backup

    Status of automatic backup

    • : enabled
    • : disabled

    Backup Period

    Automatic backup period. Its options are as follows:

    • Daily
    • Hourly

    Daily

    Started

    Start time of the backup. Click to configure.

    2020/01/14 20:27:08

    Bucket Name

    Name of the OBS bucket used for backup. Its options are as follows:

    • Create Default Bucket
    • Select Bucket
    NOTE:
    • If you click Create Default Bucket, you will be prompted to authorize OBS for exporting audit log backups.
    • Audit logs can be exported only to the bucket created by DBSS.

    20f18-7a5a-4042

    Export Directory

    Directory for storing backup files in the OBS bucket.

    test

    Authorize Automated Backup

    Authorize automatic backup before setting an automatic backup task. If you select this option, DBSS can read and write the OBS bucket for audit log backup and export.

    CAUTION:

    Automated backup takes effect about 15 minutes after authorization is completed.

    Selected

  2. Click OK.

    After the automatic backup function is configured, new data in the database will be backed up one hour later. Then you can view the backup information.

Viewing Backup Audit Logs

View the backup audit log information. For details, see Table 2.

You can select All, 1 hour, 24 hours, 7 days, 30 days, or a custom time range to view backup logs. You can also select an attribute from the search box above the list or enter a keyword to search for specified backup logs.

Figure 2 Viewing backup audit logs
Table 2 Audit log parameters

Parameter

Description

Log Name

Name of a log, which is automatically generated.

Backup Time

Time when a log is backed up.

File Size

Log file size.

Backup Mode

How logs are backed up.

Backup Scope

Backup time window.

sha256

Verification value of a backup log.

Task Status

Backup status of a log.

Restoring Database Audit Logs

After backing up database audit logs, you can restore the audit logs as required.

Log restoration involves operational risks. Before proceeding, verify that the backup data is accurate and complete.

  1. In the Operation column of a backup log, click Restore Log.
  2. In the displayed dialog box, click OK.

    Figure 3 Confirming the restoration of audit logs

Deleting Backup Logs

After database audit logs are backed up, you can delete the backup files as needed. Deleted backup logs cannot be restored.

  1. In the Operation column of a backup log, click Delete.
  2. In the displayed dialog box, enter DELETE and click OK to delete the backup log.

    Figure 4 Confirming the restoration of audit logs

OBS Fine-grained Authorization

DBSS backup and restoration require OBS permissions. Users without IAM authorization permissions must be manually authorized by a user having the Security Administrator permission.

  1. Log in to the management console.
  2. Select a region, click in the upper left corner, and choose Management & Governance > Identity and Access Management.
  3. In the navigation pane, choose Permissions > Authorization. Click Create Custom Policy.
  4. Configure policy parameters. Set Policy Name to DBSS OBS Agency Access. Set Policy View to JSON. The policy content is as follows:

    {
        "Version": "1.1",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "obs:object:PutObjectVersionAcl",
                    "obs:object:PutObjectAcl",
                    "obs:object:GetObjectVersion",
                    "obs:object:GetObject",
                    "obs:object:GetObjectVersionAcl",
                    "obs:bucket:HeadBucket",
                    "obs:object:GetObjectAcl",
                    "obs:bucket:CreateBucket",
                    "obs:bucket:ListBucket",
                    "obs:object:PutObject"
                ],
                "Resource": [
                    "OBS:*:*:object:*",
                    "OBS:*:*:bucket:OBS_Bucket_Name_1",
                    "OBS:*:*:bucket:OBS_bucket_2" //You can add multiple buckets.
                ]
            }
        ]
    }

    See Figure 5. Click OK.

    Figure 5 Creating a custom policy

  5. In the navigation pane, choose Agencies and then click Create Agency in the upper right corner.
  6. Configure agency parameters. Set Agency Name to dbss_depend_obs_trust. Set Agency Type to Cloud service. Set Cloud Service to DBSS. See Figure 6.

    Figure 6 Creating an agency

  7. Click Next. Select the custom policy created in 4, and add the permission DBSS OBS Agency Access to the agency dbss_depend_obs_trust, as shown in Figure 7. Click Next in the lower right corner.

    Figure 7 Selecting a policy

  8. Set Scope to All resources and click OK. If the message in Figure 8 is displayed, the authorization is successful. Click Finish. The authorization will take effect in about 15 minutes.

    Figure 8 Authorization completed

References