检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Logging All non-query operations on users' personal data, including creating and deleting instances, are recorded in audit logs by DBSS and uploaded to CTS. Users can only view their own audit logs.
In the agent-free DWS scenarios, DWS creates an agent named DWSAccessLTS and grants it the permission to access LTS for uploading audit logs to the tenant's LTS.
Security Shared Responsibilities Asset Identification and Management Identity Authentication and Access Control Data Protection Audit and Logs Resilience Risk Monitoring Certificates
Database Security Encryption Management Instance Management Database Security Encryption Instance Management System Administrator Operation Guide Security Administrator Operation Guide Operation Guide for Audit Administrators
Table 1 Items billed on a yearly/monthly basis Billed Item Description Database Audit Edition of database audit. Currently, the basic, professional, and advanced editions are available.
Alarm information Querying Audit Alarm Information Batch Marking Deleting the Alarm History Marking Monitoring Alarms Obtaining Instance Alarm Configurations Setting Instance Alarm Settings Parent topic: API
Auditing a Database Querying databases Querying the RDS Database List Adding a Self-Built Database Adding an RDS Database Deleting a Database Enabling or Disabling Database Export audit database configuration to OBS Parent topic: API
If the DBSS instance and the agent are in different VPCs, DBSS cannot audit the database. Parent topic: Purchase
Table 1 System permissions Role/Policy Name Description Type Dependency DBSS Audit Administrator DBSS audit administrator, who has the permissions to check DBSS security logs.
Data Reports Querying Audit SQL Statements Obtaining Details About a Specified SQL Statement Obtaining SQL Distribution Statistics in a Specified Period Obtaining Statistics on Query Sessions in a Specified Period Obtaining the Distribution of Risky Operations in a Specified Period
and then purchase the database audit instance in the desired VPC. To connect the DBSS instance to the desired VPC, submit a service ticketsubmit a service ticket. Parent topic: Functions
Auditable Operations Cloud Trace Service (CTS) records all cloud service operations on DBSS, including requests initiated from the management console or open APIs and responses to the requests, for tenants to query, audit, and trace.
Table 1 Billing mode Billing Mode Yearly/Monthly Payment Prepaid Billed by the subscription term you purchase Billing Period Billed by the subscription term you purchase Billed Items Database Audit Billing for Stopped DBSS Instances Billed by the subscription term you purchase Changing
Audit administrator audadmin Audits, traces, analyzes, supervises, and checks the operations of system administrators and security administrators. The default password is the same as the password of the sysadmin user set during instance purchase.
On the database audit purchase page, you can select an enabled enterprise project. The cost of the newly purchased DBSS instance will be allocated based on the enterprise project.
Prerequisites Purchase database audit by referring to Purchasing DBSS. Procedure Log in to the management console. Click in the upper left corner of the page and choose Management & Governance > Cloud Eye.
Billed Item DBSS is billed by the database audit instance specifications. For details about the billing factors and formulas for each billed item, see Billing Items. For more information about the billing samples and the billing for each item, see Billing Example.
Table 2 Edition specifications Parameter Description Edition Select Database Audit Encryption Enhanced Edition under advanced edition. The specifications are as follows: Asset quantity: A maximum of 10 databases are supported.
** Default value**: N/A resource_type Yes String Definition: Resource type ** Restrictions**: N/A Range: auditInstance: audit ** Default value**: N/A Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String ** Parameter description
Default Value: N/A resource_type Yes String Definition: Resource type Constraints N/A Range: auditInstance: audit ** Default value**: N/A resource_id Yes String Definition: Resource ID.
