检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
After the separation of permissions is enabled, a system administrator does not have the CREATEROLE attribute (security administrator) and AUDITADMIN attribute (audit administrator).
Key Operations With CTS, you can record operations associated with GaussDB(DWS) for future query, audit, and backtracking. The creation and deletion of automated snapshots are not performed by users, therefore not recorded in audit logs.
Security Shared Responsibilities Authentication and Access Control Cyber Security Data Protection Technologies Audit and Logging Service Resilience Risk Monitoring Certificates Security Notices
When separation of permissions is enabled, configure the username and password for Security Administrator and Audit Administrator. Then the system automatically creates these two users.
API Description AZ Cluster Management Snapshot Management Event Management Data Source Audit logs Resource Management Alarm Management Connection Management Tag Management Quota Management DR Management Job Management Host Monitoring Managing Database Permissions Log Management Upgrade
SQLSTATE: 42501 Description: You have no permission to modify audit administrators. Solution: Modify audit administrators as a system administrator. GAUSS-00598: "Must be initial account to alter systemadmin users."
SQLSTATE: 42501 Description: You have no permission to create audit administrators. Solution: Create audit administrators as a system administrator. GAUSS-00578: "Must be system admin to create sysadmin users."
Solution:contact technical support GAUSS-00493: "permission denied to query audit" SQLSTATE: 42501 Description: Internal system error. Solution:contact technical support GAUSS-00494: "permission denied to delete audit" SQLSTATE: 42501 Description: Internal system error.
DWSAccessOBS OBS Administrator Audit log dump: reports audit logs to OBS buckets. DWSAccessKMS KMS Administrator Used to query and rotate keys in a KMS encrypted cluster.
Nodes Adding CN Nodes in Batches Deleting CN Nodes in Batches Querying a Cluster Parameter Group Querying Cluster Parameter Settings Modifying Parameter Settings of a Cluster Querying Snapshot Statistics Querying the Nodes to Be Removed for Scale-In Querying Parameter Modification Audit
This function has been deprecated. pg_delete_audit Deletes audit logs. This function has been deprecated.
You can view audit logs to locate the cause of account locking. For details, see Account Still Locked After Password Resetting. Method for Unlocking the Administrator (dbadmin by Default) You can log in to the GaussDB(DWS) management console to reset the administrator password.
It is not available for other users. rolcanlogin boolean - Whether the role can log in to the database rolreplication boolean - Whether the role can be replicated rolauditadmin boolean - Whether the role is an audit system administrator rolsystemadmin boolean - Whether the role is
It is not available for other users. rolcanlogin boolean N/A Whether the role can log in to the database rolreplication boolean N/A Whether the role can be replicated rolauditadmin boolean N/A Whether the role is an audit system administrator rolsystemadmin boolean N/A Whether the
Solution:contact technical support GAUSS-00488: "could not write to audit file: %m" SQLSTATE: XX000 Description: Internal system error.
The following log types are supported: CN logs, DN logs, OS messages logs, audit logs, cms logs, gtm logs, Roach client logs, Roach server logs, upgrade logs, and scale-out logs. Only 8.1.1.300 and later versions support cluster log management.
Audit Logs GaussDB(DWS) can be integrated with Cloud Trace Service (CTS) to audit management console operations and API calls. For details, see Viewing Audit Logs of Key Operations on the Management Console.
Developer Guide > Database Security Management > Database Audit > Querying Audit Results User Guide > Audit Logs > Database Audit Logs > Viewing Database Audit Logs Developer Guide > GUC Parameters> Auditing> Audit Switch Certain user operations can be allowed in security mode.
SQLSTATE: XX000 Description: pg_auth_history is used to audit username and password changes. Related changes are recorded only when the username and password in pg_authid are changed. Any changes on the record will affect the auditing.
CTS GaussDB(DWS) uses Cloud Trace Service (CTS) to audit your non-query operations on the management console to ensure that no invalid or unauthorized operations are performed, enhancing service security management.
