检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The permission management system categorizes roles into personnel of hosts, databases, security, and service O&M, which can be checked through the separation of duties (SOD) permission audit view. Manage operators' permissions on the live network.
You are advised to enable the audit logging function before using the function to record audit information. Calling this system function is a high-risk operation. Exercise caution when performing this operation.
You are advised to enable the audit logging function before using the function to record audit information. Calling this system function is a high-risk operation. Exercise caution when performing this operation.
AUDITADMIN | NOAUDITADMIN Defines whether a user has the audit and management attributes. If not specified, NOAUDITADMIN is the default. SYSADMIN | NOSYSADMIN Determines whether a new user is a system administrator. Users with the SYSADMIN attribute have the highest permission.
We are sorry for any inconvenience caused. pg_sql_history This extension is used by Database Security Service (DBSS) to audit SQL operations of RDS for PostgreSQL instances.
Check Whether the Audit Login Is Successful After this function is enabled, HSS reports successful logins. : enabled : disabled Block Non-whitelisted Attack IP Address After this function is enabled, HSS blocks the login of brute force IP addresses (non-whitelisted IP addresses).
permission_management instance g:EnterpriseProjectId g:ResourceTag/<tag-key> rds:binlog:setPolicy Grants permission to configure a binlog policy. permission_management instance g:EnterpriseProjectId g:ResourceTag/<tag-key> rds:auditlog:operate Grants permission to configure an audit
Control Plane Audit Logs: displays all control plane audit logs in the default log stream audit-{Cluster ID} of the default log group k8s-log-{Cluster ID}. Global Log Query: You can view logs in the log streams of all log groups. You can specify a log stream to view the logs.
CLOSE_AUDIT_LOG: The audit policy is being disabled. OPEN_AUDIT_LOG: The audit policy is being enabled. PERIOD_RESOURCE_SPEC_CHG: The yearly/monthly resource changes are being checked. CREATE_IP_SHARD: The shard IP address is being enabled.
Precautions Before creating jobs and submitting tasks, you are advised to enable CTS to record operations associated with DLI for later query, audit, and backtrack operations. To view the DLI operations that can be recorded by CTS, see Using CTS to Audit DLI.
Log retention period Error log details: 30 days Slow query log details: 30 days Original slow query logs: 30 days Slow query log statistics: 30 days Failover/switchover logs: 30 days SQL audit logs: The default value is 7 days. The value ranges from 1 to 732 days.
- AUDITADMIN | NOAUDITADMIN Defines whether a user has the audit administrator attribute. If not specified, NOAUDITADMIN is the default value. - SYSADMIN | NOSYSADMIN Determines whether a new user is a system administrator.
- AUDITADMIN | NOAUDITADMIN Defines whether a user has the audit administrator attribute. If not specified, NOAUDITADMIN is the default. - CREATEDB | NOCREATEDB Determines whether a new user can create a database. Value range: If not specified, NOCREATEDB is the default.
AUDITADMIN | NOAUDITADMIN Defines whether a user has the audit administrator attribute. If not specified, NOAUDITADMIN is the default. CREATEDB | NOCREATEDB Determines whether a new user can create a database.
AUDITADMIN | NOAUDITADMIN Determines whether a role has the audit and management attributes. If not specified, NOAUDITADMIN is the default. CREATEDB | NOCREATEDB Defines a role's ability to create databases. A new role does not have the permission to create databases.
- AUDITADMIN | NOAUDITADMIN Determines whether a role has the audit and management attributes. If not specified, NOAUDITADMIN is the default. - SYSADMIN | NOSYSADMIN Determines whether a new role is a system administrator.
Domain names can be deleted only when they are disabled, fail the audit, or fail to be configured or synchronized. Check the domain name status. 200 CDN.0127 The domain name format is incorrect. Invalid domain name.
HSS Operations Supported by CTS Cloud Trace Service (CTS) records all operations on HSS, including requests initiated from the management console or open APIs and responses to the requests, for tenants to query, audit, and trace. Table 1 provides more details.
Log retention period Error log details: 30 days Slow query log details: 30 days Original slow query logs: 30 days Slow query log statistics: 30 days Failover/switchover logs: 30 days SQL audit logs: The default value is 7 days. The value ranges from 1 to 732 days.
You can only view your permission requests and review records, and cannot audit permissions.
