Customize permission approval workflows

更新时间:
复制 MD 格式

In Data Management (DMS), you can customize approval processes for different permissions. For example, you can configure an approval process that requires only a DBA's approval for development databases, but requires approvals from both a database owner and a DBA for production databases to enhance data security. You can also configure security rules to disallow permission applications for querying production databases, which helps prevent data breaches.

Procedure

This example shows how to configure the approval process for permissions on the poc_prod production database. In this example, the security rule associated with the poc_prod database is named "POC Production Database Rules".

  1. Configure the security rules as an administrator.

    1. Log on to Data Management (DMS) as an administrator.

    2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All Features > Security and disaster recovery (DBS) > Security Rules.

      Note

      If you use the DMS console in normal mode, choose Security and disaster recovery (DBS) > Security Rules in the top navigation bar.

    3. In the list of security rules, find POC Production Database Rules and click Edit in the Actions column.

    4. In the left-side navigation pane of the Details page, click Permission Application.

    5. Find the rule named [DB-Permission Application] Default Approval Template and click Edit on the right.

    6. Click Switch Approval Template.

      By default, the system uses an approval template requiring approval from only a DBA.

    7. Find the template whose Template Name is Owner-->DBA and click Select on the right.

    8. Click Submit.

  2. Verify the process as a regular user.

    1. Log on to Data Management (DMS) as a regular user.

    2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All Features > Security and disaster recovery (DBS) > Permission Center > Permission Tickets.

      Note

      If you use the DMS console in normal mode, choose Security and disaster recovery (DBS) > Permission Center > Permission Tickets in the top navigation bar.

    3. In the upper-right corner of the Permission Ticket List page, click Permission Application > Database Permission.

    4. On the Security Control Enabled > Database Permission tab, enter the database name poc_prod and click Search.

    5. Select the target database and click Add to move it to the Selected Databases/Tables/Columns box.

    6. In the Select Permissions section, select the Permission Type and Duration, enter an Application Reason, and click Submit Application.

      Note

      After you submit the application, it must be approved by the database owner and the DBA. You can check the approval status of the permission ticket on the console homepage.

    7. After the application is approved, in the Approval section, click View Approval Details to confirm that the approval process involved approval from both the database owner and the DBA.