All Products
Search
Document Center

Data Management:Use the operation audit feature

Last Updated:Dec 17, 2024

Data Management (DMS) provides the operation audit feature based on the basic features of operation log management. You can use this feature to quickly troubleshoot database security issues with ease and audit operations that are performed on databases. You can also use this feature to view and manage the SQL statements that are used in the SQL Console, tickets, logon information, and operation logs.

Features

The following table describes the two modules of the operation audit feature in DMS: Operation Logs and Operation Audit.

Module

Description

Item

Operation Logs

Displays the logs of all the operations that are performed in DMS.

Includes the logs of management and configuration operations, SQL statements that are used in the SQL Console, tickets, and logon information.

Operation Audit

Displays all the operations that are performed on databases in DMS.

Note

This module provides a user interface (UI) for you to audit operations in a centralized manner. This also helps you troubleshoot database issues with ease.

Includes SQL statements that are used in the SQL Console, tickets, and logon information.

Note

Only DMS administrators, database administrators (DBAs), ticket submitters, and stakeholders involved in the ticket approval process can view the ticket details.

Log retention period

  • Three years: DMS retains logs for three years for database instances that are managed in Stable Change or Security Collaboration mode or database instances for which the sensitive data protection feature is enabled.

  • One day: DMS retains logs only for one day for database instances that are managed in Flexible Management mode and for which the sensitive data protection feature is disabled.

Note

If you want to change the log retention period of an instance, you can change the control mode of the instance or enable or disable the sensitive data protection feature. For more information, see Change the control mode of an instance and Enable the sensitive data protection feature. Take note of the following items when you change the control mode of an instance:

  • If you change the control mode of an instance from Flexible Management to another mode, the log retention period of the instance is changed from one day to three years. The new log retention period takes effect from the day when the change occurs. Logs that are generated during the period when the instance is managed in Flexible Management mode cannot be viewed.

  • If you change the control mode of an instance from Stable Change or Security Collaboration to Flexible Management, you can view logs only for the previous day. Logs that were generated before the previous day might be deleted and cannot be viewed.

Procedure and supported roles

The following table describes the roles that you can assume to use the operation audit feature and how to go to the Operation Audit tab in the DMS console.

Auditing dimension

Limit

Entry to operation audit

Supported roles

Database

You can view and audit only the operations that are performed on the current database.

  • On the SQLConsole tab of the database that you want to audit, move the pointer over the caozuoshenji icon in the upper-right corner and select Operation Audit.

  • In the database instance list, click the database instance in which the database that you want to audit resides, right-click the database, and then choose Audit > Operation Audit.

You can be a DMS administrator, a security administrator, a DBA, an instance owner, or a regular user.

Note

If you are a regular user, you can view and audit only the operations that you performed on the current database.

Instance

You can view and audit only the operations that are performed on the current instance.

In the database instance list, click the database instance in which the database that you want to audit resides, right-click the database, and then choose Audit > Operation Audit.

You can be a DMS administrator, a security administrator, a DBA, an instance owner, or a regular user.

Note

If you are a regular user, you can view and audit only the operations that you performed on the current instance.

Global

You can view and audit all the operations that are performed in DMS.

In the top navigation bar of the DMS console, move the pointer over Security and Specifications and click Operation Audit.

You can be a DMS administrator, a security administrator, or a DBA.

Download operation records

The following section describes how to download all the SQL statements that were used in the SQL Console in the previous 30 days.

  1. Log on to the DMS console V5.0.
  2. Move the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All functions > Security and Specifications > Operation Audit.

    Note

    If you use the DMS console in normal mode, choose Security and Specifications > Operation Audit in the top navigation bar.

  3. Click SQL window list.

  4. Set the Time parameter to Last One Month and click Search.

    Then, the results are displayed.

  5. Click the 下载按钮 icon to download the results.

    The results displayed on the current page are saved as an XLSX file.

    Note

    To preview and export more results, you can set the Items Per Page parameter to 100.

What to do next