All Products
Search
Document Center

Data Management:Enable the secure access proxy feature

Last Updated:May 20, 2024

Data Management (DMS) provides the secure access proxy feature to better ensure data security when you access database instances. The secure access proxy feature generates proxy endpoints for database instances. You can use the proxy endpoints to access the database instances in a secure manner over the MySQL or HTTPS protocol. You can also use commands, an SQL client, or program code to access the database instances.

Prerequisites

  • DMS is deployed in the Singapore or Indonesia (Jakarta) region. For more information about how to view the region where DMS is deployed, see Switch regions.

  • The database instance is located in the region where DMS is deployed.

    Note

    To view the region where a database instance resides, log on to the DMS console and move the pointer over the instance name in the left-side instance list on the Home tab.

  • The database instance is of one of the following types:

    • MySQL: ApsaraDB RDS for MySQL, PolarDB for MySQL, ApsaraDB MyBase for MySQL, PolarDB for Xscale (PolarDB-X), AnalyticDB for MySQL, and MySQL databases from other sources

    • MariaDB: ApsaraDB RDS for MariaDB and MariaDB databases from other sources

  • You are a DMS administrator or database administrator (DBA). For more information about how to view the role of a user, see View system roles.

Overview

The secure access proxy feature reuses security rules, data permissions, and sensitive fields in DMS. This feature provides comprehensive security management, access control, data masking, and operation audit capabilities for enterprise databases.

dataprotect

Procedure

  1. Log on to the DMS console V5.0.
  2. In the left-side instance list on the Home tab, right-click the instance that you want to manage and select Secure Access Proxy.

    Note

    If you use the DMS console in simple mode, click Database Instances on the left side of the page. In the instance list that appears, right-click the instance that you want to manage, and select Secure Access Proxy.

  3. On the Secure Access Proxy/Details page, click Enable Secure Access Proxy.

  4. In the Enable Secure Access Proxy dialog box, configure the Database Account and Database Password parameters and click Next Step.

  5. In the Secure Access Proxy - Authorize dialog box, specify the users to be authorized, whether to use a custom database account, and the security policy. Authorized users can use the credentials generated by the secure access proxy feature to access the database instance. For more information, see Authorize users to access a database instance by using proxy endpoints.

  6. Click Confirm.

    The following figure shows the Secure Access Proxy/Details page after the secure access proxy feature is enabled.1数据安全防护-开启

Related topics

  • After the secure access proxy feature is enabled for a database instance, you can perform the following operations on the database instance on the Secure Access Proxy/Details page:

    • Access the database instance. For more information, see Access a database instance over the MySQL protocol and Access a database instance over HTTPS.

    • Disable the secure access proxy feature for the database instance: In the upper-left corner of the Secure Access Proxy/Details page, click Disable Secure Access Proxy.

    • Enable access from the Internet: You may want to allow local programs or programs that do not reside in the same virtual private cloud (VPC) as the database instance to access the database instance. In this case, click Enable next to Public Endpoint in the Basic Information section of the Secure Access Proxy/Details page to obtain the public proxy endpoints.

    • Change the database account that is used to log on to the database instance: Click the Edit icon next to Database Account to change the database account.

  • You can also call API operations to enable or disable the secure access proxy feature for a database instance. For more information, see the following topics: