DSG Database Secure-control Gateway
QiZhi Database Bastion Host, specializing in mitigating the risks of data deletion, data integrity issues, and data leakage, in data center operation and maintenance management.Core Features
-
Database Client Compatibility
Built-in Web database client, enhancing SQL script task management capabilities
Compatible with mainstream database tools such as Navicat, DBeaver, PL/SQL Developer, SQL Server Management Studio (SSMS), and Robo 3T
-
Database Compatibility
Compatible with all mainstream foreign databases including Oracle(including RAC), MySQL, PostgreSQL, SQL Server, Sybase, DB2, Informix, SAP HANA, Clickhouse, MongoDB, Redis, and more
Compatible with all mainstream domestic databases including DM, Kingbase, Gbase, OpenGauss, GaussDB, OceanBase, TDSQL, PolarDB, TiDB, GoldenDB, Transwarp Data Hub, and more
-
SQL Permission Control
Granular permission control including large SQL script permissions, SQL group permissions, and individual SQL statement permissions
Supports global authorization across multiple databases and fine-grained schema and table authorization within a single database
-
High-risk Operation Control
Templated management with customizable high-risk commands and user-friendly prompts
High-risk command blocking, dual review, double authentication, and alerting capabilities
-
Pre-event and post-event auditing
Proactive risk identification through personnel permission auditing and database authorization auditing
Precise text-based SQL auditing with fast search and location capabilities, enabling log traceability back to the authorizing user
Application scenarios
-
Database operation and maintenance audit
Problem Analysis:Traditional bastion hosts are inefficient at deploying database clients, and offer coarse-grained auditing.
Solution:QiZhi Bastion Host + Database Audit Module retains the black-screen operation and maintenance capabilities of database servers and databases command lines, while providing one-click access and precise auditing of database white-screen operations through the Web database client.
Customer Benefits:Efficient O&M with a unified entry point for database black-screen and white-screen operations; low-cost centralized maintenance of the Web database client; and efficient, precise text-based database log auditing.
-
Database operation and maintenance to prevent accidental deletion
Problem Analysis: Employees keep and share database account passwords, making it difficult to completely prevent accidents.
Solution: All employee database access is routed through the database bastion host. Employees can create database access channels without passwords or using existing database account passwords. The SQL layer proxy channel cannot be bypassed, and all operations are controlled by a unified high-risk command template to prevent accidental deletion. Configuration management only includes fixed high-risk command templates and a small number of coarse-grained policies, keeping labor costs under control.
Customer Benefits: Blocks unauthorized, and supports precise audit traceability and deterrence.
-
Database permission management
Problem Analysis:Minimizing database O&M permissions is required, but large number of O&M personnels and databases makes it difficult to implement.
Solution:The database bastion host employs a separation of duties model, assigning database asset rights to the System DBA department, data access rights to the Application O&M department, and audit rights to the Security Audit department. Data access rights are managed on a departmental basis, integrated with automated ticketing workflows, to establish a scalable database least-privilege management mechanism.
Customer Benefits:Seperation of powers and checks and balances mechanism ensures adherence to the principle of minimizing permissions.