Product Introduction
Purchase Guide
Quick Start
Operation Guide
- Overview
- Vulnerability Management
- COS Risk Monitoring
- Cloud Security Posture Management
- Database Risk Monitor
- Log Analysis
- Notification Center
API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Multi-account Management APIs
- Scan Task APIs
- Alarm Center APIs
- Risk Center APIs
- Asset Center APIs
- User Behavior Analysis APIs
- Cloud Boundary Analysis APIs
- Cloud API Anomaly Detection APIs
- Cloud Resource Configuration Check APIs
- AI-SPM APIs
- Skill Security Detection APIs
- Key Sandbox APIs
- IaC Detection APIs
- Report Download APIs
- Solid Protection APIs
- Cloud Security Center Overview APIs
- Data Types
- Error Codes
Related Protocol,
- Service Level Agreement
- Terms Of Service
FAQs
Cloud Security Center (Old Version)
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
Glossary

Access Management

Unduh

Mode fokus

Ukuran font

Terakhir diperbarui: 2026-06-09 18:16:21

The Database Risk Monitoring CAM module enables fine-grained control over database access behavior through complementary governance from two dimensions: the source IP address perspective and the instance perspective. It supports visual representation of access behavior, such as access topology diagrams, and operations like IP address/account tagging to achieve fine-grained access control. By managing access behavior from both the source IP address and instance dimensions, it addresses the core questions of "who can access, from where, and what can be accessed," thereby preventing security vulnerabilities caused by coarse-grained access control.
Control Perspective
Description
Scenarios
Source IP Perspective
Centers on the source IP address of the access initiator as the core control dimension, integrates the access data from this IP address to database instances, provides capabilities for access topology visualization, precise IP address/account tagging, and rapid security group policy adjustment, thereby achieving centralized and fine-grained control over the access initiator.
Investigate cross-instance access risks for a single IP address and batch-tag a specific type of access endpoint.
Instance Perspective
Centers on the database instance of the access target as the core resource dimension, integrates the access data from source IP addresses to this instance, provides capabilities for asset access topology visualization, precise IP address/account tagging, and rapid security group policy adjustment, thereby achieving centralized and fine-grained control over the access target.
Sort out all access sources for a single instance and perform specialized control for core instances.
Source IP address Perspective
1. Log in to the CSC console. In the left navigation pane, click Data Security Situation Management > Database Risk Monitor.
2. On the Database Risk Monitoring page, click the Access Management > Source IP Perspective Tag.
3. On the Source IP Perspective Tag page, you can view information such as source IP address/region, IP address type/tagging, instance ID/name, type/region, accessing user/type, and last access time.
IP address Access Topology
It visually presents the access relationships, access frequency, and security status between a single source IP address and all associated accounts and database instances in the form of a visual graph.
On the Source IP Perspective list, click IP Access Topology in the Actions column for the target IP to view the access relationship graph between that IP and its associated database instances.
﻿
IP Tagging
Add preset or custom Tags to target source IPs to implement categorized control over IPs, facilitating differentiated assessment during subsequent risk monitoring.
1. On the Source IP Perspective list, click More > Source IP Tagging in the Actions column for the target IP.
﻿
2. In the Source IP Tagging window, edit the source IP remarks and click Confirm to complete the tagging.
Note:
Tagging operations in the Source IP Perspective and Instance Perspective are interconnected. When you tag an IP address in the Source IP Perspective, its tagging status is synchronized when you view that IP address in the Instance Perspective, and vice versa.
Account Tagging
Add preset or custom Tags to the accounts used by target source IPs to access databases. This enables categorized control over accessing accounts, facilitating subsequent auditing and risk investigation.
1. On the Source IP Perspective list, click More >Tag Account in the Actions column for the target IP address.
﻿
2. In the Account Tagging window, select the account type, edit the account remarks, and click Confirm to complete the tagging.
Note:
You can edit the access account type for accounts of the "Self-built Account" type. If the current access account is a cloud root account/sub-account, the system automatically recognizes it, and no manual editing is required.
Modifying a Security Group Policy
Quickly navigate to the database instance asset page associated with the target IP address, directly modify the security group policy to achieve rapid control over that IP address's access permissions (allow/deny access).
On the Source IP Perspective list, click More > Modify Security Group Policy in the Actions column for the target IP. This navigates you to the database instance asset page to modify the security group policy.
﻿
Instance Perspective
1. Log in to the CSC console. In the left navigation pane, click Data Security Situation Management > Database Risk Monitor.
2. On the Database Risk Monitoring page, click Access Management > Instance Perspective.
3. On the Instance Perspective page, you can view information such as instance ID/name, database type/region, accessing user/type, source IP/type, and last access time.
Asset Access Topology
It visually presents all source IPs accessing a single database instance, the access relationships between associated accounts, access frequency, and risk status in the form of a visual graph.
On the Instance Perspective list, click Asset Access Topology in the Actions column for the target instance to view the topological relationships of all source IPs and associated accounts for that instance.
﻿
IP Tagging
Add preset or custom Tags to specified source IPs that access the target instance. This enables precise, categorized control over the instance's access IPs, facilitating subsequent risk monitoring and auditing.
1. On the Instance Perspective list, click More > Source IP Tagging in the Actions column for the target instance.
﻿
2. In the Source IP Tagging window, edit the source IP remarks and click Confirm to complete the tagging.
Note:
Tagging operations in the Source IP Perspective and Instance Perspective are interconnected. When you tag an IP address in the Source IP Perspective, its tagging status is synchronized when you view that IP address in the Instance Perspective, and vice versa.
Account Tagging
Add preset or custom Tags to specified accounts that access the target instance. This enables precise, categorized control over the instance's accessing accounts, facilitating subsequent risk investigation and permission auditing.
1. On the Instance Perspective list, click More > Tag Account in the Actions column for the target instance.
﻿
2. In the Account Tagging window, select the account type, edit the account remarks, and click Confirm to complete the tagging.
Note:
You can edit the access account type for accounts of the "Self-built Account" type. If the current access account is a cloud root account/sub-account, the system automatically recognizes it, and no manual editing is required.
Modifying a Security Group Policy
Quickly navigate to the asset page of the target database instance, directly modify the security group policy to control all source IPs accessing that instance.
On the Instance Perspective list, click More > Modify Security Group Policy in the Actions column for the target instance. This navigates you to the database instance asset page to modify the security group policy.
﻿
﻿

Bantuan dan Dukungan

Apakah halaman ini membantu?

Anda juga dapat Menghubungi Penjualan atau Mengirimkan Tiket untuk meminta bantuan.

masukan

Control Perspective	Description	Scenarios
Source IP Perspective	Centers on the source IP address of the access initiator as the core control dimension, integrates the access data from this IP address to database instances, provides capabilities for access topology visualization, precise IP address/account tagging, and rapid security group policy adjustment, thereby achieving centralized and fine-grained control over the access initiator.	Investigate cross-instance access risks for a single IP address and batch-tag a specific type of access endpoint.
Instance Perspective	Centers on the database instance of the access target as the core resource dimension, integrates the access data from source IP addresses to this instance, provides capabilities for asset access topology visualization, precise IP address/account tagging, and rapid security group policy adjustment, thereby achieving centralized and fine-grained control over the access target.	Sort out all access sources for a single instance and perform specialized control for core instances.

tencent cloud

Cloud Security Center

Access Management

Source IP address Perspective

IP address Access Topology

IP Tagging

Account Tagging

Modifying a Security Group Policy

Instance Perspective

Asset Access Topology

IP Tagging

Account Tagging

Modifying a Security Group Policy

Bantuan dan Dukungan