Rule Template
This document introduces how to create rule templates for different database types, as well as how to view, copy, and delete rule templates.
The system provides the following preset rule templates by default: MySQL Built-in Template and TDSQL-C Public Network Global Rule Template.
Each rule template consists of the following rule categories:
SQL window: Define preset rules for SQL operations and supported SQL types, allowing users to enable or disable specific rules.
SQL change: Include preset rules for mandatory improvements, risk improvements, and suggested improvements in SQL changes. It also provides SQL examples and allows users to enable or disable rules.
Approval personnel: Support editing approval workflows and approvers for SQL changes, SQL import/export, and permission request tickets.
Prerequisites
The sub-account has the necessary access permissions for DMC-related feature pages. For details and operations, see DMC User Permission Settings. The root account has full permissions by default.
Creating a Rule Template
1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Rule Template.
3. Click Create Template at the top of the page.
4. In the pop-up dialog box, enter the template name, select the database type, and click OK.
5. In the Operation column of the created rule template, click View.
6. In the Rule Overview area, click Edit, select the rule type, and configure specific rules.
SQL Window
Select SQL Window. In the Status column, click the switch to enable or disable preset rules. For more details, see SQL Window and SQL Execution Rule Description.
SQL Execution
Select SQL Execution. Choose from All, Mandatory Improvements, Risk Improvements, or Suggested Improvements. In the Status column, click the switch to enable or disable preset rules.
Note:
All rules in SQL changes are enabled by default. For more details, see SQL Window and SQL Execution Rule Description.
Approved by
Select Approved by, click 
If you need to create a user or user group, click Create Users/User Group. For details, see Usage Instructions for Users and Add User to User Group.
If you need to add multi-level approvers, repeat the above steps.
Note:
The Tencent Cloud primary account user is the default approver.
7. After completing the setup, click OK.
The created rule templates are disabled by default.
Viewing a Rule Template
1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Rule Template.
3. View the rule template list. Specific parameter descriptions are shown in the table below.
Parameter | Description |
Template ID/Name | Click template ID to view template details. Click  On the right side of the template name  |
Database Type | The applicable database type for the rule template. |
Associated Data Sources | Display the number of associated data sources. Hover over the number to view the names of controlled data sources. Click a data source name to navigate to its control instance details page. |
Is Default Template | Indicate whether the rule template is set as the default template. Only one default rule template can be enabled per database type. |
Operation | View Rule Template Details: View template information and rule overview. For details, see View Rule Template Details. Replicate an Existing Rule Template: Click Copy, enter a template name in the pop-up dialog box, and click OK. Delete Rule Template: Click Delete, and click OK in the pop-up dialog box. Note: Preset rule templates and default-enabled templates cannot be deleted. |
Viewing Rule Template Details
1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Rule Template.
3. Click Template ID or click View in the Operation column to go to the rule template details page.
4. View the rule template information and rule overview.
Template Information
Template ID: Click 
Template name: On the right side 
Is Default Template: Click the switch to enable or disable the template.
Associated instances: View associated data sources. Click a data source name to navigate to the control instance details page.
Rule Overview
View and edit SQL Window, SQL Change, and Approver by clicking Edit in the upper-right corner.
Note:
Preset rules do not support edit operation.
Modifying a rule template affects all associated instances, so proceed with caution.
Enabling a Rule Template
1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Rule Template.
3. Enable the switch in the Default column for the target rule template.
Click template ID or click View in the Operation column, and then enable the switch in the template information section.
Note:
Preset rule templates are enabled by default.
Only one rule template can be enabled per database type.
Downloading the Rule Template List
1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Rule Template.
3. Click 
SQL Window and SQL Change Rules Description
MySQL SQL Window Rule Description
ID | Rule Group | Rule Name | SQL type | Configuration Value |
10000 | DML-SQL | Allow common query-type statements (default) | Select,Union,SetOpr,Show,Explain,Use,Begin,Commit,Rollback | NA |
10001 | DML-SQL | Allow data insertion | Insert | NA |
10002 | DML-SQL | Allow data deletion | Delete | NA |
10003 | DML-SQL | Allow data update | Update | NA |
10004 | DDL-SQL | Allow to create a database | CreateDatabase | NA |
10005 | DDL-SQL | Allow database deletion | DropDatabase | NA |
10006 | DDL-SQL | Allow modification of the database | AlterDatabase | NA |
10007 | DDL-SQL | Allow table creation | CreateTable | NA |
10008 | DDL-SQL | Allow to delete table | DropTable | NA |
10009 | DDL-SQL | Allow to modify a table | AlterTable | NA |
10010 | DDL-SQL | Allow renaming tables | RenameTable | NA |
10011 | DDL-SQL | Allow emptying the table | TruncateTable | NA |
10012 | DDL-SQL | Allow checklist | CheckTable | NA |
10013 | DDL-SQL | Allow analysis table | AnalyzeTable | NA |
10014 | DDL-SQL | Allow to optimize a table | OptimizeTable | NA |
10015 | DDL-SQL | Allow to repair a table | RepairTable | NA |
10016 | DDL-SQL | Allow to create indexes | CreateIndex | NA |
10017 | DDL-SQL | Allow index deletion | DropIndex | NA |
10018 | DDL-SQL | Allow to create a view | CreateView | NA |
10019 | DDL-SQL | Allow deletion of views | DropView | NA |
10020 | Users and Permissions | Allow user creation | CreateUser | NA |
10021 | Users and Permissions | Allow user deletion | DropUser | NA |
10022 | Users and Permissions | Allow user modification | AlterUser | NA |
10023 | Users and Permissions | Allow renaming users | RenameUser | NA |
10024 | Users and Permissions | Allow to set a password | SetPwd | NA |
10025 | Users and Permissions | Allow to set roles | SetRole | NA |
10026 | Users and Permissions | Allow Setting default roles | SetDefaultRole | NA |
10027 | Users and Permissions | Allow authorization | Grant | NA |
10028 | System and Session Control | Allow Kill | Kill | NA |
10029 | System and Session Control | Allow Binlog | Binlog | NA |
10030 | Performance and Security Restriction | Allow unrecognized statements (enablement has risks) | Unknown | NA |
10031 | Users and Permissions | Allow authorized roles | GrantRole | NA |
10032 | Users and Permissions | Allow Reclaim Role Permissions | RevokeRole | NA |
10033 | Users and Permissions | Allow permission to be recycled | Revoke | NA |
10034 | System and Session Control | Allow Flush | Flush | NA |
10035 | DDL-SQL | Allow deletion of stored procedures | DropProcedure | NA |
10036 | DDL-SQL | Allow to create stored procedures | ProcedureInfo | NA |
10037 | DML-SQL | Allow Call | Call | NA |
10038 | System and Session Control | Allow Set | Set | NA |
10039 | Query and Transaction Control | Allow table lock | LockTables | NA |
10040 | Query and Transaction Control | Allow to unlock table lock | UnlockTables | NA |
10041 | Query and Transaction Control | Allow to create savepoints | SavePoint | NA |
10042 | Query and Transaction Control | Allow deletion of savepoints | ReleaseSavePoint | NA |
10051 | DML-SQL | Allow Prepare | Prepare | NA |
10052 | DML-SQL | Allow Execute | Execute | NA |
10053 | DML-SQL | Allow Deallocate | Deallocate | NA |
10054 | DML-SQL | Allow LoadData | LoadData | NA |
10101 | Performance and Security Restriction | SQL execution timeout (unit: seconds) | NA | 300 |
10102 | Performance and Security Restriction | Forbid DML execution when the number of affected rows exceeds the threshold | NA | 2000 |
10103 | Performance and Security Restriction | Forbid DDL tablespace to exceed threshold (Unit: MB) | NA | 2048 |
10104 | Performance and Security Restriction | Control the count of single execution SQL | NA | 100 |
10105 | Performance and Security Restriction | Limit the count of SELECT SQL statements per single execution | NA | 10 |
10106 | Performance and Security Restriction | Control the count of DML SQL statements in a single execution | NA | 100 |
10107 | Window Operation | Disable result set copy | NA | NA |
10108 | Window Operation | Disable result set export | NA | NA |
10109 | Performance and Security Restriction | Max returned rows per request | NA | 200 |
10110 | Performance and Security Restriction | Maximum value of SELECT permission for full-table scan (unit: MB) | NA | 10240 |
10111 | Performance and Security Restriction | Forbid SELECT when estimated scanned rows exceed threshold | NA | 200000 |
10112 | Performance and Security Restriction | Forbid UPDATE/DELETE without WHERE clause | NA | NA |
10113 | Performance and Security Restriction | Forbid SELECT without WHERE clause | NA | NA |
MySQL SQL Execution Rule Description
Result Display | ID | Rule Name | SQL Sample |
Must improve | 1001 | Cannot delete database | DROP DATABASE test; |
| 1002 | Cannot delete a table | DROP TABLE test; |
| 1003 | Cannot empty table | TRUNCATE TABLE test; |
| 1004 | Cannot delete column | ALTER TABLE test DROP COLUMN id; |
| 1005 | DELETE/UPDATE operations must include a WHERE condition | DELETE FROM test; |
| 1007 | Cannot use USE to specify a database | USE test; |
| 1009 | Transactions are not supported | BEGIN; |
| 1010 | Temporary tables are not supported | CREATE TEMPORARY TABLE test; |
Better improve | 1008 | Cannot specify character set in SQL | SET NAMES utf8; |
| 2001 | A primary key is required for table creation | CREATE TABLE test (id bigint(20) NOT NULL) ENGINE=InnoDB; |
| 2002 | Specify to create the InnoDB storage engine | CREATE TABLE test (id bigint(20) NOT NULL) ENGINE=MyIsam; |
| 2003 | DELETE/UPDATE statements need to include the LIMIT option | DELETE FROM test WHERE id > 10; |
| 2004 | DELETE/UPDATE statements should not carry the ORDER BY option | DELETE FROM test ORDER BY id; |
Can improve | 3001 | It is recommended to have indexes when creating a table | CREATE TABLE test (id bigint(20) NOT NULL) ENGINE=InnoDB; |
| 3002 | It is not recommended to use foreign keys in table creation | CREATE TABLE test (f1 bigint(20) NOT NULL,CONSTRAINT fk_f1 FOREIGN KEY (f1) REFERENCES test2 (f1)) ENGINE=InnoDB; |
| 3003 | It is not recommended to create a partitioned table | CREATE TABLE test (id bigint(20) NOT NULL) PARTITION by hash (id) (PARTITION x, PARTITION y); |
| 3005 | It is not recommended to use reserved words as table names or field names | CREATE TABLE charset (charset bigint(20) NOT NULL) ENGINE=InnoDB; |
| 3006 | It is recommended to combine multiple ALTER statements for the same table into one | ALTER TABLE test ADD COLUMN f1 int;ALTER TABLE test ADD COLUMN f2 int; |
TDSQL-C SQL Window Rule Description
ID | Rule Group | Rule Name | SQL type | Configuration Value |
20000 | DML-SQL | Allow common query-type statements (default) | Select,Union,SetOpr,Show,Explain,Use,Begin,Commit,Rollback | NA |
20001 | DML-SQL | Allow data insertion | Insert | NA |
20002 | DML-SQL | Allow data deletion | Delete | NA |
20003 | DML-SQL | Allow data update | Update | NA |
20004 | DDL-SQL | Allow to create a database | CreateDatabase | NA |
20005 | DDL-SQL | Allow database deletion | DropDatabase | NA |
20006 | DDL-SQL | Allow modification of the database | AlterDatabase | NA |
20007 | DDL-SQL | Allow table creation | CreateTable | NA |
20008 | DDL-SQL | Allow to delete table | DropTable | NA |
20009 | DDL-SQL | Allow to modify a table | AlterTable | NA |
20010 | DDL-SQL | Allow renaming tables | RenameTable | NA |
20011 | DDL-SQL | Allow emptying the table | TruncateTable | NA |
20012 | DDL-SQL | Allow checklist | CheckTable | NA |
20013 | DDL-SQL | Allow analysis table | AnalyzeTable | NA |
20014 | DDL-SQL | Allow to optimize a table | OptimizeTable | NA |
20015 | DDL-SQL | Allow to repair a table | RepairTable | NA |
20016 | DDL-SQL | Allow to create indexes | CreateIndex | NA |
20017 | DDL-SQL | Allow index deletion | DropIndex | NA |
20018 | DDL-SQL | Allow to create a view | CreateView | NA |
20019 | DDL-SQL | Allow deletion of views | DropView | NA |
20020 | Users and Permissions | Allow user creation | CreateUser | NA |
20021 | Users and Permissions | Allow user deletion | DropUser | NA |
20022 | Users and Permissions | Allow user modification | AlterUser | NA |
20023 | Users and Permissions | Allow renaming users | RenameUser | NA |
20024 | Users and Permissions | Allow to set a password | SetPwd | NA |
20025 | Users and Permissions | Allow to set roles | SetRole | NA |
20026 | Users and Permissions | Allow Setting default roles | SetDefaultRole | NA |
20027 | Users and Permissions | Allow authorization | Grant | NA |
20028 | System and Session Control | Allow Kill | Kill | NA |
20029 | System and Session Control | Allow Binlog | Binlog | NA |
20030 | Performance and Security Restriction | Allow unrecognized statements (enablement has risks) | Unknown | NA |
20031 | Users and Permissions | Allow authorized roles | GrantRole | NA |
20032 | Users and Permissions | Allow Reclaim Role Permissions | RevokeRole | NA |
20033 | Users and Permissions | Allow permission to be recycled | Revoke | NA |
20034 | System and Session Control | Allow Flush | Flush | NA |
20035 | DDL-SQL | Allow deletion of stored procedures | DropProcedure | NA |
20036 | DDL-SQL | Allow to create stored procedures | ProcedureInfo | NA |
20037 | DML-SQL | Allow Call | Call | NA |
20038 | System and Session Control | Allow Set | Set | NA |
20039 | Query and Transaction Control | Allow table lock | LockTables | NA |
20040 | Query and Transaction Control | Allow to unlock table lock | UnlockTables | NA |
20041 | Query and Transaction Control | Allow to create savepoints | SavePoint | NA |
20042 | Query and Transaction Control | Allow deletion of savepoints | ReleaseSavePoint | NA |
20051 | DML-SQL | Allow Prepare | Prepare | NA |
20052 | DML-SQL | Allow Execute | Execute | NA |
20053 | DML-SQL | Allow Deallocate | Deallocate | NA |
20054 | DML-SQL | Allow LoadData | LoadData | NA |
20101 | Performance and Security Restriction | SQL execution timeout (unit: seconds) | NA | 300 |
20102 | Performance and Security Restriction | Forbid DML execution when the number of affected rows exceeds the threshold | NA | 2000 |
20103 | Performance and Security Restriction | Forbid DDL tablespace to exceed threshold (Unit: MB) | NA | 2048 |
20104 | Performance and Security Restriction | Control the count of single execution SQL | NA | 100 |
20105 | Performance and Security Restriction | Limit the count of SELECT SQL statements per single execution | NA | 10 |
20106 | Performance and Security Restriction | Control the count of DML SQL statements in a single execution | NA | 100 |
20107 | Window Operation | Disable result set copy | NA | NA |
20108 | Window Operation | Disable result set export | NA | NA |
20109 | Performance and Security Restriction | Max returned rows per request | NA | 200 |
20110 | Performance and Security Restriction | Maximum value of SELECT permission for full-table scan (unit: MB) | NA | 10240 |
20111 | Performance and Security Restriction | Forbid SELECT when estimated scanned rows exceed threshold | NA | 200000 |
20112 | Performance and Security Restriction | Forbid UPDATE/DELETE without WHERE clause | NA | NA |
20113 | Performance and Security Restriction | Forbid SELECT without WHERE clause | NA | NA |
TDSQL-C SQL Execution Rule Description
Result Display | ID | Rule Name | SQL Sample |
Must improve | 201002 | Cannot delete a table | DROP TABLE test; |
| 201003 | Cannot empty table | TRUNCATE TABLE test; |
| 201001 | Cannot delete database | DROP DATABASE test; |
| 201004 | Cannot delete column | ALTER TABLE test DROP COLUMN id; |
| 201005 | DELETE/UPDATE operations must include a WHERE condition | DELETE FROM test; |
| 201007 | Cannot use USE to specify a database | USE test; |
| 201009 | Transactions are not supported | BEGIN; |
| 201010 | Temporary tables are not supported | CREATE TEMPORARY TABLE test; |
Better improve | 201008 | Cannot specify character set in SQL | SET NAMES utf8; |
| 202001 | A primary key is required for table creation | CREATE TABLE test (id bigint(20) NOT NULL) ENGINE=InnoDB; |
| 202002 | Specify to create the InnoDB storage engine | CREATE TABLE test (id bigint(20) NOT NULL) ENGINE=MyIsam; |
| 202003 | DELETE/UPDATE statements need to include the LIMIT option | DELETE FROM test WHERE id > 10; |
| 202004 | DELETE/UPDATE statements should not carry the ORDER BY option | DELETE FROM test ORDER BY id; |
Can improve | 203001 | It is recommended to have indexes when creating a table | CREATE TABLE test (id bigint(20) NOT NULL) ENGINE=InnoDB; |
| 203002 | It is not recommended to use foreign keys in table creation | CREATE TABLE test (f1 bigint(20) NOT NULL,CONSTRAINT fk_f1 FOREIGN KEY (f1) REFERENCES test2 (f1)) ENGINE=InnoDB; |
| 203003 | It is not recommended to create a partitioned table | CREATE TABLE test (id bigint(20) NOT NULL) PARTITION by hash (id) (PARTITION x, PARTITION y); |
| 203005 | It is not recommended to use reserved words as table names or field names | CREATE TABLE charset (charset bigint(20) NOT NULL) ENGINE=InnoDB; |
| 203006 | It is recommended to combine multiple ALTER statements for the same table into one | ALTER TABLE test ADD COLUMN f1 int;ALTER TABLE test ADD COLUMN f2 int; |
Help and Support
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback