The main three aspects of management and control are pre-approval, supervision and audit.

1. Ex ante approval. With the separation of powers, minimum authorization and check approval. People who have access to the data must get approval, no approval to access, modify the data, as long as the discovery of a time you are finished. As few people as possible, and as low as possible authority to access the data. There are a few hurdles to check if you have approval before logging in.

2. Supervision during the event. Physical isolation of the network, access control, login with key, to ensure that you must be in a designated location to log in. The operation of the whole process is subject to special inspection and supervision, to ensure that the contents of the operation and the approval of the contents of the match, the login user has more than one level, the general use of the least privileged user, can use the root of the general can only be a dba.

3. Audit system, bastion machine. Login must be logged into the bastion machine, and then by the bastion machine to log into the database, the operation process of the whole video recording, the above is used to ensure that the aftermath can be audited. After the fact, a special post will conduct daily audits to check that the operation is in line with the approval content, the use of the least authorized user login, and other compliance checks.

The Audit and Inspection Department conducts full-process inspections to ensure that all aspects of the process are in place.

In short, if you want to do something, you'll find out in a minute, and you'll have to go out on a limb and do it if you want to.