YMatrix
Quick Start
Connecting
Benchmarks
Deployment
Data Usage
Manage Clusters
Upgrade
Global Maintenance
Expansion
Monitoring
Security
Best Practice
Technical Principles
Data Type
Storage Engine
Execution Engine
Streaming Engine(Domino)
MARS3 Index
Extension
Advanced Features
Advanced Query
Federal Query
Grafana
Backup and Restore
Disaster Recovery
Guide
Performance Tuning
Troubleshooting
Tools
Configuration Parameters
SQL Reference
Row- and Column-Level Security: Restricts user access to specific rows and columns in a table by creating views, thereby hiding sensitive data.
GSSAPI Authentication: A Kerberos-based encrypted authentication mechanism that encrypts all data transmitted between the client and server, including queries and results.
SSL Encrypted Transmission: Encrypts communication between the client and server—including passwords, queries, and results—requiring OpenSSL installation and compilation with SSL support.
Storage Encryption: Offers multiple encryption levels, including full storage encryption (supporting China’s SM4 cipher) and field-level encryption, implemented via the pgcrypto extension.
Transparent Data Encryption (TDE): Available starting from version v6.5.0 in YMatrix Enterprise Edition, TDE protects static data (i.e., data stored on disk) from unauthorized access.
Data Masking (Anonymizer): Introduced in YMatrix Enterprise Edition from v6.7.0, this extension enables declarative anonymization. Masking rules are defined using SQL DDL and support both dynamic and static data masking.
Security Auditing: User logins, logouts, and database operations can be recorded via log_XXX settings. Starting from v6.7.0, YMatrix Enterprise Edition provides enhanced auditing capabilities with fine-grained database activity tracking.
User Permission Control: Role-based access control (RBAC) assigns privileges to roles; users inherit permissions through role membership. Supports privilege assignment at the database, table, and column levels.
