Lets say you have been tasked with implementing entitlement reports for all of the databases in your environment. You have 20 DB2 and 10 Oracle data sources. You would like to associate them with the standard Guardium entitlement report definitions.
Guardium has about 10 tables in it's database related to Oracle entitlement reports. It also has about 6 tables for the same purpose for DB2. This means that you will need to create (20 * 6) + (10 * 10) = 220 datasource associations in the Guardium GUI. That's a lot of clicking!!!
A well known and less infuriating way to do this is to use the grdAPI to create the data sources. That involves a lot less clicking and, if you have a list of data sources, it should be easy to generate the required grdAPI calls. Those grdAPI calls look like the following:
grdapi create_datasourceRef_by_name datasourceName=<datasource_name> objName=<guardium_def_name> application=<CustomTables/SecurityAssessment/Classifier>
would be the data source you created in Guardium and you want to get entitlement information for. You can get a list of them by exporting the DataSources report in the Daily Monitor tab of the admin user interface. The <guardium_def_name> parameter would be the name of the table (or vulnerability assessment, or classifier process) you want to associate the DataSource with. So, for example, one DB2 entitlement report table is "
DB2 Column Level Privs" and one Oracle entitlement report table is "ORA Accnts of ALTER SYSTEM". The <CustomTables/SecurityAssessment/Classifier>
indicates if this is for entitlement reports (or another custom table), vulnerability assessments, or a classifier process.
I recently had to do this at a customer with quite a few data sources, and so I created a ruby script that takes as input a list of data sources, a list of Guaridum definitions, and an application name. It then outputs the grdAPI calls. You can find it with an example here
. Below is a brief explanation on how to use it:
1) Download and install a ruby interpreter from http://www.ruby-lang.org
2) Use the script as follows:
ruby DataSourceAssociator.rb <datasourcesFile> <definitionsFile> <application>
where: <datasourcesFile> is a list of datasources
<definitionsFile> is a list of Guardium Definitions
<application> is one of CustomTables, SecurityAssessment, Classifier
Once you have the grdAPI calls created you can run them through the Guardium CLI to associated them to the Guradium definitions.