create_datasource

Use this command to define new on-premises datasources.

Important: In a centrally-managed environment, datasources must be defined on the central manager. Datasources that are created on managed units cannot be seen or used.

For more information about creating a datasource in the cloud, see create_cloud_datasource.

This API is available in Guardium V9.5 and later.

REST API syntax

This API is available as a REST service with the POST method. Call this API as follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/datasource

GuardAPI syntax

create_datasource parameter=value

Parameters

Parameter Value type Description
application String Required. For valid values, call create_datasource from the command line with --help=true.
awsSecretsManagerConfigName String For Amazon Web Services (AWS) systems only. This parameter is needed when authentication is externally managed by the AWS secrets manager.

For valid values, call create_datasource from the command line with --help=true.

compatibilityMode String Valid values:
  • Default
  • MSSQL 2000

Set the compatibility mode to use when monitoring a table.

conProperty String Define conProperty if additional connection properties are needed on the JDBC URL to establish a JDBC connection with this datasource.

For a Sybase database with a default character set of Roman8, enter the following property: charSet=utf8

customProps String  
customURL String Define the connection string to the datasource. By default, the connection is made using host, port, instance, and other defined datasource parameters. This is useful, for example, when creating Oracle Internet Directory (OID) connections.
cyberarkConfigName String The name of the CyberArk configuration on your Guardium system. For valid values, call create_datasource from the command line with --help=true.
cyberarkObjectName String The CyberArk object name for the Guardium datasource.
dbInstanceAccount String Database account login name used by CAS.
dbInstanceDirectory String Directory where database software is installed that will be used by CAS.
dbName String The schema name for a Db2 or Oracle database. Otherwise, provide the database name.
description String Description of the datasource.
externalPasswordTypeName String For valid values, call create_datasource from the command line with --help=true.
hashicorpConfigName String The name of the HashiCorp configuration on your Guardium® system. For valid values, call create_datasource from the command line with --help=true.
hashicorpPath String The custom path to access the datasource credentials.
hashicorpRole String The role name for the datasource.
host String Required.

Host name or IP address of the database.

importServerSSLcert Boolean Valid values:
  • 0 (false)
  • 1 (true)
KerberosConfigName String Name of the Kerberos configuration already defined in the Guardium system.
name String Required.

A unique name for the datasource on the Guardium system.

password String Database user password.
port Integer Database port number.
region String For AWS only. For valid values, call create_datasource from the command line with --help=true.
savePassword Boolean Valid values:
  • 0 (false)
  • 1 (true)

Default = 1 (true)

Save and encrypt database authentication credentials on the Guardium system. This is required if you are defining a datasource with an application that runs as a scheduled task, for example scheduled classification scans. When enabled, name and password parameters are required.

secretName String  
serviceName String Required for Oracle, Informix, Db2, and IBM i. For a Db2 database, provide the database name. Otherwise, provide the service name.
severity String Severity classification (or impact level) for the datasource.

For valid values, call create_datasource from the command line with --help=true.

shared String Valid values:
  • Shared: share the datasource with other applications
  • Not Shared
  • true: share the datasource with other applications
  • false

To share the datasource with other users, assign roles from the GUI.

type String Required. The type of datasource. For valid values, call create_datasource from the command line with --help=true.
useExternalPassword Boolean Valid values:
  • 0 (false)
  • 1 (true)
useKerberos Boolean Valid values:
  • 0 (false)
  • 1 (true)

Enable to use Kerberos authentication. If enabled, KerberosConfigName is required.

useLDAP Boolean Valid values:
  • 0 (false)
  • 1 (true)

Enable to use LDAP.

user String Database user name. If defined, password is required.
useSSL Boolean Valid values:
  • 0 (false)
  • 1 (true)

Enable to use SSL authentication.

Examples

grdapi create_datasource type=DB2 name=chickenDB2  password=guardium user=db2inst1 dbName=dn0chick application=Access_policy shared=true port=50000 host=chicken.corp.com