How to Generate API Call from Reports

Generate Guard API calls from a report either from a single row within a report or based on the whole report

Value-added: Through a GUI, by using existing data on the system that is displayed in reports as parameters for API calls, quickly and easily generate and populate API calls without having to perform system level commands or type lengthy API calls to quickly perform operations such as create datasources, define inspection engines, maintain user hierarchies, or maintain the Guardium features such as S-TAP.

Single Row API call

For this scenario, we will generate API function calls to populate the Data Security User Hierarchy.

  1. To begin, let's show the current Data Security User Hierarchy for the user scott
    Data Security User Hierarchy01
  2. To invoke an API function we must find a report that currently has the desired API functions linked to it. Since creating a user hierarchy is related to users, selection of a user report should yield good results. For this scenario we've selected the User - Role report.

    User Role 01
  3. Double-clicking on a row for drill-down will display an option to Invoke...

    User Role 02
  4. Click on the Invoke... option to display a list of API functions that are mapped to this report

    User Role 03
  5. Click on the API you'd like to invoke; bringing up the API Call Form for the Report and Invoked API Function.

  6. Fill in the Required Parameters and any non-Required Parameters for the selected API call. Many of the parameters are pre-filled from the report but may be changed to build a unique API call. For specific help in filling out required or non-required parameters please see the individual API function calls within the GuardAPI Reference guide.

    API Call Form - User Role 01
  7. Use the drop-down list to select the Log level, where Log level represents the following (0 - returns ID=identifier and ERR=error_code as defined in Return Codes, 1 - displays additional information to screen, 2 - puts information into the Guardium application debug logs, 3 - both 1 and 2).

  8. Use the drop-down list to select a Parameter to encrypt.
    Note: Parameter Encryption is enabled by setting the Shared Secret and is relevant only for invoking the API function through script generation.
  9. Choose to Invoke Now or Generate Script.

    1. If Invoke Now is selected the API call will run immediately and display an API Call Output screen showing the status of the API call.

      API Call Output - create user hierarchy
    2. If Generate Script is selected: Open the generated script with your favorite editor or optionally save to disk to edit and execute at a later time -- replacing any of the empty parameter values (denoted by '< >') if contained within the script.
      Note: Empty parameters may remain in the script as the API call will ignore them

      Example Script

      # A template script for invoking guardAPI function create_user_hierarchy :

      # Usage: ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt

      # replace any < > with the required value

      #

      grdapi create_user_hierarchy userName=jkoopmann parentUserName=scott

    3. Execute the CLI function call.

      Example Call

      $ ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt

  10. Validate. For this scenario it is a redisplay of the Data Security User Hierarchy.

    Data Security User Hierarchy 02

 Multi Row API call

This scenario uses a custom report with mapped parameters to report fields. Please see additional scenarios further in this section for additional information.

  1. To begin, let's show the current Data Security User Hierarchy for the user scott

    Data Security User Hierarchy 03
  2. Click on the Invoke... icon to display a list of APIs that are mapped to this report

    Detailed Session List 01
  3. Click on the API you'd like to invoke; bringing up the API Call Form for the Report and Invoked API Function. Invoking an API call from a report for multiple rows will produce an API Call Form that displays and enables the editing of all records displayed on the screen (dependent on the fetch size) to a maximum of 20 records.

    API Call Form - Create User hierarchy 01
  4. Use the check boxes to select / de-select the rows that will be targeted for the API call.

  5. Fill in the Required Parameters and any non-Required Parameters for the selected API call. Many of the parameters are pre-filled from the report but may be changed to build a unique API call. For specific help in filling out required or non-required parameters please see the individual API function calls within the GuardAPI Reference guide. Additionally, use the set of parameters for the API to enter a value for a parameter and then click the down arrow to populate that parameter for all records.

  6. Use the drop-down list to select the Log level, where Log level represents the following (0 - returns ID=identifier and ERR=error_code as defined in Return Codes, 1 - displays additional information to screen, 2 - puts information into the Guardium application debug logs, 3 - both 1 and 2).

  7. Use the drop-down list to select a Parameter to encrypt.
    Note: Parameter Encryption is enabled by setting the Shared Secret and is relevant only for invoking the API function through script generation.
  8. Choose to Invoke Now or Generate Script.

    1. If Invoke Now is selected the API call runs immediately and displays an API Call Output screen showing the status of the API call. In this specific scenario the last two API calls would fail since we can not have a cyclical relationship in the hierarchy.

    2. If Generate Script is selected: Open the generated script with your favorite editor or optionally save to disk to edit and execute at a later time You can replace any of the empty parameter values (denoted by '< >') if contained within the script. With this scenario, we could easily delete the last two lines of the script -- knowing they would create cyclical errors.
      Note: Empty parameters are valid in the script since the API call ignores them.
      Example Script
      # A template script for invoking guardAPI function create_user_hierarchy :
      # Usage: ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt
      # replace any < > with the required value
      #
      grdapi create_user_hierarchy userName=ADAMS parentUserName=SCOTT
      grdapi create_user_hierarchy userName=JOHNY parentUserName=SCOTT
      grdapi create_user_hierarchy userName=MARY  parentUserName=SCOTT
      grdapi create_user_hierarchy userName=SCOTT parentUserName=SCOTT
      grdapi create_user_hierarchy userName=SCOTT parentUserName=SCOTT 
      Then Execute the CLI function call, for example:
      $ ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt
      API call output - Create user hierarchy 02
  9. Validate. For this scenario it is a re-display of the Data Security User Hierarchy.

    Data Security User Hierarchy 04