Group exceptions

Use a test exception to exclude specific members of a group from a security assessment. Run the security assessment against the exception group to see if a specific member of a group is affecting your assessment results. This is useful if you do not want to, or are not authorized to change group settings.

Procedure

  1. Open the Group Builder by clicking Setup > Tools and Views > Group Builder.
  2. Select VA Tests Exception from the Group Type menu to view the list of predefined exception groups.
  3. Select a group from the Modify Existing Groups menu and click Modify.
  4. Add the group members that you want to exclude from the VA test.
  5. Open the Assessment Builder by clicking Harden > Vulnerability Assessment > Assessment Builder. Select an assessment from the Security Assessment Finder and click Configure Tests.
  6. Find the test you want add the exception to, and click the test's Adjust this test's tuning button from the Tuning column.
  7. Select your exception group from the menu, and click Save. Run your assessment again to see if the exception group affects the outcome of the test.
  8. You can also add a group exception when a test is tuned. For more information, see Tuning a test.
    Note: By default, Guardium includes an exception group called IBM iSeries Profile User Exclusions. You can clone and modify this group to suit your needs.

    All the Database Objects privilege tests exclude default system schemas from Guardium groups.