Use a test exception to exclude specific members of a group from a security assessment.
Run the security assessment against the exception group to see if a specific member of a group is
affecting your assessment results. This is useful if you do not want to, or are not authorized to
change group settings.
Procedure
- Open the Group Builder by clicking .
- Select VA Tests Exception from the menu to view the list of predefined exception
groups.
- Select a group from the menu and click Modify.
- Add the group members that you want to exclude from the VA test.
- Open the Assessment Builder by clicking . Select an assessment from the
Security Assessment Finder and click Configure
Tests.
- Find the test you want add the exception to, and click the test's Adjust this
test's tuning button from the Tuning column.
- Select your exception group from the menu, and click Save. Run
your assessment again to see if the exception group affects the outcome of the test.
- You can also add a group exception when a test is tuned. For more
information, see Tuning a test.
Note: By default, Guardium includes an exception group called IBM iSeries Profile User Exclusions.
You can clone and modify this group to suit your needs.
All the Database Objects privilege tests
exclude default system schemas from Guardium groups.