Privacy sets
A privacy set is a collection of elements that can be used to do special monitoring.
A privacy set consists of one or more object-field pairs - for example, the salary field of the employee table, or all fields of the salary history table. All access to these elements within a given time frame can be reported.
Select any of the topics to work with privacy sets.
Open the privacy set builder
To access a privacy set definition, your Guardium® user account must be assigned a security role that is also assigned to that privacy set definition. Privacy sets that you cannot access will not display in a list of privacy sets.
From the Identify Privacy Set you can create a new privacy set, modify an existing privacy set, or run a privacy set report.
Creating a privacy set
- Click the icon to open the Privacy Set Definition page.
- In the Privacy Set Description box, enter a unique name for the privacy set. Do not include apostrophe characters in the name. This is the name that will display in the Identify Privacy Set panel.
- From the Security Classification drop-down list, optionally select a security classification for this privacy set.
- In the Elements in this Privacy Set pane, for each element pair to
include:
- Enter an object name in the Object box.
- Enter a field name in the Field box, or mark the Any Field in this Object box to include all fields contained in the specified object.
- Click Add this new Object – Field Pair.
- When all elements have been added, click Save.
- Optionally, click the Roles button to add Roles.
- Optionally, click the Comments button to add comments.
Modifying a privacy set
- Select the privacy set you want to modify and click Modify.
- Make the changes you want to the privacy set definition.
- Click Save.
- Click Done when you are finished.
Cloning a privacy set
- Select the privacy set you want to clone and click Clone.
- The cloned privacy set is named COPY OF selected privacy set. Guardium suggests that you change this name to something more meaningful.
- Make any additional changes to the privacy set definition, as necessary. F
- Click Save.
- Click Done when you are finished.
Deleting a privacy set
If an auditing process is running, you cannot remove a privacy set. Stop the auditing process, then follow the steps to remove the privacy set.
- Select the privacy set you want to delete.
- Click Delete and confirm the action.
- Click Done.
Running a privacy set report
This procedure describes how to run a privacy set report on demand. To schedule a privacy set report, include it in a compliance workflow (see Compliance Workflow Automation).
- Select a privacy set from the privacy set list and click Run.
- In the Task Parameters, enter the starting and ending times for the task.
- Specify how to display the results:
- Report by Access Details - Default. Displays the access count for each combination of client IP, server IP, server (name), server type, database protocol, source program name, and database user name
- Report by Application User - Displays a separate column with that name (following DB User Name) and the output is additionally qualified by the application user.
- Click Run Once Now. After the report has been executed, it will be displayed in a separate window.
- Click Done.