Privacy sets

A privacy set is a collection of elements that can be used to do special monitoring.

A privacy set consists of one or more object-field pairs - for example, the salary field of the employee table, or all fields of the salary history table. All access to these elements within a given time frame can be reported.

Select any of the topics to work with privacy sets.

Open the privacy set builder

To access a privacy set definition, your Guardium® user account must be assigned a security role that is also assigned to that privacy set definition. Privacy sets that you cannot access will not display in a list of privacy sets.

To open the Identify Privacy Set page, browse to one of the following locations:
  • Comply > Tools and Views > Privacy Set Builder
  • Discover > Database Discovery > Privacy Set Builder

From the Identify Privacy Set you can create a new privacy set, modify an existing privacy set, or run a privacy set report.

Creating a privacy set

  1. Click the New icon to open the Privacy Set Definition page.
  2. In the Privacy Set Description box, enter a unique name for the privacy set. Do not include apostrophe characters in the name. This is the name that will display in the Identify Privacy Set panel.
  3. From the Security Classification drop-down list, optionally select a security classification for this privacy set.
  4. In the Elements in this Privacy Set pane, for each element pair to include:
    • Enter an object name in the Object box.
    • Enter a field name in the Field box, or mark the Any Field in this Object box to include all fields contained in the specified object.
    • Click Add this new Object – Field Pair.
  5. When all elements have been added, click Save.
  6. Optionally, click the Roles button to add Roles.
  7. Optionally, click the Comments button to add comments.

Modifying a privacy set

  1. Select the privacy set you want to modify and click Modify.
  2. Make the changes you want to the privacy set definition.
  3. Click Save.
  4. Click Done when you are finished.

Cloning a privacy set

  1. Select the privacy set you want to clone and click Clone.
  2. The cloned privacy set is named COPY OF selected privacy set.  Guardium suggests that you change this name to something more meaningful.
  3. Make any additional changes to the privacy set definition, as necessary. F
  4. Click Save.
  5. Click Done when you are finished.

Deleting a privacy set

If an auditing process is running, you cannot remove a privacy set. Stop the auditing process, then follow the steps to remove the privacy set.

  1. Select the privacy set you want to delete.
  2. Click Delete and confirm the action.
  3. Click Done.

Running a privacy set report

This procedure describes how to run a privacy set report on demand. To schedule a privacy set report, include it in a compliance workflow (see Compliance Workflow Automation).

  1. Select a privacy set from the privacy set list and click Run.
  2. In the Task Parameters, enter the starting and ending times for the task.
  3. Specify how to display the results:
    • Report by Access Details - Default. Displays the access count for each combination of client IP, server IP, server (name), server type, database protocol, source program name, and database user name
    • Report by Application User - Displays a separate column with that name (following DB User Name) and the output is additionally qualified by the application user.
  4. Click Run Once Now. After the report has been executed, it will be displayed in a separate window.
  5. Click Done.