Rule does not trigger
If a rule with a value in the policy command
field does not trigger as expected, reconfigure the rule.
Symptoms
Rules with a value in the policy Command field do not trigger as expected.
Causes
The cause is a misconfiguration in the command field. The Guardium parser does not consider the command modifiers to be a part of a command.
Environment
Guardium Collectors. The command field in the policy rule is also affected when it is used with wildcard (%).
Resolving the problem
The value in the Command field
of the rule must match a value exactly that is shown in SQL Verb,
plus a wildcard (%) as needed. This example is correct.
GRANT
GRANT%
This example is incorrect.GRANT% TO PUBLIC
%GRANT% ADMIN OPTION%
ADMIN OPTION and TO
PUBLIC do not match and cannot trigger a rule because the
Guardium parser does not recognize them as a part of a command. Generally,
the parser does not consider command modifiers to be part of a command.
Instead, create a report to inspect the traffic that the policy monitors
and include the SQL Verb field from the Command entity in that report.
Anything that is listed in the SQL Verb field is recognized by the
parser and can be used in the Command field
of a policy rule. Several commands can be added to a group and the
group can be used in the rule instead of a single command. In this
case, each group member must match an entry in SQL Verb. Guardium
includes several such command groups that you can use or clone.