Groups

Guardium supports the grouping of elements to simplify creating and managing policies and to clarify the presentation of reports.

Grouping can simplify the process of creating policy and query definitions. It is often useful to group elements of the same type, and grouping can make the presentation of information on reports more straightforward. Groups are used by all subsystems, and all users share a single set of groups.

For an example of grouping, assume that your company has 25 separate data objects containing sensitive employee information, and you need to report on all access to these items. You could formulate a very long query testing for each of the 25 items. Alternatively, you could define a single group called sensitive employee info containing those 25 objects. That way, in queries or policy rule definitions, you only need to test if an object is a member of that group.

An additional benefit of groups is that they can ease maintenance requirements when the group's composition changes. To continue the example, if your company decides that two more objects need to be added to the sensitive employee info group, you only need to update the group definition and not all of the queries, reports, and policies that reference the group.