Running database entitlement reports
Database entitlement reports provide up-to-date snapshots of database users and their required access privileges. Learn how to prepare and run these reports to validate and ensure that users have only the privileges that are needed to perform their duties.
Before you begin
About this task
Along with authenticating users and restricting role-based access privileges to data, even for the most privileged database users, periodically perform entitlement reviews: validate and ensure that users have only the privileges that are required to perform their duties. This process is known as database user rights attestation reporting.
You can use the Guardium predefined database entitlement (privilege) reports to see who has system privileges and who granted these privileges to other users and roles. Database entitlement reports are important for auditors who are tracking changes to database access, and to ensure that security holes do not exist from lingering accounts or ill-granted privileges.
DB entitlement reports use the Custom Domain feature of Guardium® to create links between the external data on the selected database with the internal data of the predefined entitlement reports. Predefined entitlement reports are available for many data sources, including: Oracle; MYSQL; DB2®; Sybase; Sybase IQ; Informix®; MS SQL 2000/2005/2008; Netezza®; Teradata; and PostgreSQL; Db2 on z/OS. For MS SQL Server and Oracle databases you can also use Entitlement Optimization to access this information. For a full description of the domains in the DB entitlement reports, see Database Entitlement Reports. (For more information about the Custom Domain Builder, Custom Query Builder, or Custom Table Builder, see External data correlation.
- gdmmonitor-db2.sql (for Db2)
- create_CKADBVA_schema_tables_zOS.sql (for Db2 on zOS)
- gdmmonitor-db2-zOS.sql (for Db2 on zOS)
- gdmmonitor-mss.sql (for MS-SQL 2005 and up)
- gdmmonitor-mss.sql(for MS-SQL 2005 and up)
- gdmmonitor-mss-SA.sql (for MS-SQL)
- gdmmonitor-mys.sql (for MySQL)
- gdmmonitor-netezza.sql (for Netezza)
- gdmmonitor-ora.sql (for Oracle)
- gdmmonitor-ora-container.sql (for Oracle Container DB)
- gdmmonitor-postgres.sql (for PostgreSQL)
- gdmmonitor-syb.sql (for Sybase)
- gdmmonitor-teradata.sql (for Teradata)
- gdmmonitor-sybaseIQ.sql (for SybaseIQ)
- Jconnect_SybaseIQ_requirement.txt (for SybaseIQ)
- gdmmonitor-db2-IBMi.sql (for Db2 on iSeries)
- gdmmonitor-Aster.sql (for Aster)
- gdmmonitor-mongodb24.sql (for Mongodb 2.4)
- gdmmonitor-mongodb26andAbove.sql (for Mongodb 2.6 and above)
- gdmmonitor-hive-Cloudera.sql (for Hive on Cloudera Hadoop distribution)
- gdmmonitor-Cloudera-Manager.sql (for Cloudera Manager)
- gdmmonitor-DSE-Cassandra.sql (for DataStax Cassandra)
- gdmmonitor-SAP-Hana.sql (For SAP Hana)
- gdmmonitor-Apache-Cassandra.sql (For Apache Cassandra)
- gdmmonitor-azure.sql (For SQL DB Azure)
- gdmmonitor-Couchbase.sql (For Couchbase)
- gdmmonitor-ifx.sql (For Informix)
- gdmmonitor-mariaDB.sql (For MariaDB)
- gdmmonitor-mongodb26-To-34.sql (For MongoDB version 2.6 to 3.4)
- gdmmonitor-mongodb36andAbove.sql (For MongoDB version 3.6 and up)
- gdmmonitor-mss2000-only.sql (For MS SQL Server 2000)
- gdmmonitor-Neo4j.sql (For Neo4j)
- gdmmonitor-ora-autonomous.sql (For Oracle autonomous)
- gdmmonitor-ora-RDS.sql (For Oracle RDS)
- gdmmonitor-PerconaMySQL.sql (For Percona MySQL)
- gdmmonitor-postgres.sql (For PostgreSQL)
- gdmmonitor-Redshift.sql (For Redshift)
- gdmmonitor-Snowflake.sql (For Snowflake)
- gdmmonitor-syb.sql (For Sybase)
- gdmmonitor-sybaseIQ.sql (For SybaseIQ)
- gdmmonitor-teradata.sql (For Teradata)