Access Policy domain

Use the Access Policy domain to track all available policies on system. This topic describes the domain's entities and attributes.

Available to roles: all

Access Policy Entity

Similar to the Installed Policies entity used for all installed policies on system.

Attribute Description
Policy ID Uniquely identifies an access policy
Policy Description Describes the access policy
Selective Audit Trail Indicates if this is a selective audit trail policy (T/F).
Audit Pattern Test pattern used for a selective audit trail policy.
Timestamp Timestamp for the creation of the record.

Rule Entity

Can be used for Installed policy rule entity or access policy rule entity. There is one for each rule of the installed policy/policies or access policy/policies. Apart from the ID fields (which uniquely identify components on the internal database), all of these fields are described in the Policies help topic.

  • GDM_INSTALLED_POLICY_RULES_ID - Identifies an installed policy rule.
  • ACCESS_RULE_ID - Identifies an access rule.
  • Rule Description - From the policy definition.
  • Rule Position - Position within the policy.
  • Rule Type - Access, Exception, or Extrusion.
  • LAST_ACCESSED - Last
  • Client IP - From the rule definition.
  • Client Net Mask - From the rule definition.
  • Client IP Group - From the rule definition.
  • Server IP - From the rule definition.
  • Server IP Mask - From the rule definition.
  • Client MAC - From the rule definition.
  • Net Protocol - From the rule definition.
  • Net Protocol Group - From the rule definition.
  • Field - From the rule definition.
  • Field Group - From the rule definition.
  • Object - From the rule definition.
  • Object Group - From the rule definition.
  • Command - From the rule definition.
  • Command Group - From the rule definition.
  • Object-Field Group - From the rule definition.
  • DB Type - From the rule definition.
  • Service Name - From the rule definition.
  • Service Name Group - From the rule definition.
  • DB Name - From the rule definition.
  • DB Name Group - From the rule definition.
  • DB User - From the rule definition.
  • DB User Group - From the rule definition.
  • App. User - From the rule definition.
  • App User Group - From the rule definition.
  • OS User - From the rule definition.
  • OS User Group - From the rule definition.
  • Src App. - From the rule definition.
  • Source Program Group - From the rule definition.
  • Pattern/ XML Pattern - From the rule definition.
  • Period - From the rule definition.
  • Min. Ct. - From the rule definition.
  • Reset Interval - From the rule definition.
  • Continue to next Rule/ Revoke - From the rule definition.
  • Rec. Vals. - From the rule definition.
  • App Event Exists - From the rule definition.
  • Event Type - From the rule definition.
  • App Event Text Value - From the rule definition.
  • App Event Date Value - From the rule definition.
  • Event User Name - From the rule definition.
  • Error Code - From the rule definition.
  • Exception Type - From the rule definition.
  • Category Name- From the rule definition.
  • Classification Name - From the rule definition.
  • Severity - From the rule definition.
  • Data Pattern - From the rule definition.
  • SQL Pattern - From the rule definition.
  • Masking Pattern - From the rule definition.
  • Client IP/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Sever IP/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Net Protocol/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Field Name/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Object Name/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Command/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Service Name/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • DB Name/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • App. User/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • OS User/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Source Program/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • Error Code/ Group - Provides the ability to display a single attribute and its related (if any) in a single column of the report.
  • App. Event Text/ Numeric/ Date - The application events text, numeric, and date attributes.
  • Category/ Classification - The combined category and classification for the rule.
  • GDM_Installed_Policy_Header_ID - Identifies an installed policy header.
Note: GDM_INSTALLED_POLICY_RULES_ID and ACCESS_RULE_ID are available to users with the admin role only.

Rule Action Entity

Can be used Installed policy rule action entity or access policy rule action entity. There is one for each rule of the installed policy/policies or access policy/policies .

  • Sequence - Sequence of the action within the rule.
  • Action
    • Block the request - See Blocking Actions in Policies.
    • Log or ignore the violation or the traffik - See Log or Ignore Actions in Policies.
    • Alert - See Alerting Actions in Policies.

Alert Notification Entity

Describes a policy alert notification.

Attribute Description
ALERT_NOTIFICATION_ID Identifies the alert notification. Only available to users with the admin role.
ALERT_ID Identifies the alert definition. Only available to users with the admin role.
Alert Notification Type Type of alert from the policy rule definition.
Alert User Receiver of the alert.
Alert Destination Type of alert (EMAIL, SNMP, SYSLOG, CUSTM).
Timestamp Timestamp alert record created.