Predefined Groups

This section details the predefined groups in Guardium®.

The following table describes the predefined groups that are included with your Guardium system. To view the list of all groups, open the Group Builder by clicking Setup > Group Builder. Select SQL_APP_NAME from the Applications menu, and click Next. From the next screen, manage members from Selected Groups. The term Group Type refers to expectations on the type of data designated by the label. For example, the group type Server IP expects data arranged as an IP address (192.168.1.0) and the group type Users expects to see names of users of the application.

Additional predefined groups do get added periodically and these additional predefined groups may not be described here. Open the Group Builder to see all existing groups.

Predefined groups of group type DB User/DB Password are allowed only to users with the role of admin. Users can, if preferred, add other roles or even allow the groups to all roles.

Table 1. Predefined Groups
SQL_APP_NAME GROUP_DESCRIPTION MEMBERS

DB2® zOS Groups

zOS Audit Dynamic SQL

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit Query

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit Updates

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit Deletes

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit Inserts

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit Utilities

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit Object Maintenance

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit User Maintenance

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit User Authorization Changes

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit DB2 Commands

Group Type for DB2 commands

DB2 zOS Groups

zOS Audit Plan/ Package Maintenance

Group Type for DB2 commands

IMS zOS Groups

zOS IMS Audit Query

Group Type for IMS commands

IMS zOS Groups

zOS IMS Audit Updates

Group Type for IMS commands

IMS zOS Groups

zOS IMS Audit Deletes

Group Type for IMS commands

IMS zOS Groups

zOS IMS Audit Inserts

Group Type for IMS commands

IMS zOS Groups

zOS IMS Audit DB Commands

Group Type for IMS commands

Policy Builder

Cardholder Objects

Group Type, Objects

Policy Builder

Financial Objects

Group Type, Objects

Policy Builder

PHI Objects

Group Type, Objects

Policy Builder

Authorized Client IPs

Group Type, Client IP

Policy Builder

Production Users

Group Type, Users

Policy Builder

PII Objects

Group Type, Objects

Policy Builder

Production Servers

Group Type, Server IP

Policy Builder

Financial Servers

Group Type, Server IP

Policy Builder

Functional Users

Group Type, Users

Policy Builder

Sharepoint Servers

Group Type, Server IP

Security Assessment Builder

DB2 Database Version+Patches

Informix® Database Version+Patches

MS Sql Server Database Version+Patches

MySql Database Version+Patches

Netezza® Version+Patches

Oracle Database Version+Patches

Postgress Version+Patches

Sybase Database Version+Patches

Teradata PDE Version+Patches

Teradata TDBMS Version+Patches

Teradata TDGSS Version+Patches

Teradata TGTW Version+Patches

Used for (specific) database version and patch level tests.

Security Assessment Builder

DB2 Allowed Grants to Public

Informix Allowed Grants to Publics

MS-SQL Allowed Grants to Public

MYSQL Allowed Grants to Public

Netezza Allowed Grants to Public

Oracle Allowed Grants to Public

Postgres Allowed Grants to Public

Teradata Allowed Grants to Public

TUPLE, Object/Command Application 8 (Security assessment)

List of objects/commands for which grants to public are allowed.

These objects will be skipped on MS-SQL and Sybase tests that check grants to public.

Note:

Exceptions group can contain a regular expression or just a member. If regular expression, the group member must start with (R) (case sensitive), and the records in the detail will be checked against the regular expression after the (R).

For example if a group member is:

(R)SYSTEM.[a-z]+  each detail record will be checked using pattern: SYSTEM.[a-z]+

If the member does not start with (R) the detail record will be considered an exception only if it is equal to the group member.

Note a group may contain a mix of regular expressions and specific exceptions.

Security Assessment Builder

MS-SQL Extended Procedures Allowed

Group Type is Objects

Security Assessment Builder

MS-SQL Database Administrators

Group Type is Users

12.1 and later Security Assessment Builder

MS-SQL Exclude Databases Database names to exclude

Security Assessment Builder

Teradata Profile

Group Type is Objects

 

 

 

Public

Account Management Commands

Commands used to maintain accounts (users, roles, permissions), examples: REVOKE, GRANT, ALTER/CREATE/DROP USER

Public

Account Management Procedures

Account Management Objects, stored Procedures used to maintain accounts (users, roles, permissions)

Public

Active Users

Group Type is Users

Public

Admin Users

Default administrative users (DBAs and SysAdmins)

Public

Administration Objects

Privileged Objects, objects that only DBA or Sys Accounts should access. These accounts are locked for "public" by default.

Public

Administrative Commands

Privileged Commands, privileged Commands, should be executed only by DBAs. Examples: GRANT, BACKUP, DDL commands

Public

Administrative Programs

Database utilities (clients) that come with database and usually reside on the database server and could used by the server itself

Public

ALTER Commands

Examples, alter database, alter procedure, alter profile, alter session, alter user

Public

Application Privileged Commands

Public privileged commands that should be revoked from "public", but not revoked since they are used by the application

Public

Application Privileged Procedures

Application Privileged Objects, public privileged procedures that should be revoked from "public" but not revoked since they are used by the application

Public

Application Schema Users

Application Users, database user used by the application to maintain/user the application tables

Public

Archive Candidates

Group Type is Objects

Public

Authorized Source Programs

Group Type is Source Programs

Public

Authorized Users

Group Type is Users

Public

Connection Profiling List

Group Type is Client IP/Src App/DB User/Server IP/SVC. Name

List of allowed connections

Public

CREATE Commands

Examples, create context, create database link, create function, create statistics, create type, create user

Public

Credentials Related Entities

Guardium Audit Types, Self-Monitoring, examples, allowed_role, LDAP_config, Turbine_user_group_role

Public

Data Transfer Commands

Backup Commands, commands dealing with backup/restore of database data

Public

Data Transfer Procedures

Data Transfer Objects, procedures dealing with backup/restore of database data (mostly on MSS and SYB)

Public

DB Predefined Users

Either non-admin predefined users or all predefined users, including administrative ones

Public

DBCC Commands

Group Type is Commands

Public

DDL Commands

Data Definitions Language, schema-privileged commands, examples, ALTER, CREATE, DROP

Public

DML Commands

DML Commands, examples, insert, truncate, update

Public

DROP Commands

Examples, drop_context, drop_event_monitor, drop_procedure, drop_role

Public

DW All Object-Field

DW All Objects

DW Execute Accessed Objects

DW Select Accessed Objects

DW Select Accessed Objects/Fields

There are five predefined reports that use monitored data to show object names. These reports all start with the prefix DW (Data Warehouse). See the help topic, How to report on dormant tables/columns, for further information on how to use these predefined reports.

Public

EBS App Servers

Group Type is Client IP

Public

EBS DB Servers

Group Type is Server IP

Public

EXECUTE Commands

Examples, call, execute, execute function

Public

GRANT Commands

Examples, grant, grant objectives, grant system privileges

Public

Guardium Audit Categories for Detailed Reporting

Guardium patches, TURBINE_USER_GROUP_ROLE

Public

ICM App Servers

Group Type is Client IP

Public

ICM DB Servers

Group Type is Server IP

Public

ImportLDAPUser

Group Type is Objects

Public

ImportLDAPUser_bindValues

Group Type is Objects

Public

Inspection Engine Entities

Examples, adminconsole_sniffer, software_tap_db_client, software_tap_db_server

Public

Java™ Commands

Examples, alter java, create java, drop java

Public

KILL Commands

Example, kill

Public

Masked_SP_Executions_MS_SQL_SERVER

For MS SQL Server, a group that includes a collection of stored procedures (SP) names. If there is an execution of an included procedure, than everything will be masked, even if in quotes. Predefined as empty.

Public

Masked_SP_Executions_Sybase

For Sybase, a group that includes a collection of stored procedures (SP) names. If there is an execution of an included procedure, than everything will be masked, even if in quotes. Predefined as empty.

Public

MongoDB Skip Commands

Group Type is Commands

Public

MS-SQL Replication Procedures

Group Type is Objects

Public

MS-SQL Security System Procedures

Group Type is Objects

Public

MS-SQL System Procedures

Group Type is Objects

Public

Oracle EBS HRMS Sensitive Objects

Group Type is Objects

Public

Oracle EBS-PCI

Group Type is Objects

Public

Oracle EBS-SOX

Group Type is Objects

Public

Oracle Predefined Users

Group Type is Users

Public

Peer Association Commands

Commands dealing with links/replications of data, examples, links, log shipping, replications, snapshots

Public

Peer Association Procedures

Peer Association Objects, procedures dealing with links/replications of data

Examples: Links, log shipping, replications, snapshots

Public

PeopleSoft Objects

Group Type is Objects

Public

PeopleSoft Sensitive Objects

Group Type is Objects

Public

Performance Commands

Examples, analyze, create statistics, update all statistics

Public

Policy Related Entities

Examples, access_rule, gdm_install_policy_header

Public

Potential Overflow Objects

Group Type is Objects

Public

Procedural Commands

Examples, begin, call, execute, exit, repeat, set

Public

PROCEDURE DDL

Examples, alter procedure, create procedure, drop procedure

Public

PSFT App Servers

Group Type is Client IP

Public

PSFT DB Servers

Group Type is Server IP

Public

Public executable procedures

Execute-Only Objects, procedures/functions/Packages that by default granted access to public

Public

Public selectable object

Select-only Objects, tables that by default granted access to public

Public

RESTORE  Commands

Examples, restore database, restore log

Public

REVOKE Commands

Examples, revoke object privileges, revoke system privileges

Public

Risk-indicative Error Messages

SQL errors related to security

Public

Sharepoint Servers

 

Public

SAP-PCI

Group Type is Objects

Public

SAP App Servers

Group Type is Client IP

Public

SAP DB Servers

Group Type is Server IP

Public

SAP HR Sensitive Objects

Group Type is Objects

Public

Select Command

Examples, select, select list

Public

Sensitive Objects

Examples, activity, sales

Public

SIEBEL App Servers

Group Type is Client IP

Public

SIEBEL DB Servers

Group Type is Server IP

Public

Siebel SIA Sensitive Objects

Group Type is Objects

Public

SPECIAL CASE Source Program

Group Type is Source Programs

Public

Suspicious Objects

Group Type is Objects

Public

Suspicious Users

Group Type is Users

Public

System Configuration Commands

Database configuration commands (subset of Administrative Commands)

Examples: ALTER DATABASE, ALTER SYSTEM

Public

System Configuration Procedures

System Configuration Objects (subset of Administration Objects)

Public

Terminated DB Users

Group Type is Users

Public

Vulnerable Objects (with wildcards)

Database objects with reported vulnerabilities

Public

DB2 Default Users

IBM iSeries Default Users

Informix Default Users

MS-SQL Server Default Users

MYSQL Default Users

Netezza Default Users

Oracle Default Users

PostgreSQL Default Users

Sybase Default Users

Teradata Default Users

Group Type is DB User/DB Password

Public

Hadoop Skip Commands

Hadoop Skip Objects

Not Hadoop Server

Group Type is Command

Group Type is Object

Group Type is Server IP

Public

Replay - Exclude from Compare

Replay - Include in Compare

Group Type is Objects

Audit Process Builder

 

Predefined as empty.

Classifier

 

Predefined as empty.

Express Security

 

Predefined as empty.