Predefined Groups
This section details the predefined groups in Guardium®.
The following table describes the predefined groups that are included with your Guardium system. To view the list of all groups, open the Group Builder by clicking . Select SQL_APP_NAME from the menu, and click Next. From the next screen, manage members from Selected Groups. The term Group Type refers to expectations on the type of data designated by the label. For example, the group type Server IP expects data arranged as an IP address (192.168.1.0) and the group type Users expects to see names of users of the application.
Additional predefined groups do get added periodically and these additional predefined groups may not be described here. Open the Group Builder to see all existing groups.
Predefined groups of group type DB User/DB Password are allowed only to users with the role of admin. Users can, if preferred, add other roles or even allow the groups to all roles.
SQL_APP_NAME | GROUP_DESCRIPTION | MEMBERS |
---|---|---|
DB2® zOS Groups |
zOS Audit Dynamic SQL |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit Query |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit Updates |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit Deletes |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit Inserts |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit Utilities |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit Object Maintenance |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit User Maintenance |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit User Authorization Changes |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit DB2 Commands |
Group Type for DB2 commands |
DB2 zOS Groups |
zOS Audit Plan/ Package Maintenance |
Group Type for DB2 commands |
IMS zOS Groups |
zOS IMS Audit Query |
Group Type for IMS commands |
IMS zOS Groups |
zOS IMS Audit Updates |
Group Type for IMS commands |
IMS zOS Groups |
zOS IMS Audit Deletes |
Group Type for IMS commands |
IMS zOS Groups |
zOS IMS Audit Inserts |
Group Type for IMS commands |
IMS zOS Groups |
zOS IMS Audit DB Commands |
Group Type for IMS commands |
Policy Builder |
Cardholder Objects |
Group Type, Objects |
Policy Builder |
Financial Objects |
Group Type, Objects |
Policy Builder |
PHI Objects |
Group Type, Objects |
Policy Builder |
Authorized Client IPs |
Group Type, Client IP |
Policy Builder |
Production Users |
Group Type, Users |
Policy Builder |
PII Objects |
Group Type, Objects |
Policy Builder |
Production Servers |
Group Type, Server IP |
Policy Builder |
Financial Servers |
Group Type, Server IP |
Policy Builder |
Functional Users |
Group Type, Users |
Policy Builder |
Sharepoint Servers |
Group Type, Server IP |
Security Assessment Builder |
DB2 Database Version+Patches Informix® Database Version+Patches MS Sql Server Database Version+Patches MySql Database Version+Patches Netezza® Version+Patches Oracle Database Version+Patches Postgress Version+Patches Sybase Database Version+Patches Teradata PDE Version+Patches Teradata TDBMS Version+Patches Teradata TDGSS Version+Patches Teradata TGTW Version+Patches |
Used for (specific) database version and patch level tests. |
Security Assessment Builder |
DB2 Allowed Grants to Public Informix Allowed Grants to Publics MS-SQL Allowed Grants to Public MYSQL Allowed Grants to Public Netezza Allowed Grants to Public Oracle Allowed Grants to Public Postgres Allowed Grants to Public Teradata Allowed Grants to Public |
TUPLE, Object/Command Application 8 (Security assessment) List of objects/commands for which grants to public are allowed. These objects will be skipped on MS-SQL and Sybase tests that check grants to public. Note: Exceptions group can contain a regular expression or just a member. If regular expression, the group member must start with (R) (case sensitive), and the records in the detail will be checked against the regular expression after the (R). For example if a group member is: (R)SYSTEM.[a-z]+ each detail record will be checked using pattern: SYSTEM.[a-z]+ If the member does not start with (R) the detail record will be considered an exception only if it is equal to the group member. Note a group may contain a mix of regular expressions and specific exceptions. |
Security Assessment Builder |
MS-SQL Extended Procedures Allowed |
Group Type is Objects |
Security Assessment Builder |
MS-SQL Database Administrators |
Group Type is Users |
12.1 and later Security Assessment Builder |
MS-SQL Exclude Databases | Database names to exclude |
Security Assessment Builder |
Teradata Profile |
Group Type is Objects |
|
|
|
Public |
Account Management Commands |
Commands used to maintain accounts (users, roles, permissions), examples: REVOKE, GRANT, ALTER/CREATE/DROP USER |
Public |
Account Management Procedures |
Account Management Objects, stored Procedures used to maintain accounts (users, roles, permissions) |
Public |
Active Users |
Group Type is Users |
Public |
Admin Users |
Default administrative users (DBAs and SysAdmins) |
Public |
Administration Objects |
Privileged Objects, objects that only DBA or Sys Accounts should access. These accounts are locked for "public" by default. |
Public |
Administrative Commands |
Privileged Commands, privileged Commands, should be executed only by DBAs. Examples: GRANT, BACKUP, DDL commands |
Public |
Administrative Programs |
Database utilities (clients) that come with database and usually reside on the database server and could used by the server itself |
Public |
ALTER Commands |
Examples, alter database, alter procedure, alter profile, alter session, alter user |
Public |
Application Privileged Commands |
Public privileged commands that should be revoked from "public", but not revoked since they are used by the application |
Public |
Application Privileged Procedures |
Application Privileged Objects, public privileged procedures that should be revoked from "public" but not revoked since they are used by the application |
Public |
Application Schema Users |
Application Users, database user used by the application to maintain/user the application tables |
Public |
Archive Candidates |
Group Type is Objects |
Public |
Authorized Source Programs |
Group Type is Source Programs |
Public |
Authorized Users |
Group Type is Users |
Public |
Connection Profiling List |
Group Type is Client IP/Src App/DB User/Server IP/SVC. Name List of allowed connections |
Public |
CREATE Commands |
Examples, create context, create database link, create function, create statistics, create type, create user |
Public |
Credentials Related Entities |
Guardium Audit Types, Self-Monitoring, examples, allowed_role, LDAP_config, Turbine_user_group_role |
Public |
Data Transfer Commands |
Backup Commands, commands dealing with backup/restore of database data |
Public |
Data Transfer Procedures |
Data Transfer Objects, procedures dealing with backup/restore of database data (mostly on MSS and SYB) |
Public |
DB Predefined Users |
Either non-admin predefined users or all predefined users, including administrative ones |
Public |
DBCC Commands |
Group Type is Commands |
Public |
DDL Commands |
Data Definitions Language, schema-privileged commands, examples, ALTER, CREATE, DROP |
Public |
DML Commands |
DML Commands, examples, insert, truncate, update |
Public |
DROP Commands |
Examples, drop_context, drop_event_monitor, drop_procedure, drop_role |
Public |
DW All Object-Field DW All Objects DW Execute Accessed Objects DW Select Accessed Objects DW Select Accessed Objects/Fields |
There are five predefined reports that use monitored data to show object names. These reports all start with the prefix DW (Data Warehouse). See the help topic, How to report on dormant tables/columns, for further information on how to use these predefined reports. |
Public |
EBS App Servers |
Group Type is Client IP |
Public |
EBS DB Servers |
Group Type is Server IP |
Public |
EXECUTE Commands |
Examples, call, execute, execute function |
Public |
GRANT Commands |
Examples, grant, grant objectives, grant system privileges |
Public |
Guardium Audit Categories for Detailed Reporting |
Guardium patches, TURBINE_USER_GROUP_ROLE |
Public |
ICM App Servers |
Group Type is Client IP |
Public |
ICM DB Servers |
Group Type is Server IP |
Public |
ImportLDAPUser |
Group Type is Objects |
Public |
ImportLDAPUser_bindValues |
Group Type is Objects |
Public |
Inspection Engine Entities |
Examples, adminconsole_sniffer, software_tap_db_client, software_tap_db_server |
Public |
Java™ Commands |
Examples, alter java, create java, drop java |
Public |
KILL Commands |
Example, kill |
Public |
Masked_SP_Executions_MS_SQL_SERVER |
For MS SQL Server, a group that includes a collection of stored procedures (SP) names. If there is an execution of an included procedure, than everything will be masked, even if in quotes. Predefined as empty. |
Public |
Masked_SP_Executions_Sybase |
For Sybase, a group that includes a collection of stored procedures (SP) names. If there is an execution of an included procedure, than everything will be masked, even if in quotes. Predefined as empty. |
Public |
MongoDB Skip Commands |
Group Type is Commands |
Public |
MS-SQL Replication Procedures |
Group Type is Objects |
Public |
MS-SQL Security System Procedures |
Group Type is Objects |
Public |
MS-SQL System Procedures |
Group Type is Objects |
Public |
Oracle EBS HRMS Sensitive Objects |
Group Type is Objects |
Public |
Oracle EBS-PCI |
Group Type is Objects |
Public |
Oracle EBS-SOX |
Group Type is Objects |
Public |
Oracle Predefined Users |
Group Type is Users |
Public |
Peer Association Commands |
Commands dealing with links/replications of data, examples, links, log shipping, replications, snapshots |
Public |
Peer Association Procedures |
Peer Association Objects, procedures dealing with links/replications of data Examples: Links, log shipping, replications, snapshots |
Public |
PeopleSoft Objects |
Group Type is Objects |
Public |
PeopleSoft Sensitive Objects |
Group Type is Objects |
Public |
Performance Commands |
Examples, analyze, create statistics, update all statistics |
Public |
Policy Related Entities |
Examples, access_rule, gdm_install_policy_header |
Public |
Potential Overflow Objects |
Group Type is Objects |
Public |
Procedural Commands |
Examples, begin, call, execute, exit, repeat, set |
Public |
PROCEDURE DDL |
Examples, alter procedure, create procedure, drop procedure |
Public |
PSFT App Servers |
Group Type is Client IP |
Public |
PSFT DB Servers |
Group Type is Server IP |
Public |
Public executable procedures |
Execute-Only Objects, procedures/functions/Packages that by default granted access to public |
Public |
Public selectable object |
Select-only Objects, tables that by default granted access to public |
Public |
RESTORE Commands |
Examples, restore database, restore log |
Public |
REVOKE Commands |
Examples, revoke object privileges, revoke system privileges |
Public |
Risk-indicative Error Messages |
SQL errors related to security |
Public |
Sharepoint Servers |
|
Public |
SAP-PCI |
Group Type is Objects |
Public |
SAP App Servers |
Group Type is Client IP |
Public |
SAP DB Servers |
Group Type is Server IP |
Public |
SAP HR Sensitive Objects |
Group Type is Objects |
Public |
Select Command |
Examples, select, select list |
Public |
Sensitive Objects |
Examples, activity, sales |
Public |
SIEBEL App Servers |
Group Type is Client IP |
Public |
SIEBEL DB Servers |
Group Type is Server IP |
Public |
Siebel SIA Sensitive Objects |
Group Type is Objects |
Public |
SPECIAL CASE Source Program |
Group Type is Source Programs |
Public |
Suspicious Objects |
Group Type is Objects |
Public |
Suspicious Users |
Group Type is Users |
Public |
System Configuration Commands |
Database configuration commands (subset of Administrative Commands) Examples: ALTER DATABASE, ALTER SYSTEM |
Public |
System Configuration Procedures |
System Configuration Objects (subset of Administration Objects) |
Public |
Terminated DB Users |
Group Type is Users |
Public |
Vulnerable Objects (with wildcards) |
Database objects with reported vulnerabilities |
Public |
DB2 Default Users IBM iSeries Default Users Informix Default Users MS-SQL Server Default Users MYSQL Default Users Netezza Default Users Oracle Default Users PostgreSQL Default Users Sybase Default Users Teradata Default Users |
Group Type is DB User/DB Password |
Public |
Hadoop Skip Commands Hadoop Skip Objects Not Hadoop Server |
Group Type is Command Group Type is Object Group Type is Server IP |
Public |
Replay - Exclude from Compare Replay - Include in Compare |
Group Type is Objects |
Audit Process Builder |
|
Predefined as empty. |
Classifier |
|
Predefined as empty. |
Express Security |
|
Predefined as empty. |