Managing access to Guardium
Access management consists of four tasks: account administration, maintenance, monitoring, and revocation.
Access Management is separate from system administration duties.
There are two predefined users on a Guardium® appliance: accessmgr and admin.
- accessmgr is the user name assigned to the access manager. By default, the access manager is the only user authorized to manage user accounts and security roles.
- admin is the user name assigned to the (primary) Guardium administrator. By default, the administrator does not have authority to manage user accounts or security roles. The admin user has a more extensive set of privileges.
Access Management Selection
- User Browser: Manage users
- Role Browser: Manage permissions and customize layouts for roles
- Role Permissions: Manage application permissions
- LDAP User Import: Import users from LDAP
Data Security Selection
- Datasources Associated
- Datasources Not Associated
- Servers Associated
- Servers Not Associated
- User Hierarchy
- User-DB Association
Predefined Reports from Accessmgr
The following predefined reports are available from the Accessmgr user.
User and Role Reports
Defining and modifying users (see Managing users) involves deciding both who will be using the Guardium system and to what roles (see Understanding Roles) they will be assigned. A role is a group of users, all of whom are granted the same access privileges.
- User - Role: a report that shows, by user, the number of roles that user belongs to.
- All Roles - User: a report that shows, by role, the number or users that belong to that role.
The following reports are available on a Central Manager or a standalone unit. If trying to use on a managed machine, an error message will appear. Servers Not Associated will show servers from ALL managed units in Central Manager systems.
Datasources Associated
This report identifies Datasource Name, Host, Service Name, Login Name and Association Type. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.
Datasources Not Associated
This report is a list of datasources not associated with any users. This report identifies Datasource Name, Datasource Type, Host, and Service Name. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.
Servers Associated
This report identifies Server IP, Service Name, Login Name and Association Type. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.
Servers Not Associated
This report is a list of servers not associated with any users. This report identifies Server IP and Service Name. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.