Managing access to Guardium

Access management consists of four tasks: account administration, maintenance, monitoring, and revocation.

Access Management is separate from system administration duties.

There are two predefined users on a Guardium® appliance: accessmgr and admin.

  • accessmgr is the user name assigned to the access manager. By default, the access manager is the only user authorized to manage user accounts and security roles.
  • admin is the user name assigned to the (primary) Guardium administrator. By default, the administrator does not have authority to manage user accounts or security roles. The admin user has a more extensive set of privileges.
Note: Admin and accessmgr roles can not be assigned to the same user. The same user may contain both of these roles through a legacy situation or as a result of an upgrade. However, current use will not allow the two roles to be assigned to the same user.

Access Management Selection

  • User Browser: Manage users
  • Role Browser: Manage permissions and customize layouts for roles
  • Role Permissions: Manage application permissions
  • LDAP User Import: Import users from LDAP

Data Security Selection

  • Datasources Associated
  • Datasources Not Associated
  • Servers Associated
  • Servers Not Associated
  • User Hierarchy
  • User-DB Association

Predefined Reports from Accessmgr

The following predefined reports are available from the Accessmgr user.

User and Role Reports

Defining and modifying users (see Managing users) involves deciding both who will be using the Guardium system and to what roles (see Understanding Roles) they will be assigned. A role is a group of users, all of whom are granted the same access privileges.

The User and Role Reports consist of reports:
  • User - Role: a report that shows, by user, the number of roles that user belongs to.
  • All Roles - User: a report that shows, by role, the number or users that belong to that role.
Note: admin and access manager are pre-existing, other roles are created by the Access manager.

The following reports are available on a Central Manager or a standalone unit. If trying to use on a managed machine, an error message will appear. Servers Not Associated will show servers from ALL managed units in Central Manager systems.

Datasources Associated

This report identifies Datasource Name, Host, Service Name, Login Name and Association Type. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.

Datasources Not Associated

This report is a list of datasources not associated with any users. This report identifies Datasource Name, Datasource Type, Host, and Service Name. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.

Servers Associated

This report identifies Server IP, Service Name, Login Name and Association Type. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.

Servers Not Associated

This report is a list of servers not associated with any users. This report identifies Server IP and Service Name. This information comes from the choices made in the User-Database Associations activity. See the Data User Security - Hierarchy and Associations help topic.