Groups are collections of similar data objects (or members)
that can be used for filtering reports.
Guardium®
Data Security Center provides predefined groups that you can use
for this - or you can import groups from Guardium central
manager (where they
are used for creating query, policy, and classification definitions).
Before you begin
By default, you must be assigned the
Administrator
role to be able to manage groups.
Important: If you have policy
rules that use groups as rule conditions, modifying the groups by adding or removing members will
result in reactivation of group members.
When importing groups, you must have a working connection to a Guardium central
manager to import from. If you do not have a central manager set up when you launch the import action, you will be
prompted to create a central manager at that time.
To open the Groups page, select
in the
main menu. Open this menu by clicking the main menu icon (
).
Procedure
- The Groups page lists the
predefined groups that are provided by Guardium
Data Security Center. The page also lists any groups that you have added or imported from Guardium. To locate a group, you can use
the search field.
Note: You cannot delete predefined groups.
- The Groups page also allows you to create 7-tuple groups and import their members from CSV or LDAP. A tuple group allows
multiple attributes to be combined together to form a single composite group member. Tuples can help
simplify specifying conditions for reporting and policy rules.
- In the Groups page, you can:
- If you select a group that has been imported from a Guardium central
manager, click Synchronize to synchronize it
with Guardium to pick up any changes that have been made
to it since it as last imported.
- Parent groups: Some groups in
Guardium
Data Security Center are parent groups without members of
their own. These groups accept only child groups and they become populated when you add or import
groups to them. Note these conditions that apply when importing
groups that have the same name as existing Guardium
Data Security Center groups:
- Predefined parent groups: If you import a group from a Guardium central
manager that has the same name as a Guardium
Data Security Center predefined group, the imported group will become a
child of the predefined group. The name of the imported child group will be the original name of the
group, plus the name of the central manager appended to
it.
- User-defined parent groups: If you import a group from a Guardium central
manager that has the same name as a Guardium
Data Security Center user-defined group, the imported group will become
a new group in Guardium
Data Security Center (the name of the imported
child group will be the original name of the group, plus the name of the central manager appended to it).
In the Guardium
Data Security Center user interface, you can expand
these groups to display their tree structure.
- When you click on a group or select its checkbox and click Open,
you are taken to its details where you can perform
actions such as adding members and importing members from a CSV file or LDAP.