Managing groups

Groups are collections of similar data objects (or members) that can be used for filtering reports. Guardium® Data Security Center provides predefined groups that you can use for this - or you can import groups from Guardium central manager (where they are used for creating query, policy, and classification definitions).

Before you begin

By default, you must be assigned the Administrator role to be able to manage groups.
Important: If you have policy rules that use groups as rule conditions, modifying the groups by adding or removing members will result in reactivation of group members.

When importing groups, you must have a working connection to a Guardium central manager to import from. If you do not have a central manager set up when you launch the import action, you will be prompted to create a central manager at that time.

To open the Groups page, select Configurations > Groups in the main menu. Open this menu by clicking the main menu icon (main menu).

Procedure

  • The Groups page lists the predefined groups that are provided by Guardium Data Security Center. The page also lists any groups that you have added or imported from Guardium. To locate a group, you can use the search field.
    Note: You cannot delete predefined groups.
  • The Groups page also allows you to create 7-tuple groups and import their members from CSV or LDAP. A tuple group allows multiple attributes to be combined together to form a single composite group member. Tuples can help simplify specifying conditions for reporting and policy rules.
  • In the Groups page, you can:
  • If you select a group that has been imported from a Guardium central manager, click Synchronize to synchronize it with Guardium to pick up any changes that have been made to it since it as last imported.
  • Parent groups: Some groups in Guardium Data Security Center are parent groups without members of their own. These groups accept only child groups and they become populated when you add or import groups to them. Note these conditions that apply when importing groups that have the same name as existing Guardium Data Security Center groups:
    • Predefined parent groups: If you import a group from a Guardium central manager that has the same name as a Guardium Data Security Center predefined group, the imported group will become a child of the predefined group. The name of the imported child group will be the original name of the group, plus the name of the central manager appended to it.
    • User-defined parent groups: If you import a group from a Guardium central manager that has the same name as a Guardium Data Security Center user-defined group, the imported group will become a new group in Guardium Data Security Center (the name of the imported child group will be the original name of the group, plus the name of the central manager appended to it).

    In the Guardium Data Security Center user interface, you can expand these groups to display their tree structure.

  • When you click on a group or select its checkbox and click Open, you are taken to its details where you can perform actions such as adding members and importing members from a CSV file or LDAP.