Guardium allows you to group together similar
data objects and use them when creating query, policy, and classification definitions. You can
import these groups to Guardium
Data Security Center and use them to
filter report data.
Before you begin
By default, you must be assigned the
Administrator
role to be able to manage groups.
Important: If you have policy
rules that use groups as rule conditions, modifying the groups by adding or removing members will
result in reactivation of group members.
When importing groups, you must have a working connection to a Guardium central
manager to import from. If you do not have a central manager set up when you launch the import action, you will be
prompted to create a central manager at that time.
To open the Groups page, select
in the
main menu. Open this menu by clicking the main menu icon (
).
To learn more about groups in Guardium, see https://www.ibm.com/docs/en/guardium/latest?topic=system-groups.
Procedure
- Click .
- In the Select the connection and import approach page:
- Select the Guardium central
manager that you want to import
groups from.
- Select the manner in which you want to import the groups:
- Keep groups in sync with Guardium source groups: Select this if you want
to import the groups and have them updated when they change in the Guardium central
manager. If you choose this option, the group will appear in Guardium
Data Security Center as an imported group and you will not be able to
alter its list of members.
- Import once and then decouple: Select this if you want to import the
current snapshot of the groups to Guardium
Data Security Center. If you
select this option, the group will appear in Guardium
Data Security Center as a user defined group and you will be able to
alter its list of members.
- Click Next.
- The Select groups section displays the groups that are supported by
Guardium
Data Security Center (it does not list groups that are not
supported, such as Tuple groups - nor does it list groups that have already been imported from
Guardium central
manager). In the Select groups section, select one or more
groups to import. To choose all groups in the page, select the checkbox next to the
Name column header.
To make the list of groups easier to work with:
- You can set the list to display only certain group types. To do this, open
the Select group types menu and then choose the group types to include in the
list of groups.
- To locate a group, you can use
the search field.
Note:
- If you select a parent group for import, all of its child groups will be automatically selected
for import. To deselect any of these child groups, you must first deselect the parent group.
- When you select the checkbox next to the Name column header, all groups
on the current page will be selected. If the list of groups expands beyond one page, the groups on
other pages will not be selected. To select groups on other pages, change the current page to
display more groups by altering the Items per page selection menu - or
manually move through all of the pages to select additional groups.
- Click Finish to import the selected group or groups to Guardium
Data Security Center.
Results
Note these conditions that apply when importing
groups that have the same name as existing Guardium
Data Security Center groups:
- Predefined parent groups: If you import a group from a Guardium central
manager that has the same name as a Guardium
Data Security Center predefined group, the imported group will become a
child of the predefined group. The name of the imported child group will be the original name of the
group, plus the name of the central manager appended to
it.
- User-defined parent groups: If you import a group from a Guardium central
manager that has the same name as a Guardium
Data Security Center user-defined group, the imported group will become
a new group in Guardium
Data Security Center (the name of the imported
child group will be the original name of the group, plus the name of the central manager appended to it).