Predefined groups

Guardium® Insights SaaS provides predefined groups that you can use for filtering reports. This topic lists these groups.

Table 1. Predefined groups
Name Group type Description Nested
Admin users Database users Default administrative users such as database and system administrators. Yes
Administration objects Table names Privileged objects that only administrative users can access (objects that, by default, are locked to public access). Yes
Administrative commands Commands Privileged commands that, by default, can only be executed by administrative users (for example, GRANT and DDL commands). No
ALTER commands Commands ALTER commands such as ALTER DATABASE, ALTER PROCEDURE, ALTER PROFILE, ALTER SESSION, and ALTER USER. No
Applications excluded from analysis Source program Applications excluded from analysis. Yes
Authorized users Database users Users that are authorized to use the system. Yes
Authorized server IPs IP address Server IP addresses that are authorized to connect to the system. Yes
Database DML and SELECT commands Commands Data Manipulation Language (DML) and SELECT commands. Yes
Databases excluded from analysis Database name Databases excluded from analysis. Yes
DB users excluded from analysis Database users Database users excluded from analysis. Yes
DDL commands Commands Data Definition Language (DDL) and schema-privileged commands such as ALTER and DROP. No
DML commands Commands Data manipulation language (DML) commands such as INSERT, TRUNCATE, and UPDATE. No
DROP commands Commands DROP commands such as DROP CONTEXT, DROP EVENT MONITOR, DROP PROCEDURE, and DROP ROLE. No
GRANT commands Commands GRANT commands such as GRANT, GRANT OBJECT PRIVILEGES, and GRANT SYSTEM PRIVILEGES. No
OS users excluded from analysis OS users OS users excluded from analysis. Yes
REVOKE commands Commands REVOKE commands such as REVOKE, REVOKE OBJECT PRIVILEGES, and REVOKE SYSTEM PRIVILEGES. No
Risk-indicative error messages Errors SQL errors related to security. No
SELECT commands Commands Commands such as SELECT and SELECT LIST. No
Sensitive objects DB fields Sensitive objects such as sales activity. Yes
Server IP + Database + DB Users excluded from analysis Connection This group is used to exclude database users from analytics. A database user is defined here as a combination of a server IP, database name, and database user. All 3 fields, and only these fields, should be filled in. Other fields are ignored. The group can also be populated while closing a Risk Event. See the Risk Events page for details. Yes

Group types

Table 2. Group types
Group type Maps to this Guardium group type
Appliance ID Global ID
Application event string Application event value string
Application users Application user
Commands Commands
Connection  
Database name Database name
Database users Users
DB fields Fields
DB protocol DB protocol
Errors DB error codes
Hostname Client hostname, Server hostname
IP address Client IP, Server IP
Managed units Managed units
Network protocol Net protocol
Operating system Client OS, Server OS
OS users OS user
Server details Server description, Server type, Service name
Source program Source program
Table names Objects