Database Entitlement Reports

Entitlement reviews are the process of validating and ensuring that users only have the privileges required to perform their duties.

Along with authenticating users and restricting role-based access privileges to data, even for the most privileged database users, there is a need to periodically perform entitlement reviews, the process of validating and ensuring that users only have the privileges required to perform their duties. This is also known as database user rights attestation reporting.

Use Guardium’s predefined database entitlement (privilege) reports (for example) to see who has system privileges and who has granted these privileges to other users and roles. Database entitlement reports are important for auditors tracking changes to database access and to ensure that security holes do not exist from lingering accounts or ill-granted privileges.

Custom database entitlement reports have been created to save configuration time and facilitate the uploading and reporting of data from the following databases: Oracle; MYSQL; DB2®; SYBASE; SYBASE IQ; Informix®; MS SQL 2000/2005/2008; Netezza®; Teradata; and, PostgreSQL; DB2 on z/OS.

For Microsoft SQL Server and Oracle databases you can also use Entitlement Optimization to access this information.

Follow these steps to use Guardium’s predefined database entitlement (privilege) reports with up-to-date snapshots of database users and access privileges:
  1. Add datasources/databases to the appliance (navigate to Comply > Custom Reporting > Custom Domain Builder.
  2. Assign datasources to entitlements (navigate to Comply > Custom Reporting > Custom Table Builder. Select the custom table listing of your entitlement. Click Upload Data. Assign datasources to the entitlement report at the Import Data menu screen. When done, click Run Once Now.
  3. To see entitlement reports, log on the user portal, and go to the DB Entitlements tab.

DB Entitlement Reports use the Custom Domain feature of Guardium® to create links between the external data on the selected database with the internal data of the predefined entitlement reports. See External Data Correlation for further information on Custom Domain Builder/Custom Query Builder/Custom Table Builder.

The predefined entitlement reports are listed in Database Entitlement Reports.

Parent topic: Monitor and Audit