GuardAPI Group Functions

Use these GuardAPI commands to create, list, and delete Datasource Group Functions.

Note: In a Central Management environment, all groups are defined on the Central Manager and sent to the managed units on a scheduled basis.

Group Functions

create_group

list_group_by_id

list_group_by_desc

delete_group_by_id

delete_group_by_desc

update_group_by_id

update_group_by_desc

flatten_hierarchical_groups

Member Functions

create_member_to_group_by_id

create_member_to_group_by_desc

list_group_members_by_id

list_group_members_by_desc

delete_member_from_group_by_id

delete_member_from_group_by_desc

create_group

create_group

Create a group definition.

Parameter Value type Description
desc string Required. Enter a unique description for the new group.
type value list Required. Must be one of the following:

Application Event Value Number

Application Event Value String

Application Event Value Type

Application Item Name

Application Module

Application System ID

Application Transaction Code

APPLICATION USER

Audit Task Type

Client Hostname

Client IP

Client IP/DB User

Client IP/Src App./DB User

Clietn IP/Src App./DB User/Server IP/Svc. Name

Client MAC Address

Client OS

COMMANDS

CVE Pre-defind Tests

Database Name

DB Error Codes

DB PROTOCOL

DB PROTOCOL VERSION

DB Role

DB User/Object/Privilege

DB Ver./Patches

EXCEPTION TYPE

FIELDS

Files Permissions

Global ID

Guardium® Audit Categories

Guardium Role

Guardium Users

Login Succeded Code

NET PROTOCOL

Object/Command

Object/Field

OBJECTS

Operation Type

OS User

PORT

Qualified Objects

Records Affected

SCHEMA

SENTENCE DEPTH

Server Description

Server Hostname

Server IP

Server IP/DB User

Server IP/Server Port

Server IP/Svc. Name/DB User

Server OS

SERVER TYPE

Service Name

SOURCE PROGRAM

SQL Based pre-defined Tests

TeraData Profile/DB User

TTL

USERS

VA Tests Exception

WEEKDAY

YEAR

appid value list Required. Identifies the application for the group. It must be one of the following values:

Public

Audit Process Builder

Baseline Builder
Attention: The Baseline Builder and related functionality is deprecated starting with Guardium V10.1.4.

Classifier

DB2_zOS groups

Express Security

IMS zOS groups

Policy Builder

Security Assessment Builder

 
subtype string Optional. A sub type is used to collect multiple groups of the same group type, where the membership of each group is exclusive. For example, assume that you have database servers located in three datacenters, and that you want to group the servers by location. You would define a separate group of database servers for each location, and define all three groups with the same sub type (datacenter, for example).
category string Optional. A category is an optional label that is used to group policy violations and groups for reporting.
classification string Optional. A classification is another optional label that is used to group policy violations and groups for reporting.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Examples (follow exactly, upper-case and lower-case letters where indicated)

grdapi create_group desc=agroup type=OBJECTS  appid=Public owner=admin
grdapi create_group appid=Access_policy owner=admin  type="OBJECTS"  desc=groupName1 

list_group_by_id

Display the properties of a specific group.

Parameter Value type Description
id integer Required. Identifies the group.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi list_group_by_id id=100003   

list_group_by_desc

Display the properties of a specific group.

Parameter Value type Description
desc   Required. The name of the group to be displayed.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi list_group_by_desc desc=agroup   

delete_group_by_id

Parameter Value type Description
id integer Required. Identifies the group.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi delete_group_by_id id=100005   

delete_group_by_desc

Parameter Value type Description
desc string Required. The name of the group to be removed.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi delete_group_by_desc desc=agroup   

update_group_by_id

Update properties of the specified group.

Parameter Value type Description
id integer Required. Identifies the group to be updated.
newDesc string Optional. Enter a unique description for the new group.
subtype string Optional. A sub type is used to collect multiple groups of the same group type, where the membership of each group is exclusive. For example, assume that you have database servers located in three datacenters, and that you want to group the servers by location. You would define a separate group of database servers for each location, and define all three groups with the same sub type (datacenter, for example).
category string Optional. A category is an optional label that is used to group policy violations and groups for reporting.
classification string Optional. A classification is another optional label that is used to group policy violations and groups for reporting.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi update_group_by_id id=100002 newDesc=beegroup subtype=bee category=be classification=bea  

update_group_by_desc

Update properties of the specified group.

Parameter Value type Description
desc string Required. The name of the group to be updated.
newDesc string Optional. Enter a unique description for the group.
subtype string Optional. A sub type is used to collect multiple groups of the same group type, where the membership of each group is exclusive. For example, assume that you have database servers located in three datacenters, and that you want to group the servers by location. You would define a separate group of database servers for each location, and define all three groups with the same sub type (datacenter, for example).
category string Optional. A category is an optional label that is used to group policy violations and groups for reporting.
classification string Optional. A classification is another optional label that is used to group policy violations and groups for reporting.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi update_group_by_desc desc=beegroup newDesc=beegroupee category=bebebe classification=bebebebe 

flatten_hierarchical_groups

Update ALL hierarchical groups that exist in Group Builder.

Parameter Value type Description
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi flatten_hierarchical_groups

create_member_to_group_by_id

Add a member to a group specified by the group ID.

Parameter Value type Description
id integer Required. Identifies the group to which the member is to be added.
member string Required. The new member name, which must be unique within the group.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi create_member_to_group_by_id  id=100005 member=turkey 

create_member_to_group_by_desc

Add a member to the named group.

Parameter Value type Description
desc string Required. The name of the group to which the member is to be added.
member string Required. The new member name, which must be unique within the group.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi create_member_to_group_by_desc  desc=bgroup  member=turkey

Use these commands to add members to the group

grdapi create_member_to_group_by_desc desc=groupName1 member=member_1 
grdapi create_member_to_group_by_desc desc=groupName1 member=member_2 
grdapi create_member_to_group_by_desc desc=groupName1 member=member_3 
grdapi create_member_to_group_by_desc desc=groupName1 member=member_4 
grdapi create_member_to_group_by_desc desc=groupName1 member=member_5 

Additional group GuardAPI commands

create_hierarchical_member_to_group_by_desc

delete_hierarchical_member_from_group_by_desc

function parameters :

desc - String - required

member - String - required

list_group members_by_id

List the members of the specified group.

Parameter Value type Description
id integer Required. Identifies the group whose members are to be listed.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi list_group_members_by_id  id=100001 

list_group_members_by_desc

List the members of the specified group.

Parameter Value type Description
desc string Required. The name of the group whose members are to be listed.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi list_group_members_by_desc  desc=bgroup   

delete_member_from_group_by_id

Remove a member from a specified group.

Parameter Value type Description
id integer Required. Identifies the group from which the member is to be removed.
member string Required. The name of the member to be removed.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi delete_member_to_group_by_id  id=100005 member=turkey

delete_member_from_group_by_desc

Remove a member from a specified group.

Parameter Value type Description
desc string Required. The name of the group from which the member is to be removed.
member string Required. The name of the member to be removed.
api_target_host string
Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to the unit on which command is executed. Valid values:
  • all_managed: for all managed units
  • all: all managed units and CM
  • group:<group name>: where group name is a group of managed units
  • from CM only, the host name or IP of any managed unit, for example, api_target_host=10.0.1.123
  • from managed unit, the host name or IP of the CM

Guardium V10.1 and 10.1.2: In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Example

grdapi delete_member_from_group_by_desc desc=bgroup member=boston