How to distribute workflow through Guardium groups

Using the receiver group option, define a single Compliance Workflow audit process that will send different results to different Guardium users based on a pre-defined, custom mapping.

Value-added: Setup a single audit process and distribute the appropriate results to the appropriate manager. This saves having to create separate audit processes for separate receivers.

IBM® Security Guardium®’s Compliance Workflow Automation automatically delivers reports, classification results, and security assessment results to Guardium users on a scheduled basis. Result receivers can be defined as Guardium users, Guardium roles or user groups.

For example, consider a large organization that has fifteen DBA managers that need to review the activities for the DBAs they manage without viewing the activities of the other manager’s DBAs. One solution would be to setup fifteen separate audit processes; one for each manager. This would take a lot of time to configure and it is difficult to manage: Each audit process needs to be scheduled separately and any global change would need to be made individually for all fifteen audit processes.

The user group distribution method, on the other hand, permits the setup of a single audit process and distributes the appropriate results to each manager based on a manager/DBA mapping. This process requires more upfront configuration but reduces to maintenance time. Only one audit process needs to be scheduled and changes only need to be applied in one location.

User mapping

The first step in the process is to map the users to the data elements within Guardium that will be the basis for report distribution. The example that will be used in this document will be based on objects, but you can apply these concepts with any data element within Guardium.

Example: Three users have responsibility over three different sets of tables, based on audit requirements (PCI, HIPPA, and CCI) within a database server, as follows:

Table 1. User with Table/Object
User Table/Object
User01 db2inst1.cc_numbers
User01 db2inst1.ccn
User02 db2inst1.ADDRESSES
User02 db2inst1.SSN_NUMBERS
User02 db2inst1.G_CUSTOMERS
User02 db2inst1.G_EMPLOYEES
User02 db2inst1.G_FUNDS
User03 db2inst1.doctor
User03 db2inst1.medicare
User03 db2inst1.med_history

This table must be added as a custom table within Guardium, either manually or through a data upload. The following steps demonstrate how to create a custom table manually. The screenshots are from the “admin” user interface, but they can also be accessed from within the “user” user interface.

  1. Navigate to Reports > Report Configuration Tools > Custom Table Builder and press the Manually Define button.

    Tools, Custom Table Builder
  2. At the Custom Table Builder screen, define the table layout. Make sure that Group Type matches the correct data element in Guardium. Press Apply and Back when complete.

    Custom Table Builder, Apply and Back
  3. Press Edit Data to manually add the records. Note, if you have a large amount of data, choose Upload Data to import from an external data source.

    Edit Data or Upload Data
  4. Press Insert.

    Press Insert
  5. Enter each combination of values and press Insert until you have added all of the required records.

    Combination of values, press insert
  6. When complete, press the Query button to review the data.

    Press query button
  7. Press return when complete.

    Press return

Custom Domains

Next, join this custom table to the Guardium table structure using Custom Domains.

  1. Navigate to Reports > Report Configuration Tools > Custom Domain Builder. Highlight [Custom] Accessand press Clone.
    Tools, Custom Table Builder, Clone
  2. In the Custom Domain Builder:

    1. Highlight the new table created under Available entities.

    2. Highlight the table under Domain entities to which you would like to join the custom table.

    3. Under Join condition choose the fields on each table on which to create the join and press Add Pair.

      Add Pair
  3. Press the arrows (>>) button to move the custom table from Available entities to Domain entities.

    Domain Entities
  4. Press the Detail button to review the joins.

    Detail button
  5. Confirm that the joins are correct and press Close.

    Joins are correct
  6. Press Apply to save the new custom domain.

    Apply to save as new custom domain

Custom Report

Next, create a report to distribute to the users.

  1. Navigate to Reports > Report Configuration Tools > Report Builder and select the new domain from the Domain drop-down menu.

    Tools, Custom Query Builder
  2. Press New.

    Custom query builder, new
  3. Enter a Query Name and Main Entity and press Next.

    New query overall details
  4. Create a new report with a run-time parameter for the user field created in the custom table.

    New Report

User Group

Create a new group of “Guardium Users” based on the custom table.

  1. Navigate to Setup > Tools and Views > Group Builder and create a new group with Guardium Users as the Group Type.

    Tools, Group Builder, Group Type
  2. Add all of the users from the custom table.

    All Users

Audit Process

  1. Create a new Audit Process.

  2. Choose the group created in User Group as the Receiver

  3. Choose the custom report created in step 4 as the task.

  4. In the run-time parameter, enter the special tag “./LoggedUser”. This will cause the results to be distributed based on the custom mapping.

  5. Press Run Once Now to run the Audit Process

    Run once now

When the audit process completes, each receiver should a different result set based the mapping:

Users

User01
User01
User02
User02
User03
User03