Global profile

The Global Profile page defines defaults that apply to all users.

Getting started with the global profile

To open the Global Profile page, browse to Setup > Tools and Views > Global Profile.

Use the Global Profile page to set defaults for your Guardium® system. You can add your own header and footer to reports, upload your company logo, create a default message template, and much more.
Note: Whenever you change information on the Global Profile, you need to scroll to the end of the page and click Apply for the change to take effect.

Changing settings for aliases and PDFs

You can change the following settings for aliases and PDF footers:

  • Use aliases in reports unless otherwise specified: An alias provides a synonym that substitutes for a stored value of a specific attribute type. Aliases are commonly used to display a meaningful or user-friendly name for a data value. For example, Financial Server might be defined as an alias for IP address 192.168.2.18.

    When selected, Guardium uses available aliases for all reports.

  • PDF footer text: PDF files created by various Guardiumcomponents (such as audit tasks) have a standard page footer. To customize the footer, enter your text into the PDF footer text box. PDF footer text that you define on a central manager or aggregator is not distributed to managed units.

Managing alert message templates

Message templates determine the content of alerts. You can create multiple message templates from the Global Profile, and use them with different rules as needed.
Note: For more information about creating and managing message templates, see The alert message template.
  • Default message template: Displays the default message template for alerts.
  • No wrap: Select to remove word wrap from the message template. Use this feature to see where the line breaks appear in the message.
  • Named template: Click Edit to create new templates and manage or edit existing named templates. For more information, see The alert message template.

Specifying a CSV separator

Specify a CSV separator for all CSV output (such as audit processes):

  • CSV separator: Select Comma, Semicolon, Tab, or click Other to define your own separator.

Adding text to the Guardium window

  • HTML - left and HTML - right: Enter HTML-formatted text to include at the bottom of the Guardium window.

    To verify that your HTML displays as you expect, click Preview.

  • Create a login message and other elements to display when (or before) a user logs in:
    • Show login message: Select to display the login message (or clear to disable the display).
    • Login message: Add a plain text message to display each time that a user logs in.
    • Pre-login message (HTML): Add an HTML-formatted message that displays after a user opens the Guardium window but before they log in.
      Note: If you include an image, the image also displays in the pre-login message. For more information, see Upload logo image.
    • Header and footer banner (HTML): Add HTML-formatted banners to the Guardium login page. By default, the header and footer display at the top and the lower left of the Guardium UI. However, you can use HTML to change the alignment, color, and other elements for your requirements.

Managing other Guardium properties

  • Concurrent login from different IP: By default, the same Guardium user can log in to an appliance from multiple IP addresses. Use this feature to disable concurrent logins from the same user. When disabled, each user can log in from only one IP address at a time. If a user closes their browser without logging out, the connection times out due to inactivity, so the user account is not blocked for long.
    Note: When this feature is enabled, Unlock displays. For support purposes, you can unlock the account to allow a second user to log in with this user account from a different IP address.
  • Data level security filtering: Enable this feature when specific Guardium users are responsible for specific databases. Use data-level filtering to filter results system-wide so that each user can see only the information from databases for which that user is responsible.
    Note: If data level security at the observed data level is enabled, then audit process escalation is allowed only to users at a higher level in the user hierarchy.
  • Default Filtering: If data-level security filtering is enabled, you can set the default filtering options for the logged-in viewer.
    • Show all: The logged-in viewer can see all of the rows in the result regardless of who these rows belong to. When used with the datasec-exempt role, allows an override of the data level security filtering.
    • Include indirect records: The logged-in viewer can see the rows that belong to the logged-in user, and all rows that belong to users in the user hierarchy under the logged-in user.
    Note: The datasec-exempt role is activated when data level security is enabled and the datasec-exempt role is assigned to a user. For more information, see Understanding Roles.
    Restriction: Data Level Security and the Investigation Dashboard cannot be enabled concurrently.
  • Escalate result to all users: When enabled (the default), audit process results (and PDF versions) are escalated to all users, even if data level security at the observed data level is enabled. If not enabled, then audit process escalation is allowed only to users at a higher level in the user hierarchy and to users with the datasec-exempt role. If disabled (cleared), and no user hierarchy is available, then no escalation is allowed.
  • Custom database table maximum size (MB): Set the size of the custom database table (in MB). The Default value is 4000 MB. In addition, click Current Usage to display the current values for InnoDB, MyISAM, and the combined total.
    Note: The custom size limit is tested before data is imported. If a data import exceed the new limit, Guardium prevents the next import.
  • FTP/SCP Ports Export: Change a port to send files over FTP or Secure Copy Protocol (SCP). You can change the ports for export and patch backup. The default port for FTP is 21. The default port for SSH/SCP/SFTP is 22.
    Note: A zero indicates that Guardium uses the default port.
  • Encrypt Must Gather output: Guardium collects certain data (MustGather information) that IBM support uses if something goes wrong. Select to encrypt MustGather output. Clear to compress, but not encrypt the output.

    You can also turn MustGather encryption on and off from the CLI. For more information, see store encrypt_must_gather.

  • Check for Guardium updates: When selected, information about relevant ad hoc Guardium patches, GPUs, CFPs, bundles, Sniffer patches, and security patches display when you click the Messages icon.
    Note: After you install a patch, it is removed from the list.
  • Datasource connection timeout (seconds): Set the datasource connection timeout. The default is 60 seconds.

When you are done making changes, click Apply to save your changes to the global profile.

Uploading a new logo

You can add or delete a graphic on the Guardium window.

  • To delete the current logo, click Delete.
  • To add a file, click Browse to select a file to upload to theGuardium appliance. Then, click Upload.
  • When you refresh your browser window, the new image is scaled to 60 x 54 pixels and displays in the upper right corner of the Guardium UI. If you have a pre-login message, the image also displays in the message.
    Note: The file name cannot include any of the following characters: Single quotation mark ('), double quotation mark ("), less than sign (<), or greater than sign (>).