Privacy Sets

Privacy Sets Overview

A privacy set is a collection of elements that merit special monitoring. It consists of one or more object-field pairs - for example, the salary field of the employee table, or all fields of the salary history table. All access to these elements within a given timeframe can be reported.

Select any of the topics above to work with privacy sets.

Open the Privacy Set Builder

To access a privacy set definition, your Guardium user account must be assigned a security role that is also assigned to that privacy set definition. Privacy sets that you cannot access will not display in a list of privacy sets.

  1. Do one of the following to open the Identify Privacy Set panel:

  2. Do one of the following:

Create a Privacy Set

  1. Do one of the following to open the Identify Privacy Set panel:

  2. Click the New button to open the Privacy Set Definition panel.

  3. In the Privacy Set Description box, enter a unique name for the privacy set. Do not include apostrophe characters in the name. This is the name that will display in the Identify Privacy Set panel.

  4. From the Security Classification drop-down list, optionally select a security classification for this privacy set.

  5. In the Elements in this Privacy Set pane, for each element pair to include:

  6. When all elements have been added, click the Save button.

  7. Optionally click the Roles button to add Roles. See Security Roles.

  8. Optionally click the Comments button to add comments. See Comments.

Modify a Privacy Set

  1. Open the privacy set to be modified, in the Privacy Set Builder. See Open the Privacy Set Builder.

  2. Make any changes to the privacy set definition, as necessary. For a description of all fields, see Create a Privacy Set, above.

  3. Click the Save button.

  4. Click the Done button when finished.

Clone a Privacy Set

  1. Open the privacy set to be cloned, in the Privacy Set Builder. See Open the Privacy Set Builder.

  2. The cloned privacy set will be named COPY OF selected privacy set.  We suggest that you change this to something more meaningful. Do not include apostrophe characters in the name.

  3. Make any additional changes to the privacy set definition, as necessary. For a description of all fields, see Create a Privacy Set, above.

  4. Click the Save button.

  5. Click the Done button when finished.

Remove a Privacy Set

Note that you cannot remove a privacy set that is being used in a compliance workflow automation process.

  1. Select the privacy set to be removed, in the Identify Privacy Set panel. See Open the Privacy Set Builder.

  2. Click the Remove button and confirm the action.

  3. Click the Done button.

Run a Privacy Set Report

This procedure describes how to run a privacy set report on demand. To schedule a privacy set report, include it in a compliance workflow (see Compliance Workflow Automation).

  1. Open the privacy set for the report, in the Privacy Set Builder. See Open the Privacy Set Builder.

  2. Click the Run button.

  3. In the Task Parameters pane, enter the starting and ending times for the task.

  4. Select Report by Access Details, or Report by Application User, to specify how the results should be displayed. The first option is the default, in which case a count of accesses is shown for each combination of client IP, server IP, server (name), server type, database protocol, source program name, and database user name. If Application User is selected, the report will contain a separate column with that name (following DB User Name) and the output will be additionally qualified by the application user.

  5. Click the Run Once Now button. After the report has been executed, it will be displayed in a separate window.

  6. Click the Done button.

  7. Back to top