A privacy set is a collection of elements that merit special monitoring. It consists of one or more object-field pairs - for example, the salary field of the employee table, or all fields of the salary history table. All access to these elements within a given timeframe can be reported.
Select any of the topics above to work with privacy sets.
To access a privacy set definition, your Guardium user account must be assigned a security role that is also assigned to that privacy set definition. Privacy sets that you cannot access will not display in a list of privacy sets.
Do one of the following to open the Identify Privacy Set panel:
Users with the admin role: Select Tools > Config & Control > Privacy Set Builder.
All Others: Select Monitor/Audit > Privacy Sets > Privacy Set builder.
Do one of the following:
Click the New button to define a new privacy set (see Create a Privacy Set).
Select a privacy set from the list, and click one of the following buttons:
Clone - See Clone a Privacy Set.
Modify - Use this button to modify the definition or to run a report based on that definition. See Modify a Privacy Set, or Run a Privacy Set Report.
Remove - See Remove a Privacy Set.
Do one of the following to open the Identify Privacy Set panel:
Users with the admin role: Select Tools > Config & Control > Privacy Set Builder.
All Others: Select Monitor/Audit > Privacy Sets > Privacy Set builder.
Click the New button to open the Privacy Set Definition panel.
In the Privacy Set Description box, enter a unique name for the privacy set. Do not include apostrophe characters in the name. This is the name that will display in the Identify Privacy Set panel.
From the Security Classification drop-down list, optionally select a security classification for this privacy set.
In the Elements in this Privacy Set pane, for each element pair to include:
Enter an object name in the Object box.
Enter a field name in the Field box, or mark the Any Field in this Object box to include all fields contained in the specified object (above).
Click the Add this new Object – Field Pair button.
When all elements have been added, click the Save button.
Optionally click the Roles button to add Roles. See Security Roles.
Optionally click the Comments button to add comments. See Comments.
Open the privacy set to be modified, in the Privacy Set Builder. See Open the Privacy Set Builder.
Make any changes to the privacy set definition, as necessary. For a description of all fields, see Create a Privacy Set, above.
Click the Save button.
Click the Done button when finished.
Open the privacy set to be cloned, in the Privacy Set Builder. See Open the Privacy Set Builder.
The cloned privacy set will be named COPY OF selected privacy set. We suggest that you change this to something more meaningful. Do not include apostrophe characters in the name.
Make any additional changes to the privacy set definition, as necessary. For a description of all fields, see Create a Privacy Set, above.
Click the Save button.
Click the Done button when finished.
Note that you cannot remove a privacy set that is being used in a compliance workflow automation process.
Select the privacy set to be removed, in the Identify Privacy Set panel. See Open the Privacy Set Builder.
Click the Remove button and confirm the action.
Click the Done button.
This procedure describes how to run a privacy set report on demand. To schedule a privacy set report, include it in a compliance workflow (see Compliance Workflow Automation).
Open the privacy set for the report, in the Privacy Set Builder. See Open the Privacy Set Builder.
Click the Run button.
In the Task Parameters pane, enter the starting and ending times for the task.
Select Report by Access Details, or Report by Application User, to specify how the results should be displayed. The first option is the default, in which case a count of accesses is shown for each combination of client IP, server IP, server (name), server type, database protocol, source program name, and database user name. If Application User is selected, the report will contain a separate column with that name (following DB User Name) and the output will be additionally qualified by the application user.
Click the Run Once Now button. After the report has been executed, it will be displayed in a separate window.
Click the Done button.