Identify Users via Stored Procedures

In many existing applications, all of the information needed to identify an application user can be obtained from existing database traffic, from stored procedure calls. Once Guardium knows what calls to watch for, and which parameters contain the user name or other information of interest, users can be identified automatically.

In the simplest case, an application might have a single stored procedure that sets a number of property values, one of which is the user name. A call to set the user name might look like this:

set_application_property('user_name', 'JohnDoe');

In a custom procedure mapping (described later), you can tell Guardium to:

There may be multiple stored procedures for an application: one to start an application user session, one to end a session, and others to signal key events particular to that application. Guardium’s custom identification procedure mechanism can be used to track any application events you want to monitor.

Since each of your applications may have a different way of identifying users, you may have to define separate custom identification procedure mappings for each application. To do that, follow the procedure outlined, below.

Define a Custom Identification Procedure Mapping

  1. Select Administration Console > Manage Custom ID Procedures.

  2. To view an existing mapping, hold the mouse pointer over the More Info column icon for the row containing the map you want to view.

  3. To add a mapping, click on the Add Mapping pane title to expand that pane.

  4. In the Custom Map Name box, enter the name to be used for this mapping.

  5. In the Procedure Name box, enter the name of the database procedure that will supply information.

  6. Select Set or Clear from the Action list to indicate whether the procedure call will set or clear application values. The Event Type Position field has a special use when the Clear action is selected (see below).

  7. If application information can be obtained from an existing stored procedure call, but only under one or two conditions:

  8. For a Clear action:

  9. For a Set action, use the Parameter Position pane to indicate which stored procedure parameters map to which Guardium application event attributes. The first procedure parameter is numbered 1. Use 0 (zero – the default) for all attributes that are not set by the call.

  10. In the Server Information pane:

  11. When you are done, click the Add button to add the mapping to the list.