Datasources are used by a number of applications and tools, such as Vulnerability Assessment and Classification. A datasource identifies a specific database or file on a remote system. Datasources can be shared, but access is restricted according to the roles assigned to both the datasource and the application that uses it.
If a datasource is used for scheduled tasks, the account login information must be stored with the definition. When defined, this information is encrypted on the internal Guardium database.
Each datasource is created for a type of application (Classification, for example). Different Guardium applications require different types of database access. For example, the Value Change Auditing application requires a very high level of administrative access to the database, and it would not be appropriate to use that datasource for other applications not requiring that level of privileges. A label in parentheses following the datasource name always indicates the type of application for which the datasource was defined (Security Assessment, or Custom Tables, for example).
By default, datasources can be defined by any user, at any point where a datasource must be selected for use by an application. To define a datasource:
Do one of the following to open the Datasource Finder panel:
Administrators: Click the Tools tab, click the Config & Control tab, select Datasource Definitions from the menu, select the appropriate application for the datasource from the Application list, and click the Next button.
All Others: Click the Add Datasource button on the application definition panel.
On the Datasource Finder panel, click the New button to open the Datasource Definition panel.
Enter a unique name for the datasource in the Name box. We suggest including both the database type and server name in the datasource name (for example: sybase15-on-merlin).
From the Database Type list, select the database or file type. For some applications, the datasource must be a database (and not a text file). Depending on the selection made, some subset of the remaining fields on the panel will be disabled, and the labels of some fields will change depending on the type selected from the Database Type list.
Note: In some cases the datasource will fail to connect, due to invalid character set properties (see the Connection Property field description, below).
Mark the Share Datasource box to share this datasource with other applications. To share the datasource with other users, assign security roles (see below).
Mark the Save Password box to save the password (encrypted) on the Guardium appliance. This is required if any application using this datasource will run as a scheduled task (as opposed to an on-demand, run-once-now job). When this box is marked, the Login Name and Password (below) are required.
In the Login Name box, enter a database user account on this datasource. Depending on the use intended for this datasource, this account may need to have administrator privileges (check the documentation for the component that will use the datasource).
In the Password box, enter a password for the above Login Name. The password will be encrypted on the Guardium appliance, and will never be stored or displayed in clear text.
Do one of the following:
For a non-text Database Type, in the Host Name/IP box, enter the host name or IP address for the datasource.
For a text Database Type, in the Host[:port]/directory box, enter the host or IP address of the text file, followed by an optional port number, and the directory for the file (the file name will be entered below, in the File Name box).
Enter the port number in the Port box. If omitted, the port number defaults to one of the following, based on the database type:
DB2: 50000
Informix: 1526
MS SQL Server: 1433
MySQL: 3306
Oracle: 1521
Sybase: 4100
Text (all variations): none
In the Service Name box, enter the service name (Oracle only).
In the Database Name box, enter the database name (DB2 only).
In the Informix Server box, enter the Informix server name (Informix only).
Do one of the following:
For a non-text Database Type, in the Database box, enter the database name (Informix, Sybase, or MS SQL Server only). If left blank for Sybase or MS SQL Server, it defaults to master.
For a text file Database Type, in the File Name box, enter the file name.
Use the Connection Property box only if additional connection properties must be included on the JDBC URL to establish a JDBC connection with this datasource. The required format is property=value, where each property and value pair is separated from the next by a comma. Known uses for this property are described below:
For a Sybase
database with a default character set of Roman8, enter the following property:
CHARSET=utf8
The CSV pane only appears when Text has been selected in the Database Types list. Use this pane to override the defaults for CSV files, as necessary for the file being accessed:
CSV Separator - Default value is comma (,).
CSV Header - Default is none.
Click the Save button to save the datasource definition (you cannot add roles or comments until the definition has been saved).
Optionally click the Roles button to assign roles for the datasource. See Assign Security Roles.
Optionally click the Comments button to add comments to the definition. See Commenting.
Click the Done button when you are finished with the definition.
The Datasource Finder panel
displays all datasources that are available. If multiple datasources can
be selected for the application from which the Finder was opened, there
is a message at the bottom of the list box:
Select multiple items using Shift- or Ctrl-click
If that message does not appear, only one datasource may be selected for
this application.
If the datasource you want to use does not display in the list, and you believe that one has been defined for the purpose, there are several possible explanations:
If a datasource is defined without the Shared Datasource box marked, and that datasource was created for an application (Classifier, for example) other than the current application Value Change Auditing, for example), that datasource will not be listed.
If a datasource has user roles assigned, and you do not have one of those roles assigned to your Guardium user account, that datasource will not be listed. Contact your Guardium administrator for more information.
After selecting one or more datasources, click the Add button to close the panel and return to the application from which the Datasource Finder was opened. The selected datasources will be added to the component definition.
There are two special predefined reports relating to datasources, that are available to all users:
The Data Sources report lists all datasources defined.
The Data Source Version History report lists database version and patch information (if available) for the database.
The queries these reports are based upon are internal to Guardium, and cannot be modified. Access to the reports depends on the Guardium role assigned.
Click the Discover tab.
Click the DB Discovery tab
Select Data Sources or Data Source Version History from the menu.
Click the Daily Monitor tab, and select Datasource Definitions from the menu.
To view the Data Source Version History report, double-click on any row of the Datasource Definitions report, and select Data Source Version History.