Export/Import Definitions

Export/Import Definitions Overview

If you have multiple Guardium systems with identical or similar requirements, and are not using Central Management, you can define the components you need on one system and export those definitions to other systems, provided those systems are on the same Guardium software release level.

You can export one type of definition (reports, for example) at a time. Each element exported can cause other referenced definitions to be exported as well. For example, a report is always based on a query, and it can also reference other items, such as IP address groups or time periods. All referenced definitions (except for security roles) are exported along with the report definition. However, only one copy of a definition is exported if that definition is referenced in multiple exported items.

Notes

Importing Groups

When importing a group that already exists, members may be added, but no members will be deleted.

Importing Aliases

When importing aliases, new aliases may be added, but no aliases will be deleted.

Ownership of Imported Definitions

When a definition is created, the Guardium user who creates it is saved as the owner of that definition. The significance of this is that if no security roles are assigned to that definition, only the owner and the Guardium admin user have access to it.

When a definition is imported, the owner is always changed to admin.

Roles for Imported Definitions

References to security roles are removed from exported definitions. So any imported definitions will have no roles assigned.

Users for Imported Definitions

A reference to a user in an exported definition causes the user definition to be exported.

When definitions are imported, the referenced user definitions are imported only if they do not already exist on the importing system. In other words, existing user definitions are never overwritten. This has several implications, as described in the Duplicate Role and User Implications topic, below.

In addition, imported user definitions are disabled. This means that imported users can receive email notifications sent from the importing system, but they are not able to log into that system, unless and until the Guardium administrator enables that account.

Duplicate Group and User Implications

As mentioned above, if a group referenced by an exported definition already exists on the importing system, the definition of that group from the exporting system will not be not imported. This may create some confusion if the group is not used for the same purposes on both systems.

If a user definition already exists on the importing system, it may not be for the same person defined on the exporting system. For example, assume that on the exporting system the user jdoe with the email address john_doe@aaa.com is a recipient of output from an exported alert. Assume also that on the importing system, the jdoe user already exists for a person with the email address jane_doe@zzz.com. The exported user definition is not imported, and when the imported alert is triggered, email is sent to the jane_doe@zzz,.com address. In either case, when security roles or user definitions are not imported, check the definitions on both systems to see if there are differences. If so, make the appropriate adjustments to those definitions.

Definition Types for Exporting (Table)

The following table identifies elements that can be exported in the first column, and elements that cannot be exported, in the second column.

Can Be Exported

Can NOT Be Exported

Access Map

Baseline or Baseline included in a Policy

Alert

Custom Alerting Class

Alias

Custom Assessment Test

Audit Process

Custom Identification Procedure

Auto-discovery Process

 

CAS Hosts

 

CAS Template Sets

 

Classification Process

 

Classifier Policy

 

Custom Class Connection Permission

 

Custom Domain

 

Custom Table

 

Data Catalog

 

Datasource

 

Group

 

Period (time period)

 

Policy (but not an included Baseline)

 

Privacy Set

 

Query

 

Report

 

Results Catalog

 

Role

 

Security Assessment

 

User

 

Export Definitions

  1. Select Administration Console > Guardium Definitions > Export.

  2. From the Type list, select the single type of definition to export. The Definitions to Export box will be populated with definitions of the selected type.

  3. Select all of the definitions of this type to be exported.

Note: Do not export a Policy definition whose name contains one or more quote characters. That definition can be exported, but it cannot be imported. To export such a definition, make a clone of it, naming the clone without using any quote characters, and export the clone.

  1. Click the Export button. Depending on your browser security settings, you may receive a warning message asking if you want to save the file or to open it using an editor.

  2. Save the exported file in an appropriate location.

  3. Click the Done button when you are finished.

Import Definitions

  1. Select Administration Console > Guardium Definitions > Import.

  2. Enter the name of the file containing the exported definitions, or click the Browse button to locate and select that file.

  3. Click the Upload button. You are notified when the operation completes and the definitions contained in the file will be displayed.

  4. Optionally repeat the previous two steps to upload additional files.

  5. Click (Import this set of Definitions) to import a set of definitions, or click (Remove this set of Definitions without Importing) to remove the uploaded file without importing the definitions.

  6. You will be prompted to confirm either action.

  7. Click the Done button when you have finished importing or removing all uploaded files.

  8. Back to top