Each Guardium application can be assigned one or more security roles. Assigning an application to a role is the only way to grant a user access to that Guardium application. The term application in this context can refer to a single tool or to a collection of tools grouped on a tab or menu.
In Central Manager environments, all Users, Security Roles, and Application Role Permissions are stored on the Central Manager. The Guardium administrator logged on to the Central Manager or any managed unit can modify the Application Role Permissions stored on the Central Manager.
Select Access Management > Role Permissions to open the Assign Roles to Applications panel. This panel lists all applications, and provides a Roles button that can be used to display or modify the roles assigned to that application. (The complete set of applications is described below, under Applications List.)
To assign a role to an application, click that role’s Roles button to open the Assign Security Roles panel.
Mark all roles to which you want to grant permission for this application.
Click the Save button.
Click the Back button when you are done.
|
Application |
Description |
|
Access Map Application |
In the default user layout, provides access to the Access Map Application. Default roles: All Access: admin: n/a Access: user: View > Access Map |
|
Access Map Builder/Viewer |
Build and view access maps, showing which clients access which servers. Default roles: All Access: admin: Tools > Config & Control > Access Map Builder/Viewer Access: user: View > Access Map > Access Map builder |
|
Access Tracking |
Provides access to the Access Tracking Query Builder, which allows you to create queries on in the Access Tracking domain. Default roles: All Access: admin: Tools > Report Building > Access Tracking Access: user: |
|
Administration Console |
Provides access to the Administration Console tab on the default admin layout. This tab contains a menu of activities generally reserved for admin role users Default roles: admin Access: admin: Administration Console Access: user: n/a |
|
Agg/Archive Activity Tracking |
Provides access to the Aggregation/Archive query builder, which allows you to create queries on entities related to the aggregation and archive process. Default roles: admin Access: admin: Tools > Report Building > Aggregation/Archive Tracking Access: user: n/a |
|
Alert Builder |
Provides access to the Alert Builder, which is used to create correlation alerts. Default roles: All Access: admin: Tools > Config & Control > Alert Builder Access: user: Protect > Correlation Alerts > Alert builder |
|
Alert Tracking |
Provides access to the Alert Tracking query builder. Default roles: All Access: admin: Tools > Report Building > Alert Tracking Access: user: Protect > Correlation Alerts > Alert tracking builder |
|
Alias Builder |
Provides access to the Alias Builder application. This is separate from the Alias Quick Definition application, which is available on reports on which aliases are enabled. Default roles: All Access: admin: Tools > Config & Control > Alias Builder Access: user: Monitor/Audit > Build Reports > Alias builder |
|
Allow Full SQL Drill Down |
Provides access to drill-down reports that display full SQL. Default roles: All Access: admin: n/a Access: user: n/a |
|
Application Tracking |
Provides access to the application tracking domain Default roles: admin Access: admin: Tools > Report Building > Application Tracking Access: user: n/a |
|
Application User Responsibility Detection |
Provides access to the application user ID detection application Default roles: admin Access: admin: Tools > Report Building > Audit Process Tracking Access: user: n/a |
|
Audit Database Builder |
Provides access to the audit database builder, which is a component of the value change auditing system. Default roles: admin Access: admin: Tools > Config & Control > Value Change Database Builder Access: user: n/a |
|
Audit Process Builder |
Provides access to the Compliance Workflow Automation Process Builder, which allows you to create and run audit processes. Default roles: All Access: admin: Tools > Config & Control > Audit Process Builder Access: user: Comply > Audit Process builder |
|
Audit Process To-Do List |
Provides access to the Audit Process To-Do List application. This application behaves differently for the admin role user. The admin user is allowed to select which user's To-Do List to view. Default roles: All Access: admin: Tools > Config & Control > Audit Process To-do List Access: user: Comply > To-do list |
|
Audit Process Tracking |
Provides to the Audit Process Tracking query builder, which can be used to report on the status of compliance workflow automation processes (including sign-off and viewing history). Default roles: All Access: admin: Tools > Report Building > Audit Process Tracking Access: user: Can be added to a custom layout |
|
Auditing Application |
Provides access to the Compliance Automation tab, which is used to build compliance workflow automation processes. Default roles: All Access: admin: n/a Access: user: Comply (the Compliance Automation application opens by default) |
|
Auto-discovery Configuration |
Provides access to the database auto-discovery configuration application. Default roles: All Access: admin: Tools > Config & Control > Auto-discovery Configuration Access: user: Discover > DB Discover > Auto-discovery Configuration |
|
Auto-discovery Query Builder |
Provides access to the Auto-discovery Query Builder Default roles: All Access: admin: Tools > Report Building > Auto-discovery Tracking Access: user: Discover > DB Discover > Auto-discovery Query Builder |
|
Baseline Builder |
Provides access to the Baseline Builder, which is used to create, generate and maintain baseline definitions. Default roles: All Access: admin: Tools > Config & Control > Baseline Builder Access: user: Protect > Security Policies > Baseline builder |
|
CAS Application |
Provides access to the CAS Application tab (Config. Change Control). Default roles: admin, audit, cas Access: admin: n/a Access: user: Assess/Harden > Config. Change Control |
|
CAS Configuration |
Provides access to the CAS configuration application (used to build templates and host configurations) Default roles: All Access: admin: Tools > Config & Control > CAS Template Config, CAS Host Config Access: user: Assess/Harden > Config. Change Control > CAS Template set config, CAS host config |
|
CAS Lost Target |
Provides access to the Change Audit System Lost Target tool Default roles: All Access: admin: n/a Access: user: n/a |
|
CAS Query Builder |
Provides access to the CAS query builders. Default roles: All Access: admin: Tools > Report Building > CAS Changes Tracking, CAS Host History Tracking, CAS Config Tracking, CAS Templates Tracking Access: user: Assess/Harden > Config. Change Control > CAS results tracking builder, CAS config. tracking builder |
|
Catalog |
Provides access to the Catalog application for archive and restore operations.. Default roles: admin Access: admin: Administration Console Access: user: n/a |
|
Classifier |
Provides access to the Classification application. Default roles: All Access: admin: Tools > Config & Control > Classifier Policy Builder, Classification Process Builder Access: user: Discover > Classification > Classifier Policy Builder, Classification Process Builder |
|
Comment Tracking |
Provides access to the Comments tracking domain. Default roles: All Access: admin: Tools > Report Building > Comments Tracking Access: user: Monitor/Audit > Build Reports > Comment tracking builder |
|
Custom Domain Builder |
Provides access to the Custom Table builder. Default roles: All Access: admin: Tools > Report Building > Custom Domain Builder Access: user: Monitor/Audit > Build Reports > Custom domain builder |
|
Custom Query Builder |
Provides access to the Custom Query builder. Default roles: All Access: admin: Tools > Report Building > Custom Query Builder Access: user: Monitor/Audit > Build Reports > Custom query builder |
|
Custom Reporting |
Provides access to the Custom Reporting application tab. Default roles: All Access: admin: n/a Access: user: Monitor/Audit > Build Reports (Custom reporting opens by default) |
|
Data Access Policy Application |
Provides access to the Data Access Policy application. Default roles: All Access: admin: Tools > Config & Control > Policy Builder Access: user: Monitor/Audit > Build Audit Policies |
|
Database Analyzer |
Enables the Auto Generated Calling Prox button of the Group Builder, which allows access to the Database Analyzer. This can be used to populate groups of objects or fields by analyzing stored procedures. The stored procedures can be analyzed by accessing the database where they are defined, or as they are encountered in the database traffic. Default roles: All Access: admin: n/a (via Group Builder) Access: user: n/a (via Group Builder) |
|
Database Intrusion Detection |
Provides access to the Database Intrusion Detection application tab. Default roles: All Access: admin: n/a Access: user: Protect > Correlation Alerts (opens by default) |
|
Database Security Assessment |
Provides access to the Database Security Assessment application. Default roles: All Access: admin: Access: user: |
|
Datasource Builder |
Provides access to the Datasource Builder. Default roles: All Access: admin: Tools > Config & Control > Datasource Definitions Access: user: From various applications using datasources |
|
DB2 zOS Groups |
Provides access to predefined DB2 zOS Groups Default roles: None Access: admin: n/a Access: user: n/a |
|
Exception Tracking |
Provides access to the Exception Tracking query builder. Default roles: All Access: admin: Tools > Report Building > Exceptions Tracking Access: user: Monitor/Audit > Build Reports > Exceptions tracking builder |
|
Flat Log Query Builder |
Provides access to the Flat Log query builder. Default roles: None Access: admin: Tools > Report Building > Flat Log Tracking Access: user: Monitor/Audit > Build Reports > Flat Log tracking builder |
|
Group Builder |
Provides access to the Group Builder. Default roles: All Access: admin: Tools > Config & Control > Group Builder Access: user: Monitor/Audit > Build Reports > Group builder |
|
Group Tracking |
Provides access to the Group Tracking query builder. Default roles: All Access: admin: Tools > Report Building > Group Tracking Access: user: Monitor/Audit > Build Reports > Group tracking builder |
|
Guardium Access Management |
Provides access to the Guardium Access Management application. Default roles: accessmgr Access: admin: n/a Access: user: n/a |
|
Guardium Activity Tracking |
Provides access to the Guardium Activity Tracking query builder. Default roles: admin Access: admin: Tools > Report Building > Guardium Activity Tracking Access: user: n/a |
|
Guardium Login Tracking Builder |
Provides access to the Guardium Login Tracking query builder. Default roles: admin Access: admin: Tools > Report Building > Guardium Login Tracking Access: user: n/a |
|
Guardium User Role App Tracking |
Provides access to the Guardium User Role App Tracking query builder. Default roles: admin Access: admin: Tools > Report Building > User/Role/Application Tracking Access: user: n/a |
|
Installed Policy Tracking |
Provides access to the Installed Policy Tracking query builder. Default roles: all Access: admin: Tools > Report Building > Installed Policy Tracking Access: user: n/a |
|
Investigation Data Restore |
Provides access to the Investigation Data Restore application Default roles: inv Access: admin: n/a Access: user: n/a |
|
Policy Builder |
Provides access to the Data Access Policy Builder application. Default roles: All Access: admin: Tools > Config & Control > Policy Builde Access: user: Monitor/Audit > Build Audit Policies |
|
Policy Violation Query Builder |
Provides access to the Policy Violation query builder. Default roles: All Access: admin: Tools > Report Building > Policy Violations Tracking Access: user: Monitor/Audit > Build Reports > Policy violations tracking builder |
|
Privacy Compliance |
Provides access to the Privacy Compliance application. Default roles: All Access: admin: n/a Access: user: Comply tab |
|
Privacy Set Builder |
Provides access to the Privacy Set Builder. Default roles: All Access: admin: Tools > Config & Control > Privacy Set Builder Access: user: Comply > Privacy set builder |
|
Report Builder |
Provides access to the Report Builder application. Default roles: All Access: admin: Tools > Config & Control > Report Builder Access: user: Comply > Report builder |
|
Retrospective Request |
Provides access to the Retrospective Request tool. Default roles: None Access: admin: n/a Access: user: n/a |
|
Rogue Connections Tracking |
Provides access to the Rogue Connections query builder. Default roles: All Access: admin: Tools > Report Building > Rogue Connections Tracking Access: user: Monitor/Audit > Build Reports > Rogue connections tracking builder |
|
Security Assessment Builder |
Provides access to the Security Assessment Builder. Default roles: All Access: admin: Tools > Config & Control > Security Assessment Builder Access: user: Assess/Harden > Vulnerability Assessment > Assessment builder |
|
Sniffer Buffer Usage Tracking |
Provides access to the Sniffer Buffer Usage Tracking query builder. Default roles: None Access: admin: Tools > Report Building > Sniffer Buffer Usage Tracking Access: user: n/a |
|
Trigger Builder |
Provides access to the Value Change Auditing configuration tool (which builds triggers on database servers). Default roles: All Access: admin: Tools > Config & Control > Value Change Database Builder, Value change Auditing Builder. Access: user: n/a |
|
Value Change Tracking |
Provides access to the Value Change Tracking query builder. Default roles: admin Access: admin: Tools > Report Building > Value Change Tracking Access: user: n/a |