add_datasource_to_entitlement_optimization

Adds the data from this datasource to the entitlement optimization data collection, and generates details to the individual entitlement optimization tabs as specified.

This API is available in Guardium V10.1.4 and later.

Use the following table to determine which data to extract for each feature:
Table 1. enable_entitlement_optimization parameters required per analysis type
  What’s New (generateNews) Users and Roles Recommendations (generateRecommendations) Browse Entitlements What If (generateRoleClusters)
extractActivity       X X
extractEntitlement X X X X  

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows: 
PUT https://[Guardium hostname or IP address]:8443/restAPI/addDatasourceToEntitlementOptimization

GuardAPI syntax

add_datasource_to_entitlement_optimization parameter=value

Parameters

Parameter Value type Description
datasourceName String Required. Guardium datasource name.
extractActivity Boolean Required. Datasource is enabled or disabled for entitlement optimization. Set to true to generate data in the Browse Entitlements and What If? tabs. Valid values:
  • 0 (false)
  • 1 (true)
Default = 0
extractEntitlement Boolean Enables or disables extraction of entitlement data. Set to true to generate data in the What's New?, Users and Roles, Recommendations, and Browse Entitlements tabs. Valid values:
  • 0 (false)
  • 1 (true)
Default = 0
filterIgnoreVerbs Boolean

For future use. Ignore verbs are filtered from the data source's collected data. Valid values:

  • 0 (false)
  • 1 (true)
Default = 1
filterTempObjects Boolean

For future use. Temporary objects are filtered from the data source's collected data. Valid values:

  • 0 (false)
  • 1 (true)
Default = 1
generateNews Boolean Activity from this datasource is included in the What's New tab. Valid values:
  • 0 (false)
  • 1 (true)
Default = 0
generateRecommendations Boolean Activity from this datasource is included in the Recommendations tab. Valid values:
  • 0 (false)
  • 1 (true)
Default = 0
generateRoleClusters Boolean Enables or disables extraction of behavioral role clustering from the data source, used in the What If tab. Valid values:
  • 0 (false)
  • 1 (true)

Set to true to generate data in the What If? tab.

Default = 0
isEnabled Boolean Required. Datasource is enabled / disabled, for entitlement optimization. Valid values:
  • 0 (false)
  • 1 (true)
Default = 0
objectScope String Entitlement recommendations show results only for this specified object groups.

Valid values: One or more comma separated Guardium object group IDs (groups must contain only objects).

default = NULL
userScope String Entitlement recommendations show results only for the specified user groups (groups must contain only users).

default = NULL
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

Enable entitlement optimization and generate data for the What's New? tab for data from the datasource SSQLSERVER.
grdapi add_datasource_to_entitlement_optimization datasourceName=SSQLSERVER isEnabled=1 generateNews=1
Enable entitlement optimization and generate data for the What's New? and Browse Entitlements tabs for data from the datasource SSQLSERVER. 
grdapi add_datasource_to_entitlement_optimization datasourceName=SSQLSERVER isEnabled=1 generateNews=1 extractEntitlement=1 extractActivity=1
Adds data from this datasource to the Recommendations tab, filtered for the users in usergroup123 only.
grdapi add_datasource_to_entitlement_optimization datasourceName=SSQLSERVER extractEntitlement=1 generateRecommendations=1 userScope=usergroup123