How to code the wildcard filter for Guardium S-TAP for DB2 on z/OS

Question & Answer

Question

In order to set all objects as the collecting targets, how shoud we specify in the DB2 Collection profile? Is it ok just to specify '%' in "Object" or should it be such like "%/%.%"?

Answer

All rules in policy must have a value or group in the "object" field (%/%.% or greater restriction). To specify the DB2 table filters, this field requires the use of 2-part syntax in the form:

read/schema.table

The first part of the syntax ("read" in the example above) specifies the context. Reads, changes, or both (%) will be collected for the specified table. A slash separates the two parts. The second part of syntax is schema.table name.

Wild cards supported: yes
Value groups supported: yes
Excludes supported: no
A blank entry is invalid for Object. If no table filtering is desired, a value of %/%.% should be specified.
Context is not case-sensitive.
Values are case-sensitive. (Most values in DB2 are upper case)
Multiple values can be specified by either:
semicolon delimited values
single entries in values groups

Additional examples:
Example 1: read/SCHEMA.%
Example 2: change/%.CUSTOMER
Example 3: read/SCHEMA.%; change/%.CUSTOMER
Example 4: %/%.%

Note: %/%.% - value is used to audit all tables (read/update). The value %/%.% makes policy eligible for stage 1 filtering. Explicit values like %/CUSTOMER.CREDIT will cause Stage 2 filtering."

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium S-TAP for DB2 on z\/OS","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

How to code the wildcard filter for Guardium S-TAP for DB2 on z/OS

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?