Question & Answer
Question
When attempting to delete a group from Central Manager GUI on IBM Guardium, a pop-up message may indicate the Access Rule/Policy set that using the group is installed. This may occur even if the Access Rule/Policy set has been uninstalled before deleting the group. Why does this message happen ?
Cause
The pop-up message shows up as below:
The above message text is as follows
- This group cannot be deleted. It is being used by:
Access Rule: <Access Rule> installed at <datetime> - xxx
Answer
When the Policy is installed to Managed Units, Central Manager will create and retain another instance of the Access Rule/Policy set internally. The instance is not removed when the main instance of the Policy is un-installed from Managed Units as well as deleted from UI, and it will be removed according to the relevant purge period.
After the purge period, the group can be deleted without the above pop-up.
If there is an urgent need for deleting the group, the purge period can be shortened by following steps :
1. With CLI, issue command
show purge objects age
2. In the list shown, identify the index number of "Central Management Temporary Policies" as well as how many DAYs are set.
3. Issue command below where index is the above identified number, and age is shorter than the DAYs.
store purge object age <index> <age>
* Note - Before the group can be deleted a purge will need to have run on the object - usually overnight
Detail of the command can be found under store purge object in Configuration and Control CLI Commands page of online help file.
Was this topic helpful?
Document Information
Modified date:
04 September 2019
UID
swg21971333