Question & Answer
Question
How to validate and ensure that users have the privileges/grants/roles required to perform their duties?
Cause
Along with authenticating users and restricting role-based access privileges to data, there is a need to periodically perform entitlement reviews, the process of validating and ensuring that users only have the privileges required to perform their duties.
Custom database entitlement reports have been created to save configuration time and facilitate the uploading and reporting of data from the following supported databases which can be found here https://www.ibm.com/support/knowledgecenter/en/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-appendices_help1_book/topics/database_entitlement_reports.html.
Note :DB Entitlements Reports are optional components enabled by product key. If these components have not been enabled, the reports will not appear in the Custom Domain Builder/Custom Domain Query/Custom Table Builder selections.
Answer
1) Navigate to Comply > Custom Reporting > Custom Table Builder.
2) This will open the window for Custom Table Builder :Select the "ORA SYSDBA and SYSOPER Accnts" click on "Upload Data" highlighted as below:-
Note : As this is a default table created by Guardium , you don't need to Define/Create the table .
3 ) Add the Data-source for which you have to validate the users.
-Click on Add Datasource.
4) Select the desired Data-source here its Oracle and Click on Add.
5) Data-source will get added and be seen as below : -
-Click on Apply to save the changes
To get the below message :
6) Create a user on Oracle and Grant the below privileges using sysdba account.
create user sqlguard identified by *******;
The following list (with comment line heading) details the minimal privileges required, in the database table (or view of the database table), in order for the entitlement to work.
/* Select privilege to these tables/views is required */
grant select on sys.dba_tab_privs to sqlguard;
grant select on sys.dba_roles to sqlguard;
grant select on sys.dba_users to sqlguard;
grant select on sys.dba_role_privs to sqlguard;
grant select on sys.dba_sys_privs to sqlguard;
grant select on sys.obj$ to sqlguard;
grant select on sys.user$ to sqlguard;
grant select on sys.objauth$ to sqlguard;
grant select on sys.table_privilege_map to sqlguard;
grant select on sys.dba_objects to sqlguard;
grant select on sys.v_$pwfile_users to sqlguard;
grant select on sys.dba_col_privs to sqlguard;
7) Now click on Run Once Now to upload the data on from the Database server to Gaurdium.
After its successfully completed you will get the below alert
8) You have you create a report to check your data. Navigate to Comply > Custom Reporting > Custom Query Builder
9) Select you Querry , here we have taken the ORA. SYSDBA and SYSOPER Accnts.
10 ) Select your querry as below
11) Add it to the My Custom Report .
12 ) Navigate to My Custom Reports
13) You will be able to see the data from your Oracle Database server.
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22012652