IBM Security Guardium: Policy Rule for Access to Column not Firing

Troubleshooting

Problem

You have a rule to filter certain accesses using Object/Field that is not firing as expected when that column is accessed. You can see the SQL statement.

Cause

Quick Parse Native (QPN) action in use.

Diagnosing The Problem

Observe the policy actions for "Quick Parse".

Resolving The Problem

When you use QPN, parsing is happening on the STAP side and the components are sent in a message to the sniffer. With this rule, the sniffer will not parse the SQL itself but use the parsed components from message. The message just has the verb and object but no fields. A rule based on an Object/Field condition will not be fired.

Even if you tried to move the rule to the top with the action of "Log Full Details", this will still not be logged. The flag is set early on so the sniffer stops parsing the SQL. QPN is similar to "Quick Parse No Fields".

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF035","label":"z\/OS"}],"Version":"9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

IBM Security Guardium: Policy Rule for Access to Column not Firing

Troubleshooting

Problem

Cause

Diagnosing The Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?