Question & Answer
Question
Guardium policy rules can be configured with a condition based on "Database Name"
Database Name can be added as an attribute in Guardium reports.
How is Database Name condition in Guardium policy defined?
What does Database Name mean when seen in reports?
Answer
The below applies to monitoring distributed databases only. For DB2 Z/OS see - Guardium report has blank Database Name for DB2 z/OS traffic
Definition
Database name is defined as the database where the user is logged in when they run a captured SQL statement.
It is a property of the monitored session.
SQL statements run from a session in database A onto an object in database B - "Cross database queries" are considered in below example.
Example
Consider this simplified policy:
Database Name = Test1
Action = Alert Per Match
How certain SQL statements would trigger the policy and be seen in report:
Database user logs in to | SQL statement | Alert triggered? | Database Name in report | |
1. | Test1 | select * from Table1 | Yes | Test1 |
2. | Test1 | select * from Test2.Table2 | Yes | Test1 |
3. | Test2 | select * from Table2 | No | Test2 |
4. | Test2 | select * from Test1.Table1 | No | Test2 |
Statement 4 does not trigger the alert - Although the object is in Test1, it was run from Test2.
This is the expected behavior consistent with the definition above.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"Policy","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
29 March 2019
UID
ibm10878901