IBM Support

How to manage groups in bulk using script in IBM Infosphere Guardium .

Technote (FAQ)


Question

I have a very large number of groups and group members to manage in IBM InfoSphere Guardium. How do I accomplish this without creating and editing the groups one by one in GUI?

Answer

IBM InfoSphere Guardium provides Guardium API commands (grdapi) as a command line option in CLI for many maintenance operations. Group management is one of them. The following example illustrates two grdapi commands to create a group and add a member to that group

Prior to Guardium version 10:
grdapi create_group appid="Public" desc="My_Test_Group" owner="Admin" type="USERS"
grdapi create_member_to_group_by_desc  desc=" My_Test_Group" member="user_a"



Guardium version 10 and later:
grdapi create_group appid="Public" desc="My_Test_Group" type="USERS"
grdapi create_member_to_group_by_desc  desc=" My_Test_Group" member="user_a"


There are many other similar commands to delete members, list members etc. A full list and explanation is available online in any Guardium appliance GUI by visiting the following URL:

https://<appliance_name:port>/help/html/main/guardapi_group_functions.htm
Please replace the appliance name and port as appropriate.

One or more of these grdapi commands can be stored in a text file and run as a batch process. Each single command must be in a single line without line breaks. Multiple commands must be in separate lines.

The example below assumes that the Guardium appliance IP is 192.168.1.100 and that the grdapi commands are stored in a text file called mybatchfile. Please replace them as necessary.

ssh cli@192.168.1.100 <mybatchfile

Please enter the password when requested. The output can be redirected to a file for verification purposes.

Document information

More support for: IBM Security Guardium

Software version: 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1

Operating system(s): Linux

Reference #: 1621664

Modified date: 25 January 2017