IBM Support

How to manage groups in bulk using script in IBM Infosphere Guardium .

Technote (FAQ)


I have a very large number of groups and group members to manage in IBM InfoSphere Guardium. How do I accomplish this without creating and editing the groups one by one in GUI?


IBM InfoSphere Guardium provides Guardium API commands (grdapi) as a command line option in CLI for many maintenance operations. Group management is one of them. The following example illustrates two grdapi commands to create a group and add a member to that group

Prior to Guardium version 10:
grdapi create_group appid="Public" desc="My_Test_Group" owner="Admin" type="USERS"
grdapi create_member_to_group_by_desc  desc=" My_Test_Group" member="user_a"

Guardium version 10 and later:
grdapi create_group appid="Public" desc="My_Test_Group" type="USERS"
grdapi create_member_to_group_by_desc  desc=" My_Test_Group" member="user_a"

There are many other similar commands to delete members, list members etc. A full list and explanation is available online in any Guardium appliance GUI by visiting the following URL:

Please replace the appliance name and port as appropriate.

One or more of these grdapi commands can be stored in a text file and run as a batch process. Each single command must be in a single line without line breaks. Multiple commands must be in separate lines.

The example below assumes that the Guardium appliance IP is and that the grdapi commands are stored in a text file called mybatchfile. Please replace them as necessary.

ssh cli@ <mybatchfile

Please enter the password when requested. The output can be redirected to a file for verification purposes.

Document information

More support for: IBM Security Guardium

Software version: 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1

Operating system(s): Linux

Reference #: 1621664

Modified date: 25 January 2017