Wishing a great day to the experts and engineers at IBM.
I am currently using Guardium with the GIM and STAP agents installed on the DB server, and the firewall mode is enabled.

Policies designed to block specific commands or access to sensitive tables are successfully being terminated. However, I need to configure a policy that blocks queries based on the number of records retrieved per query, according to our company's policy - but this is not working as expected.

(I have already enabled the 'Log Records Affected' option in the inspection engine on the Collector.)
The attached screenshot shows the configuration for limiting 100 records per query with the action set to terminate, but when using a SELECT * ... LIMIT 100 query, it is not being blocked. 

Thanks for all your help

Hi Duc Tran Anh,

It would be helpful to share your policy rule, but you mentioned the action is set to terminate. Are you using S-TAP TERMINATE or S-GATE TERMINATE? If S-GATE, is S-GATE ATTACH also part of the rule actions? 

Wishing a great day to the experts and engineers at IBM.
I am currently using Guardium with the GIM and STAP agents installed on the DB server, and the firewall mode is enabled.

Policies designed to block specific commands or access to sensitive tables are successfully being terminated. However, I need to configure a policy that blocks queries based on the number of records retrieved per query, according to our company's policy - but this is not working as expected.

(I have already enabled the 'Log Records Affected' option in the inspection engine on the Collector.)
The attached screenshot shows the configuration for limiting 100 records per query with the action set to terminate, but when using a SELECT * ... LIMIT 100 query, it is not being blocked. 

Thanks for all your help

Hi Wendy,

Thank you for your attention. 

I set a policy with the action 'quarantine' using Reset interval = 1, Severity = Info, Quarantine for = 1, and Records affected threshold = 100/query, and Guardium successfully works and quarantines the session. However, with the same rule, when I change the action to 'S-TAP Terminate' or 'S-GATE Terminate', it only logs a warning when the condition is matched, but the session is not terminated. 

Hi Duc Tran Anh,

It would be helpful to share your policy rule, but you mentioned the action is set to terminate. Are you using S-TAP TERMINATE or S-GATE TERMINATE? If S-GATE, is S-GATE ATTACH also part of the rule actions? 

Wishing a great day to the experts and engineers at IBM.
I am currently using Guardium with the GIM and STAP agents installed on the DB server, and the firewall mode is enabled.

Policies designed to block specific commands or access to sensitive tables are successfully being terminated. However, I need to configure a policy that blocks queries based on the number of records retrieved per query, according to our company's policy - but this is not working as expected.

(I have already enabled the 'Log Records Affected' option in the inspection engine on the Collector.)
The attached screenshot shows the configuration for limiting 100 records per query with the action set to terminate, but when using a SELECT * ... LIMIT 100 query, it is not being blocked. 

Thanks for all your help