IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  RBA/CBA "Remove device fingerprint" job

    Posted Thu March 21, 2019 11:34 PM
    Hi Team,


    We found that there is default setting in runtime like "Remove device fingerprint" as below, we have currently over 100mil records in device fingerprint table, and one year going to be completed by June this year.

     

    Question are

    1. When the job will run to remove device fingerprint, would it cause performance issues keeping in mind so many records need to delete?
        2.  Will it remove all device fingerprints are only which are older than certain time period?



    ------------------------------
    Thanks,
    Amitesh Singh
    ------------------------------


  • 2.  RE: RBA/CBA "Remove device fingerprint" job

    Posted Mon March 25, 2019 08:11 PM
    Hi Amitesh,

    1.Database may ran out of transactions log space if we are trying to delete 100 mil records.
    2. This would only delete the devices which are not used in 1 year , based on the screenshot.

    For reference: Manual process of Context-based access clean-up - https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/admin/reference/ref_cba_cleanup.html

    ------------------------------
    Soumyajit Roy
    ------------------------------

    Original Message


  • 3.  RE: RBA/CBA "Remove device fingerprint" job

    Posted Tue March 26, 2019 10:08 PM
    Hi Soum,

    Thanks for your reply. We might need to figure out to do manual clean up in batches

    ------------------------------
    Amitesh Singh
    ------------------------------

    Original Message


  • 4.  RE: RBA/CBA "Remove device fingerprint" job

    Posted Thu March 28, 2019 03:03 AM

    Hi Amitesh,

    For sure, you better do this using a script that uses the ISAM REST API's.
    Look here: https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.6/com.ibm.isam.doc/develop/rapi/index.html
    Then in the section Secure Access Control -> Database Maintenance -> Database Management.

    A script could do small batches to go back in time. There's an API call "Get the status of the most recent deletion of data that completed" that is convenient to check if you previous batch is already completed or not. Happy scripting!

    Kind regards, Peter



    ------------------------------
    Peter Volckaert
    Sales Engineer
    IBM Security
    ------------------------------

    Original Message


Related Content