IBM Security Guardium

Hi,

I am trying to encrypt my Mysql database using GDE appliance.

My current status:
1.Installed  GDE and configured DSM server.
2.Installed vee-fs... and vee-key agent on my host machine.
3.Communication is established between DSM server and host agent.
4.Have created 3 policies for encryption, decryption and access operation.
5.Able to encrypt database files.

Point where I am stuck: (Under Security rule  tab in policy)
1. Included User in access operation policy with all the  users browsed in the host machine
2.Upon adding all the users available still not able to access the data - permission denied error is coming
3.And without adding the User field in policy I am being able to access the data.
4.Also just included users and other fields such as resource, processes, when, action is empty
5.Effect has: Audit, apply key, permit
6.Allow browsing is ticked

Goal:
1.I want to segregate the users who want to access the  mysql database.

Explanation of  Goal:
Suppose there are two users devuser1 and devuser2 on my host machine. So I want to give access to devuser1 and not to devuser2.

Therefore I kindly request to the members of the community to please help me out in this issue.
Also if anyone could share any documentation or references in this regard (database encryption using GDE) would be very helpful. If anyone had gone through this can share the steps then it would be very nice.

Please let me know if anyone need more information about my setup.

Regards,
Ved Gaurav



------------------------------
Ved Gaurav
------------------------------

Hi Varun,

While you trying to access the Folder / Database File, parallely check the logs which are being generated in DSM.

1>Make use of Learn Mode to learn who (users/process) all are accessing the path or data.
2>Very Hyphothetical situations (There could be a reason that the ID which you have allowed to access is not the exact ID Server is using to access files. There could be some mismatch in IDs.) You will be able to reactify this issue after checking the live logs in DSM.

This should resolve the issue on Access part. Let me know if you still have issues.

Thanks,
Vijay

------------------------------
vijay jamwal
------------------------------

Original Message:
Sent: Mon June 29, 2020 04:22 AM
From: Ved Gaurav
Subject: Mysql database encryption using Guardium Data Encryption

Hi,

I am trying to encrypt my Mysql database using GDE appliance.

My current status:
1.Installed  GDE and configured DSM server.
2.Installed vee-fs... and vee-key agent on my host machine.
3.Communication is established between DSM server and host agent.
4.Have created 3 policies for encryption, decryption and access operation.
5.Able to encrypt database files.

Point where I am stuck: (Under Security rule  tab in policy)
1. Included User in access operation policy with all the  users browsed in the host machine
2.Upon adding all the users available still not able to access the data - permission denied error is coming
3.And without adding the User field in policy I am being able to access the data.
4.Also just included users and other fields such as resource, processes, when, action is empty
5.Effect has: Audit, apply key, permit
6.Allow browsing is ticked

Goal:
1.I want to segregate the users who want to access the  mysql database.

Explanation of  Goal:
Suppose there are two users devuser1 and devuser2 on my host machine. So I want to give access to devuser1 and not to devuser2.

Therefore I kindly request to the members of the community to please help me out in this issue.
Also if anyone could share any documentation or references in this regard (database encryption using GDE) would be very helpful. If anyone had gone through this can share the steps then it would be very nice.

Please let me know if anyone need more information about my setup.

Regards,
Ved Gaurav



------------------------------
Ved Gaurav
------------------------------

Also if possible can you update the Security Rule here.

------------------------------
vijay jamwal
------------------------------

Original Message:
Sent: Mon June 29, 2020 04:22 AM
From: Ved Gaurav
Subject: Mysql database encryption using Guardium Data Encryption

Hi,

I am trying to encrypt my Mysql database using GDE appliance.

My current status:
1.Installed  GDE and configured DSM server.
2.Installed vee-fs... and vee-key agent on my host machine.
3.Communication is established between DSM server and host agent.
4.Have created 3 policies for encryption, decryption and access operation.
5.Able to encrypt database files.

Point where I am stuck: (Under Security rule  tab in policy)
1. Included User in access operation policy with all the  users browsed in the host machine
2.Upon adding all the users available still not able to access the data - permission denied error is coming
3.And without adding the User field in policy I am being able to access the data.
4.Also just included users and other fields such as resource, processes, when, action is empty
5.Effect has: Audit, apply key, permit
6.Allow browsing is ticked

Goal:
1.I want to segregate the users who want to access the  mysql database.

Explanation of  Goal:
Suppose there are two users devuser1 and devuser2 on my host machine. So I want to give access to devuser1 and not to devuser2.

Therefore I kindly request to the members of the community to please help me out in this issue.
Also if anyone could share any documentation or references in this regard (database encryption using GDE) would be very helpful. If anyone had gone through this can share the steps then it would be very nice.

Please let me know if anyone need more information about my setup.

Regards,
Ved Gaurav



------------------------------
Ved Gaurav
------------------------------

Hi,

The devuser1 and devuer2 is OS user or DB user?

When you segregate the user from accessing the MySQL database is from application/DB level or OS level?

GDE enforce the access control on FS or OS level.

------------------------------
TS Teh
------------------------------

Original Message:
Sent: Mon June 29, 2020 04:22 AM
From: Ved Gaurav
Subject: Mysql database encryption using Guardium Data Encryption

Hi,

I am trying to encrypt my Mysql database using GDE appliance.

My current status:
1.Installed  GDE and configured DSM server.
2.Installed vee-fs... and vee-key agent on my host machine.
3.Communication is established between DSM server and host agent.
4.Have created 3 policies for encryption, decryption and access operation.
5.Able to encrypt database files.

Point where I am stuck: (Under Security rule  tab in policy)
1. Included User in access operation policy with all the  users browsed in the host machine
2.Upon adding all the users available still not able to access the data - permission denied error is coming
3.And without adding the User field in policy I am being able to access the data.
4.Also just included users and other fields such as resource, processes, when, action is empty
5.Effect has: Audit, apply key, permit
6.Allow browsing is ticked

Goal:
1.I want to segregate the users who want to access the  mysql database.

Explanation of  Goal:
Suppose there are two users devuser1 and devuser2 on my host machine. So I want to give access to devuser1 and not to devuser2.

Therefore I kindly request to the members of the community to please help me out in this issue.
Also if anyone could share any documentation or references in this regard (database encryption using GDE) would be very helpful. If anyone had gone through this can share the steps then it would be very nice.

Please let me know if anyone need more information about my setup.

Regards,
Ved Gaurav



------------------------------
Ved Gaurav
------------------------------