3. Manage Objects in an OG¶
Objects are added to, changed in and removed from an object group using discovery rules. Make sure that the OG already exists:
3.1. Add objects to an Object Group¶
Use API_SCURTY.ADD_OG_OBJ_DISCOVER_RULE for adding a new discover rule. iRegular expressions for including and excluding schemas, objects and comments are defined. While the inclusion patterns are mandatory, the exclusion patterns are optional.
Example: add all objects with a name containing ‘_TAB’ from schemas ‘PSV_TEST_TA’ and ‘PSV_TEST_DR’ to OG TEST_OG
1EXECUTE SCRIPT API_SCURTY.ADD_OG_OBJ_DISCOVER_RULE (
2 'TEST_OG' -- p_object_group
3 ,'PSV_TEST_(TA|DR)' -- p_schema_incl_pattern
4 ,null -- p_schema_excl_pattern
5 ,'.*_TAB.*' -- p_object_incl_pattern
6 ,null -- p_object_excl_pattern
7 ,'.*' -- p_comment_incl_pattern
8 ,null -- p_comment_excl_pattern
9 ,'test-tabs' -- p_rule_comment
10);
After issuing this command, an entry will be added to the table REP_OG_OBJ_DISCOVER_RULES. The individual objects can be found in REP_OG_OBJECTS.
RULE_ID |
OBJECT_GROUP |
SCHEMA_INCL_PATTERN |
SCHEMA_EXCL_PATTERN |
OBJECT_INCL_PATTERN |
OBJECT_EXCL_PATTERN |
COMMENT_INCL_PATTERN |
COMMENT_EXCL_PATTERN |
RULE_COMMENT |
|---|---|---|---|---|---|---|---|---|
66 |
TEST_OG |
PSV_TEST_(TA|DR) |
(null) |
._TAB. |
(null) |
.* |
(null) |
test-tabs |
OBJECT_GROUP |
OBJECT_SCHEMA |
OBJECT_NAME |
OBJECT_TYPE |
LVL |
|---|---|---|---|---|
TEST_OG |
PSV_TEST_DR |
TEST_TAB |
VIEW |
0 |
TEST_OG |
PSV_TEST_TA |
TEST_TAB |
VIEW |
0 |
3.2. Change a Discover Rule¶
Change a discover rule API_SCURTY.CHANGE_OG_OBJ_DISCOVER_RULE. Providing NULL leaves the parameters as is, while a blank (’ ‘) restores the default value.
Example
1EXECUTE SCRIPT API_SCURTY.CHANGE_OG_OBJ_DISCOVER_RULE(
2 66 -- p_rule_id
3 ,null -- p_schema_incl_pattern
4 ,'PSV_TEST_TA' -- p_schema_excl_pattern
5 ,null -- p_object_incl_pattern
6 ,null -- p_object_excl_pattern
7 ,null -- p_comment_incl_pattern
8 ,null -- p_comment_excl_pattern
9 ,'change-test' -- p_rule_comment
10);
In this example only the schema exclusion pattern and the rule comment are modified, while the rest of the parameter values stay the same, due to the values being set to null in this change operation. With this call a schema exclusion pattern has been added.
The changed discover rule can be found in the table REP_OG_OBJ_DISCOVER_RULES and the changes in the objects belonging to the ‘TEST_OG’ Object Group can be found in the view REP_OG_OBJECTS.
RULE_ID |
OBJECT_GROUP |
SCHEMA_INCL_PATTERN |
SCHEMA_EXCL_PATTERN |
OBJECT_INCL_PATTERN |
OBJECT_EXCL_PATTERN |
COMMENT_INCL_PATTERN |
COMMENT_EXCL_PATTERN |
RULE_COMMENT |
|---|---|---|---|---|---|---|---|---|
66 |
TEST_OG |
PSV_TEST_(TA|DR) |
PSV_TEST_TA |
._TAB. |
(null) |
.* |
(null) |
change-test |
OBJECT_GROUP |
OBJECT_SCHEMA |
OBJECT_NAME |
OBJECT_TYPE |
LVL |
|---|---|---|---|---|
TEST_OG |
PSV_TEST_DR |
TEST_TAB |
VIEW |
0 |
3.3. Remove a Discover Rule¶
By removing the object discover rule all objects detected by this rule are removed from the object group. An object discover rule can be removed using the script API_SCURTY.REMOVE_OG_OBJ_DISCOVER_RULE.
Example
1EXECUTE SCRIPT API_SCURTY.REMOVE_OG_OBJ_DISCOVER_RULE(
2 66 -- p_rule_id
3);
After successfully removing the rule and, therefore, all objects associated to the object group via this rule, the entry for this rule in the table REP_OG_OBJ_DISCOVER_RULES as well as all entries belonging to the ‘TEST_OG’ object group in the view REP_OG_OBJECTS are gone.