¶ 1 Add a rule to exclude specific objects
To exclude specific objects one can add a rule by using the script API_SCURTY.ADD_EXCL_OBJ_DISCOVER_RULE and providing regular expressions to filter out these specific objects via search rules. All exclude pattern are mandatory parameters and they are all set by default to '.*'. However, these default values should be looked at very carefully and at least one should be changed, as otherwise this would mean each and every schema, object and comment will be excluded.
In the example below the schema 'PSV_TEST_TA' is being excluded and by setting the object and comment pattern to '.*' every object and comment beloning to this schema is excluded as well. The rule comment is set to 'excl-test' so one can see that this rule is only added as a test.
¶ Example
EXECUTE SCRIPT API_SCURTY.ADD_EXCL_OBJ_DISCOVER_RULE(
'PSV_TEST_TA' -- p_schema_excl_pattern
,'.*' -- p_object_excl_pattern
,'.*' -- p_comment_excl_pattern
,'excl-test' -- p_rule_comment
);
After issuing this script an entry is added to the table SCURTY.REP_EXCL_OBJ_DISCOVER_RULES.
| RULE_ID | SCHEMA_ EXCL_PATTERN | OBJECT_ EXCL_PATTERN | COMMENT_ EXCL_PATTERN | RULE_COMMENT |
|---|---|---|---|---|
| 37 | PSV_TEST_TA | .* | .* | excl-test |
¶ 2 Change an exclude rule
To change an already existing exclude rule, one can use the script API_SCURTY.CHANGE_EXCL_OBJ_DISCOVER_RULE. One has to first find the rule id of the rule one wants to change in the table SCURTY.REP_EXCL_OBJ_DISCOVER_RULES, in this case rule id 37. After providing this rule id to the script, one can keep any already configured parameters by setting them to 'null'. This way the value that is already saved for that parameter will be kept. By providing any other value, this value will be overwritten.
In this example the pattern for excluding schemas and comments will stay the same, however, the pattern to exclude objects will be modified as well as the rule comment.
¶ Example
EXECUTE SCRIPT API_SCURTY.CHANGE_EXCL_OBJ_DISCOVER_RULE(
37 -- p_rule_id
,null -- p_schema_excl_pattern
,'.*_TAB.*' -- p_object_excl_pattern
,null -- p_comment_excl_pattern
,'excl-test-change' -- p_rule_comment
);
By running the command above the entry in the table SCURTY.REP_EXCL_OBJ_DISCOVER_RULES will change as follows:
| RULE_ID | SCHEMA_ EXCL_PATTERN | OBJECT_ EXCL_PATTERN | COMMENT_ EXCL_PATTERN | RULE_COMMENT |
|---|---|---|---|---|
| 37 | PSV_TEST_TA | .*_TAB.* | .* | excl-test-change |
¶ 3 Remove an exclude rule
To remove a rule used to exclude specific objects, the script API_SCURTY.REMOVE_EXCL_OBJ_DISCOVER_RULE can be used. The only parameter needed is the rule id of that exclude rule. It can be found in the table SCURTY.REP_EXCL_OBJ_DISCOVER_RULES.
¶ Example
EXECUTE SCRIPT API_SCURTY.REMOVE_EXCL_OBJ_DISCOVER_RULE(
37 -- p_rule_id
);
After issuing the command above the entry of the esclude rule with the rule id 37 will be removed from the table SCURTY.REP_EXCL_OBJ_DISCOVER_RULES.