12. Poesía Un caso especial lo constituyen algunos programas de telerrealidad concebidos para el mundo árabe, que cuentan las grandes diferencias culturales con
2.10 MARCO LEGAL
Tivoli Security Compliance Manager provides a set of operational reports that can be published using Crystal Enterprise 9, as described in “Security
Compliance Manager operational reports” on page 22. In the following section, we concentrate on the modification of the operational reports provided by Security Compliance Manager. Modifications are required to adapt the reports to ABBC’s organizational structure required by the security compliance process. The project team analyzed the operational reports provided by Security Compliance Manager. It turned out that the reports fulfill the project’s reporting requirements except for the organizational structure. The operational reports provide information about all the registered machines. ABBC’s security
compliance process requires operational reports from every administration team. The interrelationship between report development and report publishing is depicted in Figure 6-34 on page 161. The modifications described in the following paragraphs are performed using Crystal Report Professional Version 9.2.2.634. The project team acquires an upsell package from IBM that is required in order to modify and publish the operational reports.
Figure 6-34 Report development and publishing overview
Modifying operational reports
The modifications of the operational reports consists of the following tasks:
Update the data source location for the report.
Modify the command loading the records from the Security Compliance Manager database.
Add a parameter to enable specific group IDs during the deployment of the report.
Modify the report to display group information.
Testing the report.
Update the data source location
Let us demonstrate the modifications of the example of the report
ClientViolations.rpt. Having started the Crystal Report application, we load the report. The initial view is depicted in Figure 6-35 on page 162.
Crystal Reports Crystal Enterprise Operational Report Operational Report operational report template Report Developer Report User
report development publishing reports
save report templates import report templates Web Interface Design GUI
Figure 6-35 Operational report ClientViolations in Crystal Report
From the menu, select Database → Set Datasource Location..., which opens the Set Datasource Location window. In the “Replace with” dialog, open the entry ODBC(RDO). The ODBC(RDO) window appears, as shown in Figure 6-36 on page 163. Select the database JAC, click Next, and specify the DB2 user name and password. Return to the Set Datasource Location window, make sure that the database entries in the Current Data Source and Replace With dialogs are selected, and click Update.
Figure 6-36 Selecting the JAC database as a new data source
Close the Set Datasource Location window and press F5 to refresh the report data. The Crystal Report application connects to the JAC database and loads the data required by the report.
Modify the database command
The report includes an SQL command that loads the violations from the Security Compliance Manager database. You have to modify the SQL statement so that the additional fields group name and group ID are loaded from the database. The modifications of the statement are shown in bold and italic in Example 6-7 on page 164.
Example 6-7 Modified SQL statement for report ClientViolations.rpt SELECTC.ALIAS, P.NAME, S.NAME, N.RUNDATE, C.DHCP, V.MESSAGE, G.NAME AS GROUP_NAME, M.GRO_ID_PARENT AS GROUP_ID FROM JAC_SYS.CLIENTS C, JAC_SYS.VIOLATIONS V, JAC_SYS.COMPLIANCE_SQL S, JAC_SYS.POLICIES P, JAC_SYS.GROUPS G, JAC_SYS.GRO_CLI_MEMBERS M,
(SELECT A.RUNDATE, A.ID FROM JAC_SYS.SNAPSHOTS A,
(SELECT MAX(ID) AS ID FROM JAC_SYS.SNAPSHOTS GROUP BY POL_ID) AS B WHERE A.ID=B.ID ) AS N
WHERE C.CLI_ID=V.CLI_ID and C.CLI_ID = M.CLI_ID_CHILD and M.GRO_ID_PARENT = G.GRO_ID and
C.CLI_ID NOT IN (SELECT V.CLI_ID FROM JAC_SYS.VIOLATIONS V, JAC_SYS.SNAPSHOTS S,
JAC_SYS.VIOLATION_SUPPRESSION VS, JAC_SYS.SUPPRESSIONS_POL SP WHERE V.SNA_ID=S.ID and
V.VIO_ID=VS.VIO_ID and VS.SUP_ID=SP.SUP_ID and SP.SUPPRESS_UNTIL>S.RUNDATE ) and V.COM_ID=S.ID and S.POL_ID=P.ID and V.SNA_ID=N.ID
From the menu, select Database → Database Expert. In the Database Expert window, right-click the Command entry in the Selected Database control. In the context menu, select Edit Command and modify the command, as shown in Example 6-7. Select OK and return to the report.
Adding the group parameter
In the next step, you have to modify the report to reduce the clients and violations included in the report to the number of records belonging to a specified group. Create a new parameter in the Field Explorer section. Right-click the entry
Latest news: The SQL code has been slightly changed in Fix Pack 2 so that it
looks only at full (unrestricted) snapshots. Please make sure you consult the updated product documentation.
Parameter Fields and select New..., which opens the Create Parameter Field
window, as shown in Figure 6-37. Enter the name of the new parameter Group ID and the prompting text. Select the Value type Number and Allow multiple
values. Click OK and the new parameter is added to the list of parameter fields
without a green tick. The green tick indicates that the control is already used in the report.
Figure 6-37 Adding a group parameter
You also have to modify the report to actually include the new parameter. From the menu, select Report → Select Expert..., which opens the Select Expert window showing the rules that reduce the number of records selected for the report. Click the <New> tab and the Choose Field window appears. Select the GROUP_ID that is available (due to the modified database command), shown in Example 6-7 on page 164.
Figure 6-38 Select GROUP_ID for the select statement
Click OK and return to the Select Expert window. A new tab
Command.GROUP_ID exists, as shown in Figure 6-39. From the left drop-down list, select “is equal to” and from the right drop-down list, select {?Group ID}, which is the parameter field you created before.
Click OK and the parameter field Group ID has a green tick indicating that it is actually used in the report.
Modifying the report layout
The report should display the group information that is covered by the new report. For this reason, you need to add a new parameter field of type String called Admin Team. This parameter allows to specify the name of the
administration team during the deployment of the report. In order to display the team’s name in the report, you have to drag and drop the parameter field into the header section of the report.
Testing the report
Press F5 to refresh the report data. In the Refresh Report Data window, select
Prompt for new parameter values. In the Enter Parameter Values windows,
select the parameter Group ID and add the values 2, 15, 6, 4, and 5 for the US UNIX administration team, as shown in Figure 6-40.
In the refreshed report, you have to verify that only machines belonging to the US UNIX team and the corresponding violations appear in the report.
Publishing modified reports
The project team already configured operational reports that cover all IT systems of ABBC on the Crystal Enterprise server. Now the administration teams should only get access to their own reports. Therefore, the project team removes the local administration teams’ access to the overall reports. They create a new folder structure giving each administration team its own subfolder, as shown in Figure 6-41.
Figure 6-41 Example of group structure in Crystal Enterprise
Using the access control methods of Crystal Enterprise, each administration team is granted access to its own subfolder. 6.1.5, “Configuring operational reports” on page 142 describes how to set access rights on Crystal Enterprise folders.
Using the publish.bat command, you have to publish the new reports to their new destinations. You have to publish the reports for each team subfolder separately. Example 6-8 shows the command for the ClientViolations report and folder US_UNIX_team1.
Example 6-8 Publishing command for placing reports in group folders
TivoliCrystalPublisher.exe -sourcepath <directory containing the reports> -destfolder "US.Team1" -aps itsosec1 -apsuser Administrator -apspassword <pwd> -apsauth secEnterprise -dbserver JAC -dbdatabase JAC -dbuser db2admin
For each report, you have to configure the groups belonging to the administration team. Log in to the CMC as an administrator, select a report, and go to the Parameters tab. Figure 6-42 shows the parameter configuration window showing the new parameters for group IDs and the group name.
Figure 6-42 Additional parameters for the group report
6.3 Conclusion
These configurations conclude our example deployment for IBM Tivoli Security Compliance Manager at ABBC. We have covered the design and implementation phases for the infrastructure components and for deploying Security Compliance Manager clients, collectors, policies, and reports, including the development of a new collector and modification of an operational report.
Tip: Having specified all types of parameters, make sure you click the Update
button. Missing this step will delete all your modifications in the Parameters section.