To ensure greater control and security over database access and executed commands, you can configure blocking rules directly within the platform. Below, we provide a detailed step-by-step guide for creating and applying these rules, allowing you to restrict commands, define blocked SQL patterns, and even modify queries executed by users.
Follow the steps below to properly configure blocking rules in the database.
First step: access the Databases menu
After logging into VaultOne, locate the Databases menu in the main interface. Click on it to access the options related to the configured databases.
Second Step: access the Blocking Rules management tab
Click on Blocking Rules, then select + Create to start the configuration.
Third Step: mandatory settings in the General tab
In the General tab, three mandatory fields must be filled out to create the rule. The Name field defines the name of the rule being created. The Priority field determines the order in which the rule will be executed. The Severity Alert ensures that if a user executes a blocked command, an alert will be generated for administrators and, if configured, will also be sent to the SIEM.
Fourth step: types of blocking
In the Rule tab, there are three blocking options that can be configured according to the need:
Command Blocking: allows blocking specific commands that are listed below the option.
SQL Pattern Blocking: makes it possible to block SQL query patterns, either through a conventional SQL script or using regular expressions (regex).
Replace Query: allows modifying queries to restrict certain information. In this option, you select the Table Name and, in the Replace Query field, define the new query to be applied.
For example, if there is a table called users with the columns id, name, and password, and you do not want the password column to appear, simply define the query SELECT id, name FROM users. This way, when a user executes SELECT * FROM users, only the columns id and name will be displayed.
Fifth step: assign the rule to one or more resources
In the Resources tab, you can define which resources will be affected by the created rule. The list on the left displays all available resources. To assign a resource to the rule, simply select it and click the right arrow, moving it to the list of resources linked to the rule. Finally, click Save.
User or Group Exceptions
There are two ways to create a blocking rule: through the Blocking Rules screen, as explained earlier, or directly from the + Add New Database screen.
To create a rule when adding a database, click + Add Database, go to the Blocking Rules tab, and select + New to start the configuration. The General and Rule tabs have the same functions explained earlier.
The difference is in the Exceptions tab, where you can add Users or Groups that should not be affected by the rule. In other words, any user or group included in this list will be exempt from the restrictions defined in the rule.
Important: Exceptions configured this way apply only to the specific database.
Note: Blocking rules are only available from version 23 of the connector. Make sure your version is up to date to use this feature.
Please contact our support (help@vaultone.com or via Chat inside the platform) if you need any help.