One Identity Manager Data Governance Edition User Guide
One Identity Manager Data Governance Edition User Guide
This guide contains the information required to administer One Identity Manager Data Governance Edition to manage the unstructured data in your organization. It contains detailed information about the Data Governance Edition features and includes instructions to help administrators perform day-to-day administration activities.
Before you can gather information on the unstructured data in your organization, you must:
This initial setup information is also covered in the One Identity Manager Data Governance Edition Deployment Guide and should already be completed.
Once you have added a managed host, you can:
- Examine a file system, SharePoint farm or other supported platforms to see what users and groups have access to it, and modify the access if required. For more information, see Browsing your environment.
- Examine a user or group to ensure they have the correct data access. For more information, see Managing account access.
- Compare account access for selected users or groups. For more information, see Comparing accounts.
- Simulate the addition or removal of users or groups from selected groups. For more information, see Simulating the effects of group membership modifications on an account.
- Calculate perceived ownership to identify potential business owners for data within your environment. For more information, see Calculating perceived owner.
- Place data under governance and leverage the self-service request attestations, policies, and reports that help you to ensure your data is in compliance. For more information, see Placing a resource under governance.
Available documentation
Data Governance Edition documentation includes the following manuals:
-
One Identity Manager Data Governance Edition User Guide
This guide includes Data Governance Edition administration information.
-
One Identity Manager Data Governance Edition Deployment Guide
This guide includes Data Governance Edition installation, configuration, and deployment information.
-
One Identity Manager Data Governance Edition IT Shop Resource Access Requests User Guide
This guide includes details about the self-service resource requests related to resources that are governed, including the file system share creation request in the IT Shop.
-
One Identity Manager Data Governance Edition Technical Insight Guide
This guide is intended for advanced audiences who want a deeper understanding of the Data Governance Edition components and how they communicate with each other. It also provides a description of the configuration file settings, registry key settings and PowerShell commands.
Online versions of the Data Governance Edition guides are available on the technical support web portal: https://support.oneidentity.com/identity-manager-data-governance-edition/technical-documents
For supporting One Identity Manager information, see the One Identity Manager documentation. Online versions of the One Identity Manager guides are available on the technical support web portal: https://support.oneidentity.com/identity-manager/technical-documents
Data Governance node and views
Data Governance node and views
The Data Governance Edition elements are embedded into the Manager client application. The user interface elements communicate with the Data Governance service and directly with the One Identity Manager database. Communication with the database is performed in the same way as any other One Identity Manager database communication, using the authentication information provided when the user launches the client tools.
The Manager is the main administration tool for configuring Data Governance Edition components and governing unstructured data to secure and control access to your organization's data. The Data Governance node in the Manager's navigation view provides access to the data required to perform the following tasks:
- Configure Data Governance Edition, including:
- Configuring Data Governance service accounts for managed domains
- Adding and configuring managed hosts
- Deploying Data Governance agents
- Manage resource access
- Manage account access
- Manage and set security permissions for network objects
- Manage and set SharePoint security permission levels
- Bring data under governance
- Define classification levels for use in classifying governed data
From the Data Governance navigation view, the following main views become available to configure and manage your Data Governance Edition deployment:
In addition to these main views, the following Data Governance Edition views are available to manage resource access, account access and governed data:
Related Topics
Customizing your view
Toggle layout options
Info system view
Selecting Info system in the Data Governance navigation view displays dashboards for viewing general statistics and the overall status of your Data Governance Edition deployment in real-time.
Note: In addition, you can view these dashboards using the Data Governance server landing page (https://<DGEServerIPAddress>:8723/server/home).
Note: The Data Governance Edition statistics displayed in these dashboards are calculated on an hourly schedule. To change the schedule, edit the hourly schedule defined in the QAM statistics schedule in the Designer (Getting Started | Edit schedules or Base Data | General | Schedules).
The Info system view in the Manager includes three One Identity Manager statistics (as indicated in the table) and these are calculated based on the schedule defined in the Calculate statistics schedule. The Calculate statistics schedule is disabled by default and must be enabled in order to calculate these One Identity Manager statistics. These statistics are not available on the Data Governance server landing page.
Table 1: Data Governance Edition statistics
Managed Hosts |
Pie chart shows the number of computer objects found in your environment, indicating the number that are managed hosts and the number that are not yet managed (unmanaged).
NOTE: This statistic does not include SharePoint Farm, DFS Root or NFS managed hosts. |
Managed Host Status |
Pie chart shows the number of managed hosts by status (OK vs. Not OK).
NOTE: This statistic does not include SharePoint Farm, DFS Root or NFS managed hosts. |
Managed Host Type |
Pie chart shows the number of managed hosts defined in your Data Governance Edition deployment, broken down by host type. |
Managed Hosts with Resource Activity |
Pie chart shows the number of managed hosts that are collecting resource activity (Enabled) and the number of managed hosts that are not collecting resource activity (Disabled).
NOTE: Since resources on Cloud managed hosts cannot collect resource activity, those resources are always included as Disabled. |
Managed Hosts Without Governed Data |
Graphic shows managed hosts that have resources that have not been placed under governance. The graphic uses the following thresholds:
- Green: Less than 25% of all managed hosts have data that is not being governed.
- Orange: Between 25% and 75% of all managed hosts have data that is not being governed.
- Red: More than 75% of all managed hosts have data that is not being governed.
The total number of managed hosts with ungoverned data is displayed under the graphic.
NOTE: On the Data Governance server landing page, this is a pie chart showing managed hosts with data that has not been placed under governance. |
Governed Data Without Business Owners |
Graphic shows governed data without an assigned business owner. The graphic uses the following thresholds:
- Green: Less than 25% of all governed data does not have a business owner assigned.
- Orange: Between 25% and 75% of all governed data does not have a business owner assigned.
- Red: More than 75% of all governed data does not have a business owner assigned.
The total number of governed data without an assigned business owner is displayed under the graphic.
NOTE: On the Data Governance server landing page, this is a pie chart showing governed data without an assigned business owner. |
Governed Data by Resource Type |
Pie chart shows the number of governed resources, broken down by resource type. |
Published vs Unpublished Governed Data |
Pie chart shows the number of governed resources that are published to the IT Shop and the number of governed resources that are not published.
NOTE: Since resources on NFS and Cloud managed hosts cannot be published to the IT Shop, those resources are always included as Unpublished. |
Published Data with Organizational Restrictions |
Pie chart shows the number of published resources belonging to a restriction list, broken down by organizational structure (department, location, or cost center). |
Security Index by Account Type |
Pie chart shows the number of accounts with direct access points that have been scanned by a Data Governance agent, broken down by account type:
- Azure AD Group
- Azure AD User
- Domain Group
- Domain User
- Machine Local Group
- Machine Local User
- Other
- SharePoint Group
- SharePoint Identity
- SharePoint Online Group
- SharePoint User
- Unix Group
- Unix Owner
|
Attestations |
Pie chart shows the number of attestations cases, broken down by Overdue, Outstanding, Closed overdue, and Closed in time cases.
NOTE: This statistic does not include Cloud managed hosts.
NOTE: This is a One Identity Manager statistic. In order to calculate and update this statistic, you must enable the Calculate statistics schedule in the Designer (Getting Started | Edit schedules or Base Data | General | Schedules). Once enabled, data for this graphic is updated based on the defined schedule. |
Policy violations (current) |
Graphic shows the number of current policy violations. The graphic uses the following thresholds:
- Green: Zero violations
- Red: One or more violations
The total number of violations is displayed below the graphic.
NOTE: This statistic does not include Cloud managed hosts.
NOTE: This is a One Identity Manager statistic. In order to calculate and update this statistic, you must enable the Calculate statistics schedule in the Designer (Getting Started | Edit schedules or Base Data | General | Schedules). Once enabled, data for this graphic is updated based on the defined schedule. |
Compliance Rule Violations (current) |
Graphic shows the number of current compliance rule violations. The graphic uses the following thresholds:
- Green: Zero violations
- Red: One or more violations
The total number of violations is displayed below the graphic.
NOTE: This statistic does not include Cloud managed hosts.
NOTE: This is a One Identity Manager statistic. In order to calculate and update this statistic, you must enable the Calculate statistics schedule in the Designer (Getting Started | Edit schedules or Base Data | General | Schedules). Once enabled, data for this graphic is updated based on the defined schedule. |