Chat now with support
Chat mit Support

Identity Manager Data Governance Edition 8.1.1 - Deployment Guide

Introduction Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting Appendix: NetApp managed host deployment Appendix: EMC managed host deployment Appendix: SharePoint managed host deployment

Resource activity is not displaying in the web portal for a business owner

Probable cause

Activity for owned data may not display in the web portal if:

  • Resource activity collection has not been enabled on the selected managed host.
  • Resource activity collection is not supported on the selected managed host (such as, remote managed Windows computers, Windows clusters, Generic or Cloud managed hosts).
  • Resource activity collection is enabled, but the data is not included within a specified managed paths.
Resolution

To ensure resource activity is being collected:

  1. From the Managed hosts view, select the required managed host.
  2. Select Edit host settings from the Tasks view or right-click menu.
  3. In the Managed Host Settings dialog, open the Resource Activity page.
  4. Ensure Collect and aggregate events is selected.
  5. Also, ensure the appropriate events are selected.
  6. Click the Resource Activity Exclusion button and review each tab to see what objects are being excluded.

To check what managed paths are selected for activity collection:

  1. From the Managed hosts view, select the required managed host.
  2. Select Edit host settings from the Tasks view or right-click menu.
  3. In the Managed Host Settings dialog, open the Managed Paths page.
  4. Activity is only being collected for the paths listed on this page.

NOTE: For all managed host types, when placing a resource under governance, the resource must be a managed path or a folder or share under a managed path.

  • For remote managed hosts and SharePoint managed hosts, if you select to place a resource under governance that is not yet defined as a managed path, the path is automatically added to the managed paths list. If the managed host has more than one agent assigned, you are prompted to select the agent to which the managed path is added.
  • For local managed hosts, if you are scanning managed paths (that is, there are paths in the managed paths list), and you select to place a resource under governance that is not yet defined as a managed path, the path is automatically added to the managed paths list. However, if you are scanning the entire server (that is, the managed paths list is empty) and you place a resource under governance, no changes are made to the managed paths list and you continue to scan the entire server.

For more information about these pages on the Managed Host Settings dialog, see Managed paths page and Resource activity page.

Governed resources are missing from the All my resources view in the web portal

Probable cause

Business ownership for governed resources was set programmatically or through the Object Browser.

Resolution

If business ownership for governed resources is set programmatically or through the Object Browser, you must also set the following parameter for these governed resources:

QAMDuG.IsPointOfInterest = true.

NOTE: Business ownership is indicated by setting values for either QAMDuG.UID_PersonResponsible or QAMDuG.UID_AERoleOwner.

Not receiving scheduled reports

Probable cause

The One Identity Manager service (job server) is not configured correctly. If you are having issues with scheduled report execution and are not receiving your reports through email, the first place to check is the Job Server log.

Resolution

Scheduled reports are run by the job server with the SMTP Host server mask. To allow this job server to query the Data Governance server, it must be running as an Active Directory account with an associated One Identity Manager Employee with either the Data Governance | Administrators or Data Governance | Access Managers application role.

To change the identity the job server runs as, open the Services console on the computer hosting the job server and change the Log On identity. For example, the DGEAdministrator Active Directory account needs to be associated with an Employee record that was granted the Data Governance | Administrators role or be a Data Governance service account itself. This new identity allows the job server to authenticate against the Data Governance server and perform the necessary queries required for report execution.

Groups missing from the Group Memberships tree view

To examine group membership in your enterprise, Data Governance Edition requires credentials that allow it to read group memberships in the domains that make up your enterprise structure. These credentials are provided when syncing the domain for Active Directory. For SharePoint group membership, it uses the provided database connection string and reads group information from the SharePoint database. If Data Governance Edition is having trouble resolving group memberships, you will see a link in the lower-left pane (after having selected Manage Access from the client). Clicking this link displays a list of issues that details any problems encountered during group expansion.

Resolution
  • Ensure that you have provided credentials with the required access.
Verwandte Dokumente