Chat now with support
Chat mit Support

Identity Manager Data Governance Edition 8.1.1 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Data Governance service configuration file settings

The following Data Governance service configuration settings can be configured in the DataGovernanceEdition.Service.exe.config file in the server directory: %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server.

Table 15: Server settings
Configuration setting Description
AgentLeaseRenewPeriod Sets the agent lease renewal interval.
DfsDataSyncInterval Sets the default DFS synchronization interval.
DisablePerceivedOwnershipUpdate Can be used to disable the automatic perceived owner calculation for governed data.
FolderSecurity.UseAdminPathsForShareFolders Controls how the Data Governance server deals with the security that backs folders.
ManagedHostDeleteBatchSize Defines the batch size used to delete managed hosts and their associated resources and resource activity records from the database.
MessagingCacheFolder Defines the server messaging cache location.
Metrics.CollectionIntervalInSeconds Sets the metrics collection interval.
MinimumSupportedModuleMigrationVersion Specifies the minimum supported module migration version.
OracleBulkImportBatchSize

Specifies the number of records to be imported at a time during a bulk import for an Oracle database.

NOTE: Oracle Database support was deprecated beginning with One Identity Manager 8.1. Do not use.

PerceivedOwnershipActivityPeriod Defines the time period (in days) to look for past resource activity to determine perceived owners.
PerceivedOwnershipByResourceActivity Indicates the primary source for calculating perceived owners: resource activity history or security information.

PerceivedOwnershipByResourceOwner

Indicates whether the access control list owner within the target system should be considered as a perceived owner suggestion.

PerceivedOwnershipCalcUpdatesRefreshIntervalMinutes Sets the perceived ownership update interval.
PerceivedOwnershipMaxReturnValue Defines the maximum number of perceived ownership suggestions returned as a result of calculating perceived owners for a resource.
RemoteExecutor.WaitResultTimeout Defines how long the Data Governance service should wait for results from the RemoteExecutor before timing out.
RestServicePort Sets the communication port for HTTP protocol and REST services. (Communications with PowerShell and One Identity Manager clients and web server.)
SuggestedAgentCap Defines the suggested maximum number of agent instances on a given computer.
SyncDomainPasswordInterval Sets the managed domain and security information cache refresh interval.
VerboseHostForTrusteeLogging Debug setting used to log the complete Alias table used for the query.
Table 16: Self-service settings
Configuration setting Description
SelfService.AllowNonPublishedGroups Indicates whether groups not published to the IT Shop are displayed in self-service web portal.
SelfService.AllowUnsychronizedGroups Indicates whether groups not synchronized with One Identity Manager are displayed in self-service web portal.
SelfService.EnableSelfServiceRequest Indicates whether self-service requests are enabled.
SelfService.IncludeSuitabilityTraceInfo Indicates whether the suitability trace information is to be included as a property in the self-service request results.
SelfService.MarkSuitabilityTraceInfo Indicates whether the suitability integer is to be shown in the user interface when self-service groups are returned.
SelfService.MaximumMethodsCount Defines the maximum number of self-service groups that can be returned for consideration.
SelfService.SuitabilityThreshold Specifies the lowest possible suitability score to be used when returning self-service groups.
Table 17: Points of interest (POI) settings
Configuration setting Description
CollectPoi.CheckFrequencyInMinutes Sets the stale POI information check interval.
CollectPoi.IgnoreChangedResourceSynchronization Indicates whether the changed resource synchronization should be ignored.
CollectPoi.IncludeDeviations Indicates whether deviations are to be included in POI query.
CollectPoi.MaxConcurrentQueries Defines the maximum number of simultaneous POI queries to be performed.
CollectPoi.OverdueThresholdInMinutes Sets the amount of time before a resource is considered to be overdue for POI collection.
CollectPoi.QueryBatchSize Defines the threshold on which a query is sent to the agent.
CollectPoi.QueryTimeoutInMinutes Sets the amount of time before a POI query expires.
CollectPoi.QueryUpperBound Defines the maximum number of resources to be returned from a POI query.
Table 18: Custom host parameters
Configuration setting Description

additionalOperatingSystems

Allows you to specify additional operating systems so that those hosts can be added as generic managed hosts

In addition to the server, POI collection, and self-service settings listed above, you will find the following settings in the Data Governance service configuration file:

additionalOperatingSystems

This parameter allows you to specify additional operating systems so that those hosts can be added as generic managed hosts.

NOTE: Generic Managed Host functionality is meant to allow for the scanning of SMB shares and subfolers that are hosted on servers on an Active Directory joined computer. In order to be a Generic Managed Host, the server must be synchronized into the ADSMachine table, with the ADSMachine.DNSHostName set.
Table 19: Configuration setting: additionalOperatingSystems
Configuration file %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\DataGovernanceEdition.Service.exe.config
Section name <customHostParameters>
Setting

<customHostParameters>

  <additionalOperatingSystems>

    <!--<operatingSystem value="<MyOperatingSystem"/>-->

  </additionalOperatingSystems>

</customHostParameters

Value

When the operatingSystem line is left as is (as a comment), Data Governance Edition does not recognize unsupported host types and therefore they can not be added as a generic managed host.

When the operatingSystem line is no longer commented out and you specify the operating system for the hosts you want to manage, they will appear as an Unknown host type in the Managed host view which can then be added as a generic managed host.

How to modify

If you do not see the host you want to manage listed in the Managed host view, edit this parameter as follows:

  • Remove the commented operatingSystem line and replace it with a line that specifies the operating system value for the host you want to manage. That is, the string found in the ADSMachine.OperatingSystem field. For example, if the host you want to manage has the operating system field "My OS", edit this setting as follows:

    <customHostParameters>

      <additionalOperatingSytems>

        <operatingSystem value="My OS"/>

      </additionalOperatingSystems>

    </customHostParameters>

    This will include all machines that contain the string "My OS" in its operating system field.

  • If you want to specify an exact match, include the isExact parameter as follows:

    <customHostParameters>

      <additionalOperatingSytems>

        <operatingSystem value="My OS" isExact="true"/>

      </additionalOperatingSystems>

    </customHostParameters>

All of the hosts found using this filter will now appear in the Managed hosts view as Unknown host type.

AgentLeaseRenewPeriod

This key defines the refresh rate (in minutes) at which the server checks for expired agent leases. This key is used by the AgentLeaseManager internal service that handles agent lease management.

Table 20: Configuration setting: AgentLeaseRenewPeriod
Configuration file %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\DataGovernanceEdition.Service.exe.config
Section name <appSettings>
Setting <add key ="AgentLeaseRenewPeriod" value="5"/>
Value

Default: 5 minutes

How to modify Replace the value as required.

CollectPoi.CheckFrequencyInMinutes

This key defines the frequency (in minutes) at which the server checks for stale points of interest (POI) information. This key is used by the InfrastructureManagement internal service that handles general infrastructure management, including contacting the agent to retrieve POI information on governed resources.

Table 21: Configuration setting: CollectPoi.CheckFrequencyInMinutes

Configuration file

%ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\DataGovernanceEdition.Service.exe.config

Section name

<appSettings>

Setting

<add key ="CollectPoi.CheckFrequencyInMinutes" value="10"/>

Value

Default: 10 minutes

How to modify

Replace the value as required.

Verwandte Dokumente