Chat now with support
Chat mit Support

Identity Manager Data Governance Edition 9.2.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QIndexedTrustees

Retrieves all of the entries from the QAMTrustees table who are also listed within the QAMSecurityIndex table, denoting an indexed trustee.

Syntax:

Get-QIndexedTrustees [-TrusteeName [<String>]] [-Domain [<String>]] [<CommonParameters>]

Table 205: Parameters
Parameter Description
TrusteeName

(Optional) Specify the name of the trustee to be searched.

If this parameter is not specified, all indexed trustees are returned.

Domain

(Optional) Specify the domain of the trustee to be searched.

If this parameter is not specified, all domains are queried to locate indexed trustees.

Examples:
Table 206: Examples
Example Description
Get-QIndexedTrustees -TrusteeName Administrator -Domain MyDomain

Retrieves all indexed accounts from the QAMTrustees table where the account name is Administrator and the domain is MyDomain.

Details retrieved:
Table 207: Details retrieved
Detail Description
Sid The security identifier (SID) assigned to the account.
PreWindows2000Name The logon name (Pre-Windows 2000) of the Active Directory account.
Domain The name of the domain where the account resides.
TrusteeType The type of trustee (account).

Resource access management

A key challenge in improving data governance is keeping track of permissions within your environment. To ensure that data is secured in a manner that meets your business needs, you must be able to easily identify who has been given access and manage that access appropriately.

The following commands are available to you to manage resource access. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.

Table 208: Resource access management commands

Use this command

If you want to

Export-QResourceAccess

Export the security information on a selected resource.

For more information, see Export-QResourceAccess.

Get-QChildResources

View the resources contained in a specific root on a managed host. You can use this to enumerate the contents of remote folders and shares.

In particular, it would be similar to the standard Windows PowerShell Get-ChildItems cmdlet but it functions using the Data Governance server as a proxy, so the client machine does not necessarily need direct access to the target machine.

For more information, see Get-QChildResources.

NOTE: This PowerShell cmdlet does not support Cloud managed hosts.

Get-QFileSystemSearchResults

Search an NTFS folder or share for files. Using this command, you can search multiple data roots at once.

For more information, see Get-QFileSystemSearchResults.

Get-QHostResourceActivities

Retrieve a list of the operations, including the resource ID assigned to each operation, performed against a managed host during a given time frame.

For more information, see Get-QHostResourceActivities.

NOTE: This PowerShell cmdlet does not support Cloud managed hosts.

Get-QPerceivedOwners

Calculate the perceived owners for a resource. This information can help to determine the true business owners and custodian for data.

NOTE: The perceived owner for data is calculated from the resource activity history or security information collected by Data Governance Edition. Activity is collected based on the aggregation time span settings and recorded in the Data Governance Resource Activity database.

For more information, see Get-QPerceivedOwners.

Get-QResourceAccess

Retrieve the security information of selected resources from a specific managed host, and child objects whose security differs from the parent.

For more information, see Get-QResourceAccess.

Get-QResourceActivity

Retrieve the activity associated with a resource.

For more information, see Get-QResourceActivity.

NOTE: Resource activity collection (and therefore this cmdlet) is not supported for the following host types:

  • Windows Cluster/Remote Windows Computer
  • Generic Host Type
  • EMC Isilon NFS Device
  • SharePoint Online
  • OneDrive for Business

Get-QResourceSecurity

View the security on a given resource in the SSDL format.

For more information, see Get-QResourceSecurity.

Set-QResourceSecurity

Set security on a given resource.

NOTE: The existing security descriptor is completely replaced.

For more information, see Set-QResourceSecurity.

Export-QResourceAccess

Exports the security information on a selected resource to a .CSV file.

TIP: This cmdlet is used with the Get-QResourceAccess cmdlet that generates the results to be exported.

Syntax:

Export-QResourceAccess [-ResourceAccessResults] <QAM.Common.Interfaces.ResourceAccessQueryResults> [-OutputPath] <String> [[-DisplayInheritedSecurity] [<SwitchParameter>]] [[-OptimizeForExcel] [<SwitchParameter>]] [<CommonParameters>]

Table 209: Parameters
Parameter Description
ResourceAccessResults Specify the results of a resource access query (Get-QResourceAccess).
OutputPath Specify the path to the location on disk where the access results is to be written.
DisplayInheritedSecurity

(Optional) Specify this parameter if child objects with security exactly the same as the parent should be shown.

  • If the parameter is specified without a value, set to $true and show child objects.

  • If the parameter is not specified, set to $false and do not show child objects.

OptimizeForExcel

(Optional) Specify this parameter if you want to export the output to Microsoft Excel.

  • If the parameter is specified without a value, set to $true and export to Excel.

  • If the parameter is not specified, set to $false and do not export to Excel.

Examples:
Table 210: Examples
Example Description

C:\PS># get host id

Get-QManagedHost

# get the access for the resource

$resourceAccess = Get-QResourceAccess -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 -ResourceType NTFS\Folder -Resources "C:\Test Data"

# export the results

Export-QResourceAccess -ResourceAccessResults $resourceAccess -OutputPath "C:\"

Exports the results of a resource access query.

Get-QChildResources

Retrieves the resources contained in a specify root on a managed host. You can use this information to enumerate the contents of remote folders and shares.

Note: The cmdlet is similar to the standard Windows PowerShell Get-ChildItems cmdlet, but it functions using the Data Governance server as a proxy. Therefore, the client machine does not require direct access to the target machine.

Syntax:

Get-QChildResources [-ManagedHostId] <String> [-ResourcePath] <String> [[-ResType] [QAM.Client.PowerShell.GetChildResourcesCmdlet+QueryResourceType]] [<CommonParameters>]

Table 211: Parameters
Parameter Description
ManagedHostId

Specify the ID (GUID format) of the managed host to be queried.

Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.

ResourcePath Specify the path to the root resource.
ResType

(Optional) Specify the type of resource to be located. Available types include:

  • CloudFiles
  • CloudFolders
  • Files
  • Folders
  • Shares
  • LocalOSRights
  • AdminRights
  • ServiceIdentities
  • SharePoint

If this parameter is not specified, all resource types are returned.

Examples:
Table 212: Examples
Example Description
Get-QChildResources -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 -ResourceId "\\2k8rdjsql\Test Data" -ResType Folders Retrieves a list of the child resources on the specified managed host.
Details retrieved:
Table 213: Details retrieved
Detail Description
Path The full path of the child resource.
DuGPath

The path used for data under governance operations.

This will always be empty when shown from the cmdlet; however, it is used elsewhere in the application.

ManagedHostId The value (GUID) assigned to the managed host where the resource is located.
ResourceType The type of child resource.
Properties

The properties of the child resource (such as name, date last modified, file size).

These are the properties you see in the Resource browser.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen