Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager Data Governance Edition 8.1.5 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QSelfServiceClientConfiguration

Returns the options available for self-service requests within the IT Shop.

Syntax:

Get-QSelfServiceClientConfiguration [<CommonParameters>]

Examples:
Table 237: Examples
Example Description
Get-QSelfServiceClientConfiguration Returns the self-service client configuration information.
Details retrieved:
Table 238: Details retrieved
Detail Description
AllowNonPublishedGroups Indicates whether groups that have not been published to the IT Shop are allowed for self-service access requests.
AllowUnsynchronizedGroups Indicates whether groups that have not been synchronized with One Identity Manager are allowed for self-service access requests.
MaximumMethodsCount The maximum number of groups returned from a call to the Get-QSelfServiceMethodsToSatisfyRequest, which returns the groups that satisfy a resource access request.
EnableSelfServiceAccessRequest Indicates whether self-service access requests are enabled in the IT Shop.

Get-QSelfServiceMethodsToSatisfyRequest

Returns the group membership that satisfies a resource access request. Use this command to simulate the "best fit" calculation to see what groups are returned if you request read or read and write access to a specific resource.

Note: This PowerShell cmdlet does not support NFS or Cloud resources (since these types of resources cannot be published to the IT Shop).

Syntax:

Get-QSelfServiceMethodsToSatisfyRequest [-Path] <String> [-DomainName] <String> [-ActionIdentifier] <String> [[-ClientCulture] [<String>]] [[-ResourceTypeString] [<String>]] [<CommonParameters>]

Table 239: Parameters
Parameter Description
Path Specify the path of the resource.
DomainName Specify the name of the domain where the resource is located.
ActionIdentifier

Specify the type of self-service action:

  • RequestReadAccess: Use this option if you want read access to items within a folder.
  • RequestChangeAccess: Use this option if you want read and write access to items within a folder.
ClientCulture (Optional) Set the client culture.
ResourceTypeString

(Optional) Specify the type of resource for which to request access:

  • NTFS\Folder
  • NTFS\File
  • Windows\Computer\Share
  • SharePoint\Site
  • SharePoint\Folder
  • SharePoint\List
  • SharePoint\ListItem
  • SharePoint\ResourceItem
Examples:
Table 240: Examples
Example Description
Get-QSelfServiceMethodsToSatisfyRequest -Path "\\2K8RDJSQL\CS\Test Data\Email_Addresses.txt" -DomainName VMSET6 -ActionIdentifier "RequestReadAccess" -ResourceTypeString NTFS\File Returns the groups that satisfy the "RequestReadAccess" request for a NTFS/File.

Remove-QDataUnderGovernance

Removes a resource from governance, and if published to the IT Shop, removes it from the IT Shop.

Syntax:

Remove-QDataUnderGovernance [-ResourceUri] <String> [<CommonParameters>]

Table 241: Parameters
Parameter Description
ResourceUri

Specify the Uri of the resource to be removed from governance.

Use the following format for files and folders: "\\MACHINE\DRIVELETTER$\PathToResource".

TIP: If you are having trouble with SharePoint paths, use the Resource browser (in the Manager) to copy the SharePoint path.

Examples:
Table 242: Examples
Example Description
Remove-QDataUnderGovernance -ResourceUri "\\2k8r2djsql\C$\Test Data" Removes an NTFS resource from governance.

Remove-QDataUnderGovernance -ResourceUri "sp://titan/6d338b7c-79cc-4b99-a1d0-47641cc0cebc/42d1bc72-8754-4b7d-8bac-0be07d07e8f2/faa56136-6317-4c31-9e90-649347df4bed/DerekSite/Shared%20Documents/My%20SharePoint%20Doc.txt"

Removes a SharePoint resource from governance.

Set-QBusinessOwner

Set the business owner of a resource under governance.

Note: This command only works for resources that have previously been placed under governance.

Syntax

Set-QBusinessOwner [-ManagedHostId] <String> [[-ResourceUri] [<String>]] [[-SetAllResources] [<Boolean>]] [[-EmployeeName] [<String>]] [[-EmployeeId] [<String>]] [-OwnerRoleFullPath] [<String>]] [[-OwnerRoleId] [<String>]] [[-Justificaiton] [<String>]] [<CommonParameters>]

Table 243: Parameters
Parameter Description
ManagedHostId Specify the ID (GUID format) of the managed host where the governed resource resides.

ResourceUri

-OR-

SetAllResources

Specify one of the following parameters to specify the governed resource that is to be assigned a business owner:

  • ResourceUri: Use this parameter to set the business owner for a single governed resource. Enter the resource's full path.

    For example (to specify a share): -ResourceURI "\\dgefs\a1"

    For example (to specify a NTFS folder): -ResourceURI "\\dgefs\D$\al"

  • SetAllResources: Use this parameter to set the same business owner to all governed resources on the specified managed host. Set this value to 1.

    For example: -SetAllResources 1

NOTE: You must specify one of these parameters to specify the governed resource. Do NOT specify more than one of these parameters or you will receive an error when running the PowerShell command.

EmployeeName

-OR-

EmployeeId

-OR-

OwnerRoleFullPath

-OR-

OwnerRoleId

Specify one of the following parameters to define the business owner to be assigned:

  • EmployeeName: Specify the name of the employee to be assigned as the business owner.

    For example: -EmployeeName "user6 test, user6"

  • EmployeeId: Specify the ID (GUID format) of the employee to be assigned as the business owner.

    For example: -EmployeeId 3dd99328-e971-4bcf-989e-9a482871e9e9

  • OwnerRoleFullPath: Specify the full path of a One Identity Manager application role if you want all employees in the selected role to be the business owner.

    For example: -OwnerRoleFullPath "Data Governance\All Business Owner Roles\Finance Owners"

  • OwnerRoleId: Specify the ID (GUID format) of a One Identity Manager application role if you want all employees in the selected role to be the business owner.

    For example: -OwnerRoleId 50b8b7b8-6670-4e35-bd3b-f6f64a281364

NOTE: You must specify one of these parameters to define the business owner. Do NOT specify more than one of these parameters or you will receive an error when running the PowerShell command.

Justification (Optional) Enter a reason for setting the business owner.
Examples
Table 244: Examples
Example Description
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -EmployeeName "user6 test, user6" Sets the business owner for a single resource, using the employee's name.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -EmployeeId 3dd99328-e971-4bcf-989e-9a482871e9e9 Sets the business owner for a single resource, using the employee's ID.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -OwnerRoleId 50b8b7b8-6670-4e35-bd3b-f6f64a281364 Sets the business owner for a single resource, using an application role ID. All employees assigned to this role are considered the business owner.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -OwnerRoleFullPath Data "overnance\All Business Owner Roles\Finance Owners" Sets the business owner for a single resource, using an application role path. All employees assigned to this role are considered the business owner.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -EmployeeName "user6 test, user6" Sets the business owner for all governed resources on the specified managed host, using the employee's name.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -EmployeeId 3dd99328-e971-4bcf-989e-9a482871e9e9 Sets the business owner for all governed resources on the specified managed host, using the employee's ID.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -OwnerRoleId 50b8b7b8-6670-4e35-bd3b-f6f64a281364 Sets the business owner for all governed resources on the specified managed host, using an application role ID. All employees assigned this role are considered the business owner.

Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -OwnerRoleFullPath Data "overnance\All Business Owner Roles\Finance Owners"

Sets the business owner for all governed resources on the specified managed host, using an application role path. All employees assigned this role are considered the business owner.
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation