Chatta subito con l'assistenza
Chat con il supporto

Identity Manager Data Governance Edition 9.2 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QFileSystemSearchResults

Search an NTFS folder or share for files. Using this command, you can search multiple data roots at once.

Syntax:

Get-QFileSystemSearchResults [-SearchRoots] <String[]> [-SearchTerm] <String> [[-ItemsRequested] [<Int32>]] [<CommonParameters>]

Table 214: Parameters
Parameter Description
SearchRoots

Specify a string array of NTFS roots to search.

SearchTerm

Specify the string that contains the search term.

You can use the * wildcard character to search for resources. For example, enter Finance* to return all resources with a name that begins with Finance, *.txt to return all resources that end with .txt, and *Fin* to return all resources that contain "Fin".

ItemsRequested (Optional) Specify the number of items you would like returned.
Examples:
Table 215: Examples
Example Description
Get-QFileSystemSearchResults -SearchRoots "\\2K8R2DJSQL\C$\Test Data" -SearchTerm "*.txt" Finds files with the .txt extension in the specified directory.
Details retrieved:

The following details are returned for each file system resource found in the specified directory that matched the specified search term.

Table 216: Details retrieved
Detail Description
Path The full path of the file system resource.
DuGPath

The path used for data under governance operations.

This will always be empty when shown from the cmdlet; however, it is used elsewhere in the application.

ManageHostId The ID (GUID format) of the managed host where the file system resource resides.
ResourceType

The type of resource.

Properties

Properties assigned to the file system resources (such as Attributes, Reserved, FileSize, LastModified).

These are the properties you see in the Resource browser.

Get-QHostResourceActivities

Returns a list of the resource IDs associated with operations performed against a managed host during a given time frame.

Note: This PowerShell cmdlet does not support Cloud managed hosts.

Syntax:

Get-QHostResourceActivities [[-ManagedHostId] [<String>]] [[-StartTime] [<DateTime>]] [[-EndTime] [DateTime>]] [[-HostType] [<String>]] [<CommonParameters>]

Table 217: Parameters
Parameter Description
ManagedHostId

(Optional) Specify the ID (GUID format) of the managed host to be retrieved.

Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of managed hosts and associated IDs.

StartTime

(Optional) Specify the start date and time, which means you will only see activity information from that time forward.

Specify the start time in (UTC) form: "23/01/2015 10:36:30 PM"

EndTime

(Optional) Specify the end date and time, which means you will only see activity information before that time.

Specify the end time in (UTC) form: "23/01/2015 10:37:30 PM"

HostType

(Optional) Specify the type of host to be included in the results:

  • WindowsServer
  • OnTapDevice
  • CelerraDevice
  • SharePointFarm
  • DistributedFileSystemRoot
  • IsilonDevice
  • IsilonNfsDevice
  • OnTapNfsDevice
  • OnTapClusterNtfsDevice
  • OnTapClusterCifsDevice

When no host type is specified, all host types are included in the results.

NOTE: Resource activity collection is not available for Windows Cluster/Remote Windows or Generic host types.

Examples:
Table 218: Examples
Example Description
Get-QHostResourceActivities Returns a list of all activity and associated resource IDs for all activity found in the resource activity database.
Get-QHostResourceActivities -ManagedHostId "c0bc3da4-f660-4e18-8b14-a945c7a6be69" Returns a list of all activity and associated resource IDs for all host types on the specified managed hosts.
Get-QHostResourceActivities -ManagedHostId "c0bc3da4-f660-4e18-8b14-a945c7a6be69" -HostType "WindowsServer" Returns activity information on the specified managed host, including only operations against Windows Servers.
Details retrieved:

For each operation performed, the following details are returned:

Table 219: Details retrieved
Detail Description
NodeId The ID used to link the activity database to the QAMNode table. (AuditNodeId in QAMNode table.)
ManagedHostId The ID (GUID) of the managed host reporting the operation.
ManagedHostName The name of the managed host reporting the operation.
ResourceId The ID assigned to the operation that was performed.
ParentResourceId Shows which resource in the activity database is the parent.
ResourcePath For file system resources, the full path of the resource
SharePointPath For SharePoint resources, the full path of the resource
TypeResource

The type of resource.

Operation

The type of operation that was performed against the resource:

  • Create
  • Delete
  • Read
  • Rename
  • Security change
  • Write
StartTime The start date and time for collecting resource activity. Activity is stored in 'time spans'.
EndTime The end date and time for collecting resource activity. Activity is stored in 'time spans'.
TrusteeType The type of account that initiated the operation.
TrusteeName The name of the user who initiated the operation.
TrusteeSid The security identifier (SID) of the user who initiated the operation.
AuditTrusteeId The ID associated with the account that performed the operation. (UID_QAMTrustee in QAMTrustee table.)
AccessCount The number of times the operation occurred during the aggregation interval.

Get-QPerceivedOwners

Calculates the perceived owners for a resource. You can use this information to determine the true business owners and custodian for data.

Note: The perceived owner for data is calculated from the resource activity history or security information collected by Data Governance Edition. Activity is collected based on the aggregation time span settings and recorded in the Data Governance Resource Activity database.

Syntax:

Get-QPerceivedOwners [-ResourcePath] <String> [-ResourceType] <QAM.Common.Interfaces.ResourceType> [[-NumberOfOwners] [<Int32>]] [<CommonParameters>]

Table 220: Parameters
Parameter Description
ResourcePath

Specify the full path to the resource whose perceived ownership information is to be queried.

For cloud resources, enter the path using the following format: //HostName/root/{path}

ResourceType

Specify the type of resource being queried. Valid values are:

  • NTFS\Folder
  • NTFS\File
  • Windows Computer\Share
  • Windows Computer\Local User Rights
  • Windows Computer\Operating System Administrative Rights
  • Data Governance\Application Deployment
  • Service Identities\Windows Service Identity
  • SharePoint\ResourceItem
  • SharePoint\WebApplication
  • SharePoint\SiteCollection
  • SharePoint\Site
  • SharePoint\List
  • SharePoint\Folder
  • SharePoint\ListItem
  • DFS\Link
  • NFS\Folder
  • NFS\File
  • Cloud\Folder
NumberOfOwners (Optional) Specify the number of potential owners to return.
Examples:
Table 221: Examples
Example Description

Get-QPerceivedOwners -ResourcePath "\\2K8R2DJSQL\C$\Test Data" -ResourceType NTFS\Folder

Calculates and returns the perceived owners for the specified NTFS resource.

Get-QPerceivedOnwers -ResourcePath "//DGEPROD.ONMICROSOFT.COM (SHAREPOINT)/root/Site Contents/Documents/Doc1" -ResourceType Cloud\Folder

Calculates and returns the perceived owners for the specified cloud resource.
Details retrieved:
Table 222: Details retrieved
Detail Description
TrusteeName The name of the account returned as a result of the perceived owner calculations.
TrusteeSid The security identifier (SID) of the account (trustee).
TrusteeType The type of account.
TotalOperationWeight The activity weight assigned to the account based on the operations performed during the specified time.
UseCount The number of times the account accessed the resource during the specified time frame.

Get-QResourceAccess

Retrieves the security information for selected resources from a specific managed host, and child objects whose security differs from the parent. You can retrieve file, folder, share, administrator rights, local operating system rights, and service identity rights.

TIP: This cmdlet is used with the Export-QResourceAccess cmdlet that exports the saved results.

Syntax:

Get-QResourceAccess [-ManagedHostId] <String> [-ResourceType] <QAM.Client.PowerShell.ResourceAccessQueryResourceType> [[-Resources] [<String []>]] [-ExcludeSubObjectDeviations [<SwitchParameter>]] [<CommonParameters>]

Table 223: Parameters
Parameter Description
ManagedHostId

Specify the ID (GUID format) of the managed host that you would like to see access information on.

Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.

ResourceType

Specify the type of rights you would like to see resource access information for. Valid values are:

  • NTFS\Folder
  • NTFS\File
  • Windows Computer\Share
  • Windows Computer\Local User Rights
  • Windows Computer\ Operating System Administrative Rights
  • Data Governance\Application Deployment
  • Service Indentities\Windows Service Identity
  • SharePoint\ResourceItem
  • SharePoint\WebApplication
  • SharePoint\SiteCollection
  • SharePoint\Site
  • SharePoint\Link
  • SharePoint\Folder
  • SharePoint\ListItem
  • DFS\Link
  • NFS\Folder
  • NFS\File
  • Cloud\Folder
Resources

(Optional) Specify the specific resource you would like to see resource access information for. This parameter only applies to files, folders or shares.

To get file and folder security information, specify the network path for remote managed hosts or the local path for local managed hosts.

To get share security information, specify the share name only.

ExcludeSubObjectDeviations (Optional) Specify this parameter to only return the security data for the root objects specified. If this parameter is not specified, the cmdlet returns security information for children below the roots where security differs from the parent.
Examples:
Table 224: Examples
Example Description

C:\PS>$resourceAccess = Get-QResourceAccess -ManagedHostId 973c7042-c413-45fb-9f52-057c64d4f8aa -ResourceType NTFS\Folder -Resources "C:\Test1","C:\Test2"

C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv"

Get file/folder access (local managed host): Retrieves resource access (folder security) for the two folders "C:\Test1" and "C:\Test2" that are located on a local managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet

C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType NTFS\Folder "\\MachineName\C$\Test1","\\MachineName\C$\Test2"

C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv"

Get file/folder access (remote managed host: Retrieves resource access (folder security) for the two folders "\\MachineName\C$\Test1" and "\\MachineName\C$\Test2" that are located on a remote managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet.

C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f8aa -ResourceType "Windows Computer\Share" -Resources "ShareName"

C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv"

Get share access: Retrieves resource access (share security) for the specified share. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet.

C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Service Identities\Windows Service Identity" -Resources "Dhcp"

C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv"

Get service identities: Retrieves resource access (entire host) for the security identities on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet.

C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Windows Computer\Local User Rights"

C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv"

Get local operating system rights: Retrieves resource access (entire host) for the OS rights on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet.

C:\PS>$resourceAccessInfo = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Windows Computer\Operating System Administrative Rights"

C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv"

Get administrator rights: Retrieves resource access (entire host) for the admin rights on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet.
Details retrieved:

The most useful information retrieved is the security descriptor details for the specified resource.

Table 225: Details retrieved
Detail Description
RootResources

RootResources is an array that can be expanded to display the following information:

  • Id
  • RootId
  • Uri
  • DisplayName
  • PropertiesString
  • ResourceSecurityDescriptor
  • ResourceType
  • Children
RootResources.ResourceSecurityDescriptor

ResourceSecurityDescriptor under the RootResource parameter is an array that can be expanded to display the following information:

  • BlockedSecurityInheritance
  • BlockedAuditingInheritance
  • InvalidSecurity
  • NullSecurity
  • BinarySecurityDescriptor
  • AceList
  • ResourceType
  • SHA1Hash
RootResources.ResourceSecurityDescriptor.AceList

AceList under the ResourceSecurityDescriptor parameter is an array that can be expanded to display the following information for each ACE:

  • Rights
  • RightType
  • Inheritance
  • AppliesTo
  • AceTrustee
  • RawRights
  • Explicit
RootResources.ResourceSecurityDescriptor.AceList.AceTrustee

AceTrustee under the AceList parameter is an array that can be expanded to display the following information for each account:

  • Name
  • Sid
  • SidType
  • AuditTrusteeId
  • UID_QAMTrustee
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione