サポートと今すぐチャット
サポートとのチャット

Identity Manager Data Governance Edition 9.2.1 - User Guide

One Identity Manager Data Governance Edition User Guide Data Governance node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting EMC, NetApp Filer, and SharePoint configuration details PowerShell commands Governed data attestation policies Governed data company policies Governed data risk index functions

Managing resources under governance

Once a resource has been placed under governance, you can view details, assign a business owner, and publish the resource to the IT Shop.

Note: If you rename or move a resource, the data governance system considers this a new resource that needs to be governed. The original governed resource is marked as "stale". To rectify this, you need to search for the resource in question and place it under governance again.

Also, any associated business ownership that existed needs to be recreated on the new resource.

Related Topics

Governed data view

Managing governed data details

Managing business ownership for a resource

Publishing resources to the IT Shop

Managing governed data details

From the Governed data view you can modify the properties assigned to a governed resource, assign a business owner to a governed resource, and publish a governed resource to the IT Shop.

To manage governed resources

  1. In the Manager, open the Governed data view.

    • From the Data Governance navigation view, select Governed data.
    • From the Managed hosts view, navigate to the required managed host, select Governed data from the Tasks view or right-click menu.
  2. Select the required resource, and select Change governed resource master data in the Tasks view or right-click menu.

    The General tab displays the resource information, including:

    • Display Name: Displays the display name of the governed resource.
    • Governed Data: Displays the network path and name of the governed data.
    • Resource Type: Displays the type of resource.
    • Last collected: Displays the last time the resource security information (and that of its children) was synchronized and included in the One Identity Manager database.
    • Available in IT Shop: A check in this check box indicates that the resource is available through the IT Shop.

      Note: Select this check box to publish the resource to the IT Shop. For details, see the One Identity Manager Data Governance Edition IT Shop Resource Access Requests User Guide or Publishing resources to the IT Shop.

    • Publishing date: Displays the date (UTC) when the resource was published to the IT Shop.
    • Date Governed: Displays the date the data was placed under governance.
    • No longer found: A check in this check box indicates that the resource was renamed or deleted.

      Note: A resource is deemed stale if it has not been scanned by any of your agents or if the resource has been moved or renamed.

    • Comments: Displays comments entered about the governed data.
    • Risk Index (calculated): Displays the calculated risk of all assignments to this data.

      For a list of the governed data risk index functions provided with Data Governance Edition, see Governed data risk index functions

      Note: Before risk calculations can be performed on governed data, the required schedule must be enabled. In the Designer, select Base Data | General | Schedules and enable Calculate risk indexes of governed data. For more information, see the One Identity Manager Risk Assessment Administration Guide.

  3. Select the Business Owner tab to assign an owner for the resource or modify the current owner.

    • Owner (Application role): If ownership is assigned to an application role, this displays the name of the role.
    • Owner (Employee): If ownership is assigned to an employee, this displays the name of the employee.
    • Justification: Displays descriptive text entered as justification for assigning the owner to the resource.
    • Date ownership set: Displays the date the owner was last set.
    • Ownership set by: Displays the user who set the ownership to its current owner.
    • Requires ownership: Indicates whether the resource must be assigned a business owner.

    For more information, see Managing business ownership for a resource.

  4. Click the Save toolbar button to save your changes.

Related Topics

Governed data view tasks

Removing resources from governance

Removing a resource from governance, also removes it from the IT Shop.

To remove a resource from governance

  1. In the Manager, navigate to the required managed host. For example, select the required managed host from the Managed hosts view.
  2. Open the Resource browser or the Governed data view.
  3. Locate and select the required resource and select the Remove resources from governance task or right-click command.
  4. Click Yes on the confirmation dialog.

Publishing resources to the IT Shop

Publishing a resource to the IT Shop makes it available for users to request access to it. It also places the resource under governance if it is not already governed.

NOTE: In order for a DFS link, target share path or folder to be placed under governance or published to the IT Shop, both the DFS server hosting the DFS namespace and the share server where the DFS link is pointing to must be added as managed hosts. If the required servers (those that contain DFS security details) are not already managed, a message box appears listing the servers that need to be added as managed hosts. Click the Add managed hosts with default options button to deploy a local agent to the servers listed in the message box and complete the selected operation. Click Cancel to cancel the selected operation and manually add the servers as managed hosts.

Each request is processed by a policy-based approval process, which determines whether access to the data can be assigned or not. Authorized persons, in this case the business owner and group owner, can approve or deny IT Shop requests. The request history also makes it possible to follow who requested what resource and when it was requested, renewed or canceled. For more information on how to make and manage resource access requests, see the One Identity Manager Data Governance Edition IT Shop Resource Access Requests User Guide.

You can quickly see all the resources that have been placed under governance and manage (add and remove) resources in the IT Shop from the Resource browser or Governed data view in the Manager.

You can publish NTFS shares and folders, and SharePoint objects from the site level and below.

NOTE: This functionality is not available for NFS managed hosts.

Note: This functionality is not available for Cloud managed hosts.

To place a resource under governance and publish it to the IT Shop

  1. In the Manager, navigate to the required resource.

    For example, to use the Resource browser:

    1. Select the required managed host from the Managed hosts view.
    2. Double-click to display the Resource browser.
    3. Double-click through the resources to locate the required resource.
  2. Select the required resource and then select the Publish to IT Shop task or right-click command.
  3. In the Publish to IT Shop confirmation dialog, confirm the display name of the selected resource and click Publish Resources.

    When placing a share under governance, you can use the backing folder security or share permissions for self-service resource access requests in the web portal. The Use backing folder security for self-service option is selected by default and uses the backing folder security for the share. Clear this option to use the share permissions for the share.

    When placing a DFS namespace under governance, select the type of security to be used:

    • Use Folder Security: This option is selected by default and uses the backing folder security for self-service resource access requests to this governed resource. The backing folder should be accessible to the Data Governance service and the Data Governance agent service.
    • Use Share Security: Select this option to use the share permissions for self-service resource access requests to this governed resource.
    • Use DFS Security: Select this option to use the DFS access-based enumeration security for self-service resource access requests to this governed resource.
  4. If the resource has not been assigned a business owner, the Business Owner wizard appears allowing you to assign ownership.
    1. On the Set Business Owner page, select to assign an application role or employee as the owner, optionally enter a justification for the ownership, and click Next.
    2. Click Finish to close the wizard.

Back in the Resource browser, "True" appears in both the Governed Resource and Published to IT Shop columns. The assigned business owner is also added to the Business Owner column. The governed resource is also added to the Governed data view.

Users are now able to request access to the resource from within the web portal and set in motion the request workflow.

To publish a governed resource to the IT Shop

  1. In the Manager, navigate to the governed resource.

    For example, to use the Resource browser:

    1. Select the required managed host from the Managed hosts view.
    2. Double-click to display the Resource browser.
    3. Double-click through the resources to locate the required resource.

    For example, to use the Governed data view.

    1. In the Data Governance navigation view, select Governed data.
    2. Locate the required resource.
  2. Locate and select the governed resource and select the Publish to IT Shop task or right-click command.
  3. In the Publish to IT Shop confirmation dialog, click Yes.
  4. If the resource has not been assigned a business owner, the Business Owner wizard appears allowing you to assign ownership.
    1. On the Set Business Owner page, select to assign an application role or employee as the owner, optionally enter a justification for the ownership, and click Next.
    2. Click Finish to close the wizard.

Back in the Resource browser and Governed data view, "True" appears in Published to IT Shop column. The assigned business owner is also added to the Business Owner column.

To remove a resource from the IT Shop

Removing a resource from the IT Shop, does not remove the item from governance. However, removing a resource from governance removes it from the IT Shop. For information on removing resources from governance, see Removing resources from governance.

  1. Open the Resource browser or Governed data view.
  2. Locate and select the required resource and then select the Unpublish from IT Shop task or right-click command.
  3. Click Yes on the confirmation dialog.
Related Topics

Restricting access to self-service resource access requests

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択