Return
-
Title
Permissions to view "Governed Data" in IT Shop -
Description
What permissions are required so that a logged in Employee may see "Governed Data" under My Responsibilities in IT Shop? -
Resolution
Please note that items under governance (Governed data) will not appear in IT Shop unless they have been published to IT Shop:
- Select the relevant object in Data Governance | Governed data and under "Tasks" select "Publish to IT Shop"
From the "Business Role" tab on the master data for a governed item, either an application role, Owner (Application Role), or Employee, Owner (Employee), can be assigned. If assigning a role, note that any Employee assigned this role can be responsible for attestations or access requests.
If assigning a custom application role for the Owner, be sure that the permissions are sufficient to allow for viewing of the objects in IT Shop. Specifically, "view" permission on the QAMDuG table, as well as the QAMTrustee (Access) table. Ensure that the table and all columns are viewable for the permissions group assigned to the role.
For more information on assigning permissions, please refer to the Configuration Guide, Editing Permissions for One Identity Manager Schema Tables and Columns.
Note that the default application roles are assigned to the data governance tables (QAMDuG, QAMTrustee, etc.) by default.