Chat now with support
지원 담당자와 채팅

Identity Manager Data Governance Edition 8.1.1 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QPerceivedOwnerPol

Retrieves the name of the perceived owner for the specified governed resource. You can then use the calculated perceived owners to identify potential business owners for data within your environment.

Syntax:

Get-QPerceivedOwnerPoI [-GovernedDataId] <String> [<CommonParameters>]

Table 231: Parameters
Parameter Description
GovernedDataId

Specify the ID (GUID format) of the governed resource whose perceived owner information you want to identify.

NOTE: Run the Get-QDataUnderGovernance cmdlet to retrieve a list of governed resources and their associated IDs (UID_QAMDuG value) for a specific managed host.
Examples:
Table 232: Examples
Example Description

C:\PS>$resources = Get-Content 'C:\Resources.txt'

foreach($resource in $resources)

{

   try

   {

      $governed = Get-QDataUnderGovernance $resource

      if($governed)

      {

         $perceivedOwner = Get-QPerceivedOwnerPoI $governed.UID_QAMDuG

         $resource += ';'

         $resource += $perceivedOwner.EmployeeId

         Add-Content 'c:\PerceivedOwnerResource.txt' $resource

      }

      else

      {

         $resource += ';'

         $resource += 'Resource Not Governed'

          Add-Content 'c:\PerceivedOwnerResource.txt' $resource

      }

   }

   catch

   {

      Writestatus $_

   }

}

Returns the perceived owner information for a governed resource with the specified id.

This PowerShell script takes a list of governed resources and returns the perceived owner for each.

Details retrieved:
Table 233: Details retrieved
Detail Description (Associated key or property in QAMPoIPerceivedOwner table)
EmployeeName The name of the perceived owner (employee) for the governed resource.
EmployeeId The value (GUID) assigned to the perceived owner (employee).
TrusteeName The name of the account that initiated the operation.
TrusteeId The value (GUID) assigned to the trustee (UID_QAMTrustee).
TrusteeXObjectKey The value (<Key>) assigned to the account.
TrusteeType

The type of account.

Get-QSelfServiceClientConfiguration

Returns the options available for self-service requests within the IT Shop.

Syntax:

Get-QSelfServiceClientConfiguration [<CommonParameters>]

Examples:
Table 234: Examples
Example Description
Get-QSelfServiceClientConfiguration Returns the self-service client configuration information.
Details retrieved:
Table 235: Details retrieved
Detail Description
AllowNonPublishedGroups Indicates whether groups that have not been published to the IT Shop are allowed for self-service access requests.
AllowUnsynchronizedGroups Indicates whether groups that have not been synchronized with One Identity Manager are allowed for self-service access requests.
MaximumMethodsCount The maximum number of groups returned from a call to the Get-QSelfServiceMethodsToSatisfyRequest, which returns the groups that satisfy a resource access request.
EnableSelfServiceAccessRequest Indicates whether self-service access requests are enabled in the IT Shop.

Get-QSelfServiceMethodsToSatisfyRequest

Returns the group membership that satisfies a resource access request. Use this command to simulate the "best fit" calculation to see what groups are returned if you request read or read and write access to a specific resource.

Note: This PowerShell cmdlet does not support NFS or Cloud resources (since these types of resources cannot be published to the IT Shop).

Syntax:

Get-QSelfServiceMethodsToSatisfyRequest [-Path] <String> [-DomainName] <String> [-ActionIdentifier] <String> [[-ClientCulture] [<String>]] [[-ResourceTypeString] [<String>]] [<CommonParameters>]

Table 236: Parameters
Parameter Description
Path Specify the path of the resource.
DomainName Specify the name of the domain where the resource is located.
ActionIdentifier

Specify the type of self-service action:

  • RequestReadAccess: Use this option if you want read access to items within a folder.
  • RequestChangeAccess: Use this option if you want read and write access to items within a folder.
ClientCulture (Optional) Set the client culture.
ResourceTypeString

(Optional) Specify the type of resource for which to request access:

  • NTFS\Folder
  • NTFS\File
  • Windows\Computer\Share
  • SharePoint\Site
  • SharePoint\Folder
  • SharePoint\List
  • SharePoint\ListItem
  • SharePoint\ResourceItem
Examples:
Table 237: Examples
Example Description
Get-QSelfServiceMethodsToSatisfyRequest -Path "\\2K8RDJSQL\CS\Test Data\Email_Addresses.txt" -DomainName VMSET6 -ActionIdentifier "RequestReadAccess" -ResourceTypeString NTFS\File Returns the groups that satisfy the "RequestReadAccess" request for a NTFS/File.

Remove-QDataUnderGovernance

Removes a resource from governance, and if published to the IT Shop, removes it from the IT Shop.

Syntax:

Remove-QDataUnderGovernance [-ResourceUri] <String> [<CommonParameters>]

Table 238: Parameters
Parameter Description
ResourceUri

Specify the Uri of the resource to be removed from governance.

Use the following format for files and folders: "\\MACHINE\DRIVELETTER$\PathToResource".

NOTE: If you are having trouble with SharePoint paths, use the Resource browser (in the Manager) to copy the SharePoint path.
Examples:
Table 239: Examples
Example Description
Remove-QDataUnderGovernance -ResourceUri "\\2k8r2djsql\C$\Test Data" Removes an NTFS resource from governance.

Remove-QDataUnderGovernance -ResourceUri "sp://titan/6d338b7c-79cc-4b99-a1d0-47641cc0cebc/42d1bc72-8754-4b7d-8bac-0be07d07e8f2/faa56136-6317-4c31-9e90-649347df4bed/DerekSite/Shared%20Documents/My%20SharePoint%20Doc.txt"

Removes a SharePoint resource from governance.

관련 문서