Chat now with support
지원 담당자와 채팅

Identity Manager Data Governance Edition 8.1.1 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Set-QBusinessOwner

Set the business owner of a resource under governance.

Note: This command only works for resources that have previously been placed under governance.

Syntax

Set-QBusinessOwner [-ManagedHostId] <String> [[-ResourceUri] [<String>]] [[-SetAllResources] [<Boolean>]] [[-EmployeeName] [<String>]] [[-EmployeeId] [<String>]] [-OwnerRoleFullPath] [<String>]] [[-OwnerRoleId] [<String>]] [[-Justificaiton] [<String>]] [<CommonParameters>]

Table 240: Parameters
Parameter Description
ManagedHostId Specify the ID (GUID format) of the managed host where the governed resource resides.

ResourceUri

-OR-

SetAllResources

Specify one of the following parameters to specify the governed resource that is to be assigned a business owner:

  • ResourceUri: Use this parameter to set the business owner for a single governed resource. Enter the resource's full path.

    For example (to specify a share): -ResourceURI "\\dgefs\a1"

    For example (to specify a NTFS folder): -ResourceURI "\\dgefs\D$\al"

  • SetAllResources: Use this parameter to set the same business owner to all governed resources on the specified managed host. Set this value to 1.

    For example: -SetAllResources 1

NOTE: You must specify one of these parameters to specify the governed resource. Do NOT specify more than one of these parameters or you will receive an error when running the PowerShell command.

EmployeeName

-OR-

EmployeeId

-OR-

OwnerRoleFullPath

-OR-

OwnerRoleId

Specify one of the following parameters to define the business owner to be assigned:

  • EmployeeName: Specify the name of the employee to be assigned as the business owner.

    For example: -EmployeeName "user6 test, user6"

  • EmployeeId: Specify the ID (GUID format) of the employee to be assigned as the business owner.

    For example: -EmployeeId 3dd99328-e971-4bcf-989e-9a482871e9e9

  • OwnerRoleFullPath: Specify the full path of a One Identity Manager application role if you want all employees in the selected role to be the business owner.

    For example: -OwnerRoleFullPath "Data Governance\All Business Owner Roles\Finance Owners"

  • OwnerRoleId: Specify the ID (GUID format) of a One Identity Manager application role if you want all employees in the selected role to be the business owner.

    For example: -OwnerRoleId 50b8b7b8-6670-4e35-bd3b-f6f64a281364

NOTE: You must specify one of these parameters to define the business owner. Do NOT specify more than one of these parameters or you will receive an error when running the PowerShell command.
Justification (Optional) Enter a reason for setting the business owner.
Examples
Table 241: Examples
Example Description
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -EmployeeName "user6 test, user6" Sets the business owner for a single resource, using the employee's name.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -EmployeeId 3dd99328-e971-4bcf-989e-9a482871e9e9 Sets the business owner for a single resource, using the employee's ID.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -OwnerRoleId 50b8b7b8-6670-4e35-bd3b-f6f64a281364 Sets the business owner for a single resource, using an application role ID. All employees assigned to this role are considered the business owner.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -ResourceURI "\\dgefs\a1" -OwnerRoleFullPath Data "overnance\All Business Owner Roles\Finance Owners" Sets the business owner for a single resource, using an application role path. All employees assigned to this role are considered the business owner.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -EmployeeName "user6 test, user6" Sets the business owner for all governed resources on the specified managed host, using the employee's name.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -EmployeeId 3dd99328-e971-4bcf-989e-9a482871e9e9 Sets the business owner for all governed resources on the specified managed host, using the employee's ID.
Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -OwnerRoleId 50b8b7b8-6670-4e35-bd3b-f6f64a281364 Sets the business owner for all governed resources on the specified managed host, using an application role ID. All employees assigned this role are considered the business owner.

Set-QBusinessOwner -ManagedHostId b5552078-9eef-4aa4-99dc-3b556277b3b1 -SetAllResource 1 -OwnerRoleFullPath Data "overnance\All Business Owner Roles\Finance Owners"

Sets the business owner for all governed resources on the specified managed host, using an application role path. All employees assigned this role are considered the business owner.

Set-QDataUnderGovernance

Places a resource under governance.

Syntax:

Set-QDataUnderGovernance [-ManagedHostId] <String> [-ResourceType] <String> [-ResourceUri] <String> [[-DisplayPath] [<String>]] [[-EmployeeName] [<String>]] [[-EmployeeId] [<String>]] [[OwnerRoleFullPath] [<String>]] [[-OwnerRoleId] [<String>]] [[-PublishToITShop] [<Boolean>]] [[-UseBackingFolderSecurity] [<SwitchParameter>]] [[-Reset] [<SwitchParameter>]] [[-SharePointDisplayPath] [<String>]] [[-ManagedResourceId] [<String>]] [<CommonParameters>]

Table 242: Parameters
Parameter Description
ManagedHostId

Specify the ID (GUID format) of the managed host where the resource to be placed under governance is located.

NOTE: Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.

ResourceType

Specify the type of resource to be placed under governance. Valid values include:

  • None
  • FolderType
  • ShareType
  • LocalRightType
  • AdminRightType
  • QamDeploymentType
  • WindowsServiceIdentityType
  • SharePointResourceItemType
  • SharePointWebApplicationType
  • SharePointSiteCollectionType
  • SharePointSiteType
  • SharePointListType
  • SharePointFolderType
  • SharePointListItemType
  • SharePointSiteCollectionAdminRightType
  • SharePointFarmAdminRightType
  • SharePointWebAppPolicyType
  • SharePointServiceApplicationPermissionType
  • SharePointFarmType
  • DFSLinkType
  • NFSFolderType
  • Cloud\Folder
ResourceUri

Specify the Uri for the resource to be placed under governance.

For NTFS files and folders, use the form: \\MACHINE\$DRIVELETTER\PathToResource

For SharePoint, enter the FARM GUID, Site collection GUID (that is, sp://titan/0ee296d6-dea5-4f4d-950f-27c06458cad1/57947f70-c2b0-4d76-a8b3-ac54fa5bb4ab/203a4c04-4f0e-4d6a-84a7-c2ef0a3f02e3/Dereks%20Site/Shared%20Documents/SharePoint/desktop.ini)

DisplayPath (Optional) Specify the path of the resource to be displayed in the Manager. This is useful for long paths.

EmployeeName

(Optional) Specify the name of the employee who is set as the business owner of the current governed resource.

NOTE: Specify only one of the following parameters: EmployeeName, EmployeeId, OwnerRoleFullPath, or OwnerRoleId.

EmployeeId

(Optional) Specify the ID (GUID format) of the employee who is set as the business owner of the current governed resource.

NOTE: Specify only one of the following parameters: EmployeeName, EmployeeId, OwnerRoleFullPath, or OwnerRoleId.

OwnerRoleFullPath

(Optional) Specify the full path of the application role who is set as the business owner of the current governed resource.

NOTE: Specify only one of the following parameters: EmployeeName, EmployeeId, OwnerRoleFullPath, or OwnerRoleId.

OwnerRoleId

(Optional) Specify the ID (GUID format) of the application role who is set as the business owner of the current governed resource.

NOTE: Specify only one of the following parameters: EmployeeName, EmployeeId, OwnerRoleFullPath, or OwnerRoleId.

PublishToITShop

(Optional) Specify this parameter to place the resource under governance and add it to the IT Shop.

Valid values are:

  • 0 or $false: Do not publish the resource to the IT Shop. (Default)
  • 1 or $true: Publish the resource to the IT Shop.
UsingBackingFolderSecurity

(Optional) Specify this parameter to indicate the security for the backing folder is to be used.

Reset

(Optional) Specify this parameter to indicate whether you want to reset the governed resource record if it already exists in the database.

Valid values are:

  • 0 or $false: do not reset the existing QAMDuG entry in the database. (Default)
  • 1 or $true: reset the existing QAMDuG entry in the database with the new values specified in this cmdlet.
SharePointDisplayPath (Optional) Specify the readable SharePoint path (that is, SharePoint_ConfigVmset6/SharePoint - 80/Site/Shared Documents/SharePoint) to be displayed in the Manager.
ManagedResourceId (Optional) Specify this parameter to link the QAMDuG entry to a QAMManagedResource record in the database.
Examples:
Table 243: Examples
Example Description

Set-QDataUnderGovernance -managedhostid 68CD6FFC-BA2C-4F8E-8C34-70D2C1C1995A -ResourceType "NTFS\Folder" -ResourceUri \\qamautomem1\C$\autoroot\DUG\Folder2

This example places the resource \\qamautomem1\C$\autoroot\DUG\Folder2 under governance for the managed host identified by 68CD6FFC-BA2C-4F8E-8C34-70D2C1C1995A.

Set-QDataUnderGovernance -managedhostid 68CD6FFC-BA2C-4F8E-8C34-70D2C1C1995A -ResourceType "NTFS\Folder" -ResourceUri \\qamautomem1\C$\autoroot\DUG\Folder2 -EmployeeName "Admin, Admin" -Reset $true

This example places the resource \\qamautomem1\C$\autoroot\DUG\Folder2 under governance for the managed host identified by 68CD6FFC-BA2C-4F8E-8C34-70D2C1C1995A. It also sets the employee whose name is "Admin, Admin" as the business owner of this governed resource. If this governed resource already exists, it would be reset.

Set-QDataUnderGovernance -managedhostid 68CD6FFC-BA2C-4F8E-8C34-70D2C1C1995A -ResourceType "NTFS\Folder" -ResourceUri \\qamautomem1\C$\autoroot\DUG\Folder2 -OwnerRoleId "81d50b9e-7ab6-43c0-8016-da972e633303" -Reset $true

This example places the resource \\qamautomem1\C$\autoroot\DUG\Folder2 under governance for the managed host identified by 68CD6FFC-BA2C-4F8E-8C34-70D2C1C1995A. It also sets the role whose Id is "81d50b9e-7ab6-43c0-8016-da972e633303" as the business owner of this governed resource. If this governed resource already exists, it would be reset.

Set-QDataUnderGovernance -managedhostid ca990043-8ffc-4eea-8e11-179a1d3505af -ResourceType SharePoint\ListItem -ResourceURI 'sp://titan/0ee296d6-dea5-4f4d-950f-27c06458cad1/57947f70-c2b0-4d76-a8b3-ac54fa5bb 3a4c04-4f0e-4d6a-84a7-c2ef0a3f02e3/Dereks%20Site/Shared%20Documents/SharePoint/desktop.ini' -Displaypath SharePoint_ConfigVmset6/SharePoint - 80/Dereks Site/Dereks Site/Shared Documents/SharePoint/desktop.ini'

This example places the resource sp://titan/0ee296d6-dea5-4f4d-950f-27c06458cad1/57947f70-c2b0-4d76-a8b3-ac54fa5bb4ab/203a4c04-4f0e-4d6a-84a7-c2ef0a3f02e3/Dereks%20Site/Shared%20Documents/SharePoint/desktop.ini under governance for the managed host identified by ca990043-8ffc-4eea-8e11-179a1d3505af.

Set-QSelfServiceClientConfiguration

Sets the options available for self-service requests within the IT Shop.

Syntax:

Set-QSelfServiceClientConfiguration [-MaximumMethodsCount] <Int32> [-EnableSelfServiceAccessRequest] <Boolean> [-AllowNonPublishedGroups] <Boolean> [-AllowUnsynchronizedGroups] <Boolean> [<CommonParameters>]

Table 244: Parameters
Parameter Description
MaximumMethodsCount Specify the maximum number of groups that are to be returned from a call to the GetMethodsToSatisfyRequest.
EnableSelfServiceAccessRequest

Specify whether self-service access requests are to be enabled in the IT Shop.

Valid values are:

  • 0: Disable self-service access requests
  • 1: Enable self-service access requests
AllowNonPublishedGroups

Specify whether groups that have not been published to the IT Shop are to be included in self-service access requests.

Valid values are:

  • 0: Unpublished groups will not be available for self-service access requests in the IT Shop.
  • 1: Unpublished groups will be available for self-service access requests in the IT Shop.
AllowUnsynchronizedGroups

Specify whether groups that have not been synchronized with One Identity Manager are to be included in self-service requests.

Valid values are:

  • 0: Unsynchronized groups will not be available for self-service access requests in the IT Shop.
  • 1: Unsynchronized groups will be available for self-service access requests in the IT Shop.
Examples:
Table 245: Examples
Example Description

Set-QSelfServiceClientConfiguration -MaximumMethodsCount 1 -EnableSelfServiceAccessRequest 1 -AllowNonPublishedGroups 1 -AllowUnsynchronizedGroups 1

Sets the self-service client configuration information:

  • Enabling self-service access requests
  • Making unpublished groups available for self-service access requests in the IT Shop
  • Making unsynchronized groups available for self-service access requests in the IT Shop

Trigger-QDataUnderGovernanceCollection

Triggers data collection on the governed resources for a specific managed host.

Syntax:

Trigger-QDataUnderGovernanceCollection [-ManagedHostId] <String> [<CommonParameters>]

Table 246: Parameters
Parameter Description
ManagedHostId

Specify the ID (GUID format) of the managed host where data collection is to take place.

NOTE: Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.

Examples

Table 247: Examples
Example Description
Trigger-QDataUnderGovernanceCollection -ManagedHostId d589359a-8c51-4de0-8dcf-6b463793b0bf Triggers the collection of access information for resources under governance.
관련 문서