Data Governance administrators and business owners can apply a previously defined classification level to governed resources.
- As a Data Governance administrator, use the Set-QClassificationLevelOnDuG PowerShell cmdlet to classify governed data.
- As a business owner, use the Classification page in the web portal to classify an owned resource.
To classify governed data (PowerShell)
-
If necessary, import the QAM.Client.PowerShell.dll assembly:
Import-Module "<path>"
Where <path> is the file path for the QAM.Client.PowerShell.dll assembly. By default, the <path> for the Data Governance server machine is "C:\Program Files\One Identity\One Identity Manager\QAM.Client.PowerShell.dll".
-
Run the following cmdlet to assign a classification level to a governed resource:
Set-QClassificationLevelOnDuG [-DuGId] <String> [-ClassificationLevelId] <String> [[-Justification] [<String>]]
-
DuGId: Specify the identifier assigned to the governed resource to be classified (that is, value assigned to UID_QAMDuG parameter).
Note: Run the Get-QDataUnderGovernance cmdlet to retrieve a list of governed resources, including their assigned identifiers.
-
ClassificationLevelId: Specify the identifier assigned to the classification level to be assigned (that is, value assigned to UID_QAMClassificationLevelMan parameter).
Note: Run the Get-QClassificationLevelConfiguration cmdlet to retrieve a list of configured classification levels, including their assigned identifiers.
- Justification: (Optional) Enter the reason for assigning this classification level.
To classify an owned resource (web portal)
- From the menu bar, select Responsibilities | My Responsibilities.
- On the My Responsibilities view, select the Governed Data tile.
- Open the All my resources tab and select the resource.
- Click Classification to display the current classification level assignment.
-
From this page, you can assign a classification level to the selected resource:
- Classification level: Select a classification level from the drop-down menu.
- Description: Read-only field displaying the description of the selected classification level.
- Justification: (Optional) Enter a reason for assigning this level of classification to the resource.
-
Click Save. A "Your changes have been saved" message appears at the top of page.
Managing governed resources using the web portal
Data governance provides a systematic approach to managing data access, preserving data integrity, and providing you with the tools and workflows to manage your data resources, without relying on IT administrators. By evaluating resource access, you can identify resources that do not have ownership, assign owners, and assess the overall ownership of your governed data.
NOTE: The resource activity data is from the QAMPoIActivity table. Therefore, the activity data shown is based on the POI collection frequency and when the activity occurred. That is, every time POI data is collected for governed data, existing activity entries are replaced with the new activity data that is collected.
Table 62: Who uses the web portal to manage governed resources
| Data Governance Administrator |
As a Data Governance Administrator, you can perform the following tasks from the Responsibilities | Governance Administration view:
For more information, see Data Governance Administrator responsibilities.
NOTE: Data Governance Administrators must be assigned the Data Governance | Administrators or the Identity & Access Governance | Compliance & Security Officer application role. |
| Business owner |
As a business owner of a governed resource, you can perform the following tasks against resources for which you are responsible:
Responsibilities | My Responsibilities | Governed Data view:
- All my resources: View a list of governed resources for which you are responsible.
- Statistics: View statistics:
- Resources with and without policies
- Top 10 active resources you own
- Top 10 active users of owned resources
- Owned resources grouped by host
- Activity: View the most active resources.
- Resource types: View owned resources by resource type.
- Policy violations: View owned resources currently affected by company policies.
In addition, for each individual resource, you can drill down to perform the following tasks:
For more information, see Business owner responsibilities .
NOTE: Business owners must be assigned the Data Governance | Direct Owners application role which is automatically assigned when ownership is set. |
| Auditor |
Auditors can perform the following tasks from the Responsibilities | Auditing view in the web portal:
- Governed data: View a list of managed hosts and the governed data for a managed host.
- Active Directory: View the access permissions for an Active Directory resource.
- Employees: View the group membership of a given employee and detailed access control information for governed data.
For more information, see Auditor responsibilities.
NOTE: Auditors must be assigned the Identity & Access Governance | Auditors application role. |
Related Topics
Governed data attestation policies
Governed data risk index functions
The Governed Data Overview view provides information to assist you in governing resources. As a Data Governance Administrator, select Responsibilities | Governance Administration | Governed Data Overview to view statistics for and a list of all governed resources.
NOTE: The statistics displayed on the Statistics page are calculated on an hourly schedule. To change the schedule, edit the hourly schedule defined in the QAM statistics schedule in the Designer (Getting Started | Edit schedules or Base Data | General | Schedules).
In addition: for the security statistics:
- For the resource activity statistic, ensure the Collect and aggregate events option is enabled on the Resource activity page in the Managed Host Settings dialog. For more information on this resource activity setting, see Resource activity page.
- For the security statistics, set the CollectPoi.IncludeDeviations configuration setting to true. You can find this configuration setting in the Data Governance service configuration file (%ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\DataGovernanceEdition.Server.exe.config). For more information on this configuration setting, see the One Identity Data Governance Edition Technical Insight Guide.
NOTE: The resource activity data is from the QAMPoIActivity table. Therefore, the activity data shown is based on the POI collection frequency and when the activity occurred. That is, every time POI data is collected for governed data, existing activity entries are replaced with the new activity data that is collected.
Table 63: Governed Data Overview
| Statistics |
Displays the following statistics for all governed resources:
- Top 10 active resources across all governed resources
- Total number of explicit security deviations
- Total number of items with blocked security inheritance
Clicking Help displays additional details about the statistic:
- Statistics information: A description of what is contained in the graph and the calculation schedule used to generate it.
- View source data: The source data used to build the graph.
|
| Resource overview |
Displays a list of all governed resources, grouped by resource type. From this view, you can review the following information for each type of resource:
- Resources (total): Number of resources of this type.
- Not owned: Number of resources not owned.
- Owned: Number of resource owned.
- Percent not owned: Percentage of resources not owned.
- Unique data owners: Number of resources with unique data owners.
Clicking a resource type displays a list of resources of that type. From this view, you can review the following information for each resource of the selected type:
- Path
- Governed data type
- Owner
- Risk index (calculated)
- Requires ownership (Yes or No)
Clicking an individual resource (Path) displays additional detailed about the selected resource. For more information, see Resource's Governed Data view. |
| Resources with activity |
Displays the top 10 most active governed resources in your Data Governance Edition deployment. |
| All resources |
Displays a list of all the governed resources in your Data Governance Edition deployment. It includes the following information:
- Governed data element name
- Element type
- Data container
- Complete folder path
- Data owner
- Risk index
Clicking an individual resource (Governed data element name) from this list displays additional details about the selected resource. For more information, see Resource's Governed Data view.
NOTE: If you are not seeing the governed resources you are expecting, check to ensure that the following parameter is set for these governed resources:
QAMDuG.IsPointOfInterest = true.
If business ownership for governed resources is set programmatically or through the Object Browser, you must set QAMDuG.IsPointOfInterest = true. Note that business ownership is indicated by setting values for either QAMDuG.UID_PersonResponsible or QAMDuG.UID_AERoleOwner. |
The Governed Data Overview view provides information to assist you in governing resources. As a business owner, select Responsibilities | My Responsibilities | Governed Data to view a list of resources for which you are responsible.
NOTE: The resource activity data is from the QAMPoIActivity table. Therefore, the activity data shown is based on the POI collection frequency and when the activity occurred. That is, every time POI data is collected for governed data, existing activity entries are replaced with the new activity data that is collected.
Table 64: Governed Data Overview
| All my resources |
Displays a list of all the governed resources to which you are assigned the business owner. It includes the following information:
- Path
- Governed data type
- Risk index (calculated)
Clicking an individual resource (Path) from this list displays additional details about the selected resource. For more information, see Resource's Governed Data view.
NOTE: If you are not seeing the governed resources you are expecting, check to ensure that the following parameter is set for these governed resources:
QAMDuG.IsPointOfInterest = true.
If business ownership for governed resources is set programmatically or through the Object Browser, you must set QAMDuG.IsPointOfInterest = true. Note that business ownership is indicated by setting values for either QAMDuG.UID_PersonResponsible or QAMDuG.UID_AERoleOwner. |
| Statistics |
Displays a graphical overview of the governed resource you own:
- Resources with and without policy violations
- Top 10 active resources you own
- Top 10 active users of owned resources
- Owned resources, grouped by host
Clicking Help displays additional details about the statistic:
- Statistics information: A description of what is contained in the graph and the calculation schedule used to generate it.
- View source data: The source data used to build the graph.
|
| Activity |
Displays the top 10 most active governed resources for which you are responsible. |
| Resource types |
Displays a list of resources for which you are responsible, grouped by resource type. This view displays the resource type and the total number of governed resources of each type.
Clicking a resource type displays a list of owned resources of that type along with the calculated risk index for each resource.
Clicking an individual resource (Path) displays additional detailed about the selected resource. For more information, see Resource's Governed Data view. |
| Policy violations |
Displays a list of resources that are currently in violation of a company policy.
Clicking an individual resource (Path) displays additional details about the selected resource. For more information, see Resource's Governed Data view. |
