Calculates the perceived owners for a resource. You can use this information to determine the true business owners and custodian for data.
Note: The perceived owner for data is calculated from the resource activity history or security information collected by Data Governance Edition. Activity is collected based on the aggregation time span settings and recorded in the Data Governance Resource Activity database.
Syntax:
Get-QPerceivedOwners [-ResourcePath] <String> [-ResourceType] <QAM.Common.Interfaces.ResourceType> [[-NumberOfOwners] [<Int32>]] [<CommonParameters>]
Table 217: Parameters
ResourcePath |
Specify the full path to the resource whose perceived ownership information is to be queried.
For cloud resources, enter the path using the following format: //HostName/root/{path} |
ResourceType |
Specify the type of resource being queried. Valid values are:
- NTFS\Folder
- NTFS\File
- Windows Computer\Share
- Windows Computer\Local User Rights
- Windows Computer\Operating System Administrative Rights
- Data Governance\Application Deployment
- Service Identities\Windows Service Identity
- SharePoint\ResourceItem
- SharePoint\WebApplication
- SharePoint\SiteCollection
- SharePoint\Site
- SharePoint\List
- SharePoint\Folder
- SharePoint\ListItem
- DFS\Link
- NFS\Folder
- NFS\File
- Cloud\Folder
|
NumberOfOwners |
(Optional) Specify the number of potential owners to return. |
Examples:
Table 218: Examples
Get-QPerceivedOwners -ResourcePath "\\2K8R2DJSQL\C$\Test Data" -ResourceType NTFS\Folder |
Calculates and returns the perceived owners for the specified NTFS resource. |
Get-QPerceivedOnwers -ResourcePath "//DGEPROD.ONMICROSOFT.COM (SHAREPOINT)/root/Site Contents/Documents/Doc1" -ResourceType Cloud\Folder |
Calculates and returns the perceived owners for the specified cloud resource. |
Details retrieved:
Table 219: Details retrieved
TrusteeName |
The name of the account returned as a result of the perceived owner calculations. |
TrusteeSid |
The security identifier (SID) of the account (trustee). |
TrusteeType |
The type of account. |
TotalOperationWeight |
The activity weight assigned to the account based on the operations performed during the specified time. |
UseCount |
The number of times the account accessed the resource during the specified time frame. |
Retrieves the security information for selected resources from a specific managed host, and child objects whose security differs from the parent. You can retrieve file, folder, share, administrator rights, local operating system rights, and service identity rights.
Syntax:
Get-QResourceAccess [-ManagedHostId] <String> [-ResourceType] <QAM.Client.PowerShell.ResourceAccessQueryResourceType> [[-Resources] [<String []>]] [-ExcludeSubObjectDeviations [<SwitchParameter>]] [<CommonParameters>]
Table 220: Parameters
ManagedHostId |
Specify the ID (GUID format) of the managed host that you would like to see access information on.
Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs. |
ResourceType |
Specify the type of rights you would like to see resource access information for. Valid values are:
- NTFS\Folder
- NTFS\File
- Windows Computer\Share
- Windows Computer\Local User Rights
- Windows Computer\ Operating System Administrative Rights
- Data Governance\Application Deployment
- Service Indentities\Windows Service Identity
- SharePoint\ResourceItem
- SharePoint\WebApplication
- SharePoint\SiteCollection
- SharePoint\Site
- SharePoint\Link
- SharePoint\Folder
- SharePoint\ListItem
- DFS\Link
- NFS\Folder
- NFS\File
- Cloud\Folder
|
Resources |
(Optional) Specify the specific resource you would like to see resource access information for. This parameter only applies to files, folders or shares.
To get file and folder security information, specify the network path for remote managed hosts or the local path for local managed hosts.
To get share security information, specify the share name only. |
ExcludeSubObjectDeviations |
(Optional) Specify this parameter to only return the security data for the root objects specified. If this parameter is not specified, the cmdlet returns security information for children below the roots where security differs from the parent. |
Examples:
Table 221: Examples
C:\PS>$resourceAccess = Get-QResourceAccess -ManagedHostId 973c7042-c413-45fb-9f52-057c64d4f8aa -ResourceType NTFS\Folder -Resources "C:\Test1","C:\Test2"
C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get file/folder access (local managed host): Retrieves resource access (folder security) for the two folders "C:\Test1" and "C:\Test2" that are located on a local managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet |
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType NTFS\Folder "\\MachineName\C$\Test1","\\MachineName\C$\Test2"
C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get file/folder access (remote managed host: Retrieves resource access (folder security) for the two folders "\\MachineName\C$\Test1" and "\\MachineName\C$\Test2" that are located on a remote managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f8aa -ResourceType "Windows Computer\Share" -Resources "ShareName"
C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get share access: Retrieves resource access (share security) for the specified share. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Service Identities\Windows Service Identity" -Resources "Dhcp"
C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get service identities: Retrieves resource access (entire host) for the security identities on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Windows Computer\Local User Rights"
C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get local operating system rights: Retrieves resource access (entire host) for the OS rights on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
C:\PS>$resourceAccessInfo = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Windows Computer\Operating System Administrative Rights"
C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get administrator rights: Retrieves resource access (entire host) for the admin rights on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
Details retrieved:
The most useful information retrieved is the security descriptor details for the specified resource.
Table 222: Details retrieved
RootResources |
RootResources is an array that can be expanded to display the following information:
- Id
- RootId
- Uri
- DisplayName
- PropertiesString
- ResourceSecurityDescriptor
- ResourceType
- Children
|
RootResources.ResourceSecurityDescriptor |
ResourceSecurityDescriptor under the RootResource parameter is an array that can be expanded to display the following information:
- BlockedSecurityInheritance
- BlockedAuditingInheritance
- InvalidSecurity
- NullSecurity
- BinarySecurityDescriptor
- AceList
- ResourceType
- SHA1Hash
|
RootResources.ResourceSecurityDescriptor.AceList |
AceList under the ResourceSecurityDescriptor parameter is an array that can be expanded to display the following information for each ACE:
- Rights
- RightType
- Inheritance
- AppliesTo
- AceTrustee
- RawRights
- Explicit
|
RootResources.ResourceSecurityDescriptor.AceList.AceTrustee |
AceTrustee under the AceList parameter is an array that can be expanded to display the following information for each account:
- Name
- Sid
- SidType
- AuditTrusteeId
- UID_QAMTrustee
|
Retrieves the activity associated with a resource. The results provide a granular list of activities recorded over a period of time that can be used to verify proper resource usage and make decisions on modifying access.
Note: Resource activity collection (and therefore, this cmdlet) is not supported for the following host types:
- Windows Cluster/Remote Windows Computer
- Generic Host Type
- EMC Isilon NFS Device
- SharePoint Online
- OneDrive for Business
Syntax:
Get-QResourceActivity [-ManagedHostId] <String> [-Resources] <String[]> [[-StartTime] [<DateTime>]] [[-EndTime] [<DateTime>]] [[-Exclusions] [<String[]>]] [[-ExcludedOperations] [<String[]>]] [<CommonParameters>]
Table 223: Parameters
ManagedHostId |
Specify the ID (GUID format) of the managed host that you would like to see resource activity for.
Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs. |
Resources |
Specify the specific resource you would like to see resource activity for.
Specify NTFS resources in the following format: "C:\Share","C:\ADFS"
When specifying multiple resources, separate the resources with a comma. |
StartTime |
(Optional) Specify the start date and time from which you want to see resource activity.
Specify the start time in the following format (UTC): "23/01/2016 10:36:30 PM" |
EndTine |
(Optional) Specify the end date and time up to which you want to see resource activity.
Specify the end time in the following format (UTC): "23/01/2016 11:36:30 PM" |
Exclusions |
(Optional) Specify the security identifier (SID) of the users to be excluded from the resource activity search.
Specify the SIDs to exclude using the following format: domain: S-1-5-21
Example: TSX:S-1-5-21-3263556741-3296809600-1972185209-1104 |
ExcludedOperations |
(Optional) Specify the operations to be excluded from the resource activity search. Valid values are:
- Create
- Delete
- Read
- Rename
- Security Change
- Write
When specifying multiple operations, separate the operations with a comma. |
Examples:
Table 224: Examples
Get-QResourceActivity "ce21c3ec-3b79-4225-955a-c54cb46790f1" "C:\Share","C:\ADFS" |
Retrieves all activity on the specified managed host for the "C:\Share" and "C:\ADFS" folders. |
Details retrieved:
Table 225: Details retrieved
NodeId |
The ID used to link the activity database to the QAMNode table. (AuditNodeId in QAMNode table.) |
ResourceId |
The ID assigned to the operation that was performed. |
ParentResourceId |
Shows which resource in the activity database is the parent. |
ResourcePath |
The path of the resource. |
ResourceName |
The name of resource. |
Resource |
The type of resource. |
Operation |
The operation that was performed. |
AccessCount |
The number of times the operation occurred during the aggregation interval. |
StartTime |
The start date and time for collecting resource activity. Activity is stored in 'time spans'. |
EndTime |
The end date and time for collecting resource activity. Activity is stored in 'time spans'. |
TrusteeType |
The type of account that initiated the operation. |
TrusteeName |
The name of the account that initiated the operation. |
TrusteeSid |
The security identifier (SID) assigned to the account that initiated the operation, |
AuditTrusteeId |
The ID associated with the account that performed the operation. (UID_QAMTrustee in QAMTrustee table.) |
Returns the security descriptor for a given resource in the SSDL format.
Syntax:
Get-QResourceSecurity [-ResourceUri] <String> [-ResType] <String> [-DomainDNSName] <String> [[-NoSACL] [<SwitchParameter>]] [[-NoDACL] [<SwitchParameter>]] [[-NoOwner] [<SwitchParameter>]] [[-NoGroup] [<SwitchParameter>]] [<CommonParameters>]
Table 226: Parameters
ResourceUri |
Specify the path to the resource for which you want the security descriptor. |
ResType |
Specify the type of resource in question:
- adminrights
- localosrights
- files
- folders
- shares
|
DomainDNSName |
Specify the DNS domain name of the domain where the managed host with the resource in question resides. |
NoSACL |
(Optional) Specify this parameter if you do not want to return the SACL information in the SDDL.
If this parameter is not specified, the SACL information will be included. |
NoDACL |
(Optional) Specify this parameter if you do not want to return the DACL information in the SDDL.
If this parameter is not specified, the DACL information will be included. |
NoOwner |
(Optional) specify this parameter if you do not want to return the Owner information in the SDDL.
If this parameter is not specified, the owner information will be included. |
NoGroup |
(Optional) Specify this parameter if you do not want to return the group information in the SDDL.
If this parameter is not specified, the group information will be included. |
Examples:
Table 227: Examples
Get-QResourceSecurity -ResourceUri "\\QAMAUTOMem1\c$\autoroot\test_folder" -ResType Folders -DomainDNSName QAMAUTO.QC.HAL.CA.QSFT |
Returns the security descriptor for the specified resource on QAMAUTOMem1 in the specified domain. |