Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.0 LTS - User Guide

One Identity Manager Data Governance Edition User Guide Data Governance node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting EMC, NetApp Filer, and SharePoint configuration details PowerShell commands Governed data attestation policies Governed data company policies Governed data risk index functions

No activity data available for SharePoint 2010 managed host

Probable Cause

For SharePoint 2010 managed hosts, the DataGovernance.SharePointShim.exe process is required and may not be running on the SharePoint server.

NOTE: For multi-agent SharePoint 2010 managed hosts, you will see multiple Shim instances; one for each agent service.

Resolution

Check to ensure that the DataGovernance.SharePointShim.exe process is running on the SharePoint 2010 farm server. If it is not running, start the process or restart the agent.

To start the Shim process

Since multiple Shim instances are displayed for multi-agent SharePoint managed hosts, you must provide the PID of the corresponding Data Governance SharePoint agent as an argument when starting up the Shim process for an agent service.

  1. In Task Manager | Services tab, locate the PID assigned to the agent service that does not have activity available.
  2. At the command prompt, enter the following PowerShell command to start the Shim instance:

    C:\Program Files\One Identity\One Identity Manager Data Governance Edition\Agent Services\DataGovernance.SharePointShim.exe <PID>

NOTE: This only applies to SharePoint 2010 because in later releases of SharePoint, this is not a separate process.

Not receiving scheduled reports

Probable cause

The One Identity Manager service (job server) is not configured correctly. If you are having issues with scheduled report execution and are not receiving your reports through email, the first place to check is the Job Server log.

Resolution

Scheduled reports are run by the job server with the SMTP Host server mask. To allow this job server to query the Data Governance server, it must be running as an Active Directory account with an associated One Identity Manager Employee with either the Data Governance | Administrators or Data Governance | Access Managers application role.

To change the identity the job server runs as, open the Services console on the computer hosting the job server and change the Log On identity. For example, the DGEAdministrator Active Directory account needs to be associated with an Employee record that was granted the Data Governance | Administrators role or be a Data Governance service account itself. This new identity allows the job server to authenticate against the Data Governance server and perform the necessary queries required for report execution.

Groups missing from the Group Memberships tree view

To examine group membership in your enterprise, Data Governance Edition requires credentials that allow it to read group memberships in the domains that make up your enterprise structure. These credentials are provided when syncing the domain for Active Directory. For SharePoint group membership, it uses the provided database connection string and reads group information from the SharePoint database. If Data Governance Edition is having trouble resolving group memberships, you will see a link in the lower-left pane (after having selected Manage Access from the client). Clicking this link displays a list of issues that details any problems encountered during group expansion.

Resolution
  • Ensure that you have provided credentials with the required access.

Resource activity is not displaying in the web portal for a business owner

Probable cause

Activity for owned data may not display in the web portal if:

  • Resource activity collection has not been enabled on the selected managed host.
  • Resource activity collection is not supported on the selected managed host (such as, remote managed Windows computers, Windows clusters, Generic or Cloud managed hosts).
  • Resource activity collection is enabled, but the data is not included within a specified managed paths.
Resolution

To ensure resource activity is being collected:

  1. From the Managed hosts view, select the required managed host.
  2. Select Edit host settings from the Tasks view or right-click menu.
  3. In the Managed Host Settings dialog, open the Resource Activity page.
  4. Ensure Collect and aggregate events is selected.
  5. Also, ensure the appropriate events are selected.
  6. Click the Resource Activity Exclusion button and review each tab to see what objects are being excluded.

To check what managed paths are selected for activity collection:

  1. From the Managed hosts view, select the required managed host.
  2. Select Edit host settings from the Tasks view or right-click menu.
  3. In the Managed Host Settings dialog, open the Managed Paths page.
  4. Activity is only being collected for the paths listed on this page.

NOTE: For all managed host types, when placing a resource under governance, the resource must be a managed path or a folder or share under a managed path.

  • For remote managed hosts and SharePoint managed hosts, if you select to place a resource under governance that is not yet defined as a managed path, the path is automatically added to the managed paths list. If the managed host has more than one agent assigned, you are prompted to select the agent to which the managed path is added.
  • For local managed hosts, if you are scanning managed paths (that is, there are paths in the managed paths list), and you select to place a resource under governance that is not yet defined as a managed path, the path is automatically added to the managed paths list. However, if you are scanning the entire server (that is, the managed paths list is empty) and you place a resource under governance, no changes are made to the managed paths list and you continue to scan the entire server.

For more information about these pages on the Managed Host Settings dialog, see Managed paths page and Resource activity page.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating