Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.2.1 - User Guide

One Identity Manager Data Governance Edition User Guide Data Governance node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting EMC, NetApp Filer, and SharePoint configuration details PowerShell commands Governed data attestation policies Governed data company policies Governed data risk index functions

Empty groups report

This report displays any groups that do not have members. This helps determine which groups are candidates for removal.

Group owners can run this report for groups they own and administrators can run it for all groups within the enterprise.

Local rights and service identities report

This report helps you understand who has local rights on a managed host and which identities are being used to run Windows services. It provides the following information:

  • Service Identities: Lists the identities used to run services on the selected managed host.
  • Local User Rights: Lists the particular rights that a trustee has on a given managed host. An example would be the "Allow Logon Locally" right.
  • Admin Rights: Lists trustees with Operating System Administrative rights on a given managed host.

Note: If you see a message that indicates the forest or domain could not be contacted, this could be because the trusted domain has not been synchronized with One Identity Manager.

Viewing selected reports within the Manager

Generating Resource Access and Resource Activity reports

You can easily view resource access and resource activity reports directly in the Manager from the Resource browser, the Governed data view, or the Manage access view.

To run a resource access report

  1. Right-click the required resource, and select Resource access report.
  2. In the Resource access dialog, you can include varying levels of detail in the report by selecting the display options.
    • Select the Child resources | Access Deviations: Block Inheritance or Explicit Access check box to include child resources whose access differs from the selected resource.
    • Select the Groups | Expand Groups check box to include all group members who have access to the resource.
  3. Click Finish to generate the report.

To run a resource activity report

  1. Right-click the required resource, and select Resource activity report.
  2. On the Time Range page of the Resource activity dialog, specify the time that you are interested in, and click Next.

    You can report on the last so many hours, days, weeks, months, quarters, or years, a specific time period, or all dates and times.

    Note: All dates and times are displayed in UTC, not necessarily your local time.

  3. (Optional) On the Excluded Accounts page, select to exclude specific accounts from the report. Click Add to display the Select User or Group dialog, where you can locate and select the accounts to be excluded. After selecting the accounts to be excluded, click Next.

    Note: This page is not available for NFS managed hosts.

  4. (Optional) On the Activity Exclusions page, select the type of activities that you are not interested in and want to exclude from the report:

    • Read
    • Write
    • Create
    • Delete
    • Rename
    • Security Change
  5. Click Finish to generate the report.
Generating Account Access and Account Activity reports

You can easily view account access and account activity reports directly in the Manager by selecting an account in the security editor of the Resource browser or an account in the group membership pane of the Manage access view.

To run an account access report

  1. Right-click the required account, and select Account access report from the Tasks view.
  2. On the Hosts page of the Account Access dialog, select the managed hosts that contain the resources whose access you are interested in:

    • All accessible hosts: This check box is selected by default and indicates all hosts are to be included in the report.
    • Specific hosts: Select this check box to specify one or more hosts to be included in the report. Select the check box to the left of a host to include it in the report.

    Click Next.

  3. (Optional) On the Excluded Accounts page, select any accounts that are to be excluded from the report. Click Add to display the Select User or Group dialog, where you can locate and select the accounts to be excluded. After selecting the accounts to be excluded, click Next.
  4. On the Expand Groups page, you can specify the level of report details by selecting to display group members. If necessary, select the Expand Groups check box and click Next.
  5. On the Resource Types page, select the resource types whose access you are interested in (all resource types are selected by default).

  6. (Optional) On the Excluded File Types page, specify file extensions of the files to be excluded from the report. By default, no file types are excluded.

    Use the buttons on this page to populate the file extensions exclusion list:

    • Export: Exports the current exclusion list to a QAM Extension List (*.qamel) file.
    • Import: Imports the file extensions from a previously exported or manually created QAM Extension List (*.qamel) file.
    • Default: Adds the default list to the exclusion list.
    • Remove: Removes the selected file extensions from the exclusion list.
    • Add: Adds the specified file extensions to the exclusion list.
  7. (Optional) On the Excluded Folder Name page, specify folder names to be excluded from the report. By default, no folders are excluded.

    Use the buttons on this page to populate the folders exclusion list:

    • Export: Exports the current exclusion list to a QAM Folder List (*.qamtf) file.
    • Import: Imports the folders from a previously exported or manually created QAM Extension List (*.qamtf) file.
    • Default: Adds the default list to the exclusion list.
    • Remove: Removes the selected folders from the exclusion list.
    • Add: Adds the specified folders to the exclusion list.
  8. On the Data Under Governance Only page, select the Data Under Governance Only check box if you only want to include resources that are under governance.
  9. Click Finish to generate the report.

To run an account activity (employee) report

  1. In the Navigation view, select Employees | Employees.
  2. In the Employees result list, select an employee, right-click and select Tasks | Account Access.
  3. In the Define parameters dialog, enter the following information:

    • Managed hosts: Click the drop-down button to select the managed hosts you are interested in.
    • Excluded accounts: (Optional) Click the drop-down button to select the accounts to be excluded from the report.
    • Expand Groups: (Optional) Select this check box to display group members in the report.
    • Resource types: Click the drop-down button to select the resource types whose access you are interested in. If you do not specify any resource types, the report will return with 'There is no data to display'.
  4. Click OK to generate the report.

To run an account activity report

  1. Right-click the required account, and select Account activity report.
  2. On the Time Range page of the Account Activity dialog, specify the time that you are interested in and click Next.

    You can report on the last so many hours/days/weeks/months/quarters/years, a specific time period, or all dates and times.

    Note: All dates and times are displayed in UTC, not necessarily your local time.

  3. On the Hosts page, select the managed hosts that contain the resources you are interested in and click Next.
  4. On the Activity Exclusions page, select the type of activities that you are not interested in and want to exclude from the report:

    • Read
    • Write
    • Create
    • Delete
    • Rename
    • Security Change
  5. Click Finish to generate the report.

Troubleshooting

The following troubleshooting tips are provided to assist you with the day-to-day administration of Data Governance Edition:

Additional troubleshooting tips may be found in the following guides:

  • One Identity Manager Data Governance Deployment Guide: Troubleshooting tips related to deploying and configuring Data Governance Edition components.
  • One Identity Manager Data Governance IT Shop Resource Access Requests Guide: Troubleshooting tips related to self-service resource access requests and share creation requests.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating