Chat now with support
Chat with Support

Classification Module 6.1.3 - User Guide

Introduction Deploying Classification in Identity Manager Configuring Classification: Taxonomies, Categories, and Rules
An Overview of Classification Configuration Steps Required to Implement Classification Creating Taxonomies Implementing Rules for Automated Categorization Classifying Resources When Do Categorization and Classification Occur? Managing the Life Cycle of Taxonomies and Categories
Working with Categorized Resources Appendix A: PowerShell Commands Appendix B: Oracle Configuration Appendix C: Classifying Data with Data Governance Templates Appendix D: Creating a Taxonomy to Classify Data

Activating Classification

The following processes are required for a fully functional Classification module deployment:

  • Install the Classification package on the Data Governance server.
  • Enable the Classification component in the Designer and recompile the database.
  • Identify the Service Account that will be used for securing the classification services. Deploy a Classification server. Deploy Classification worker. Enable Classification on the required managed hosts. Configure Security Index roots where classification should be enabled.
  • Ensure that you have applied the correct application roles for classification analysts, business owners, compliance officers, and Data Governance administrators.
NOTE! Permissions will be required for managing taxonomies, viewing classification results, viewing the categorization results, creating taxonomies, modifying rules, and overriding manual or automatic classification. For details, see Classification Application Roles.

Install the Classification Components

The Classification package obtained through the download contains all the files required to add the Classification functionality to your Quest One Identity Manager Data Governance Edition deployment.

To install Classification extension

  • Run the DataGovernance_ServerComponentsInstaller_x64.msi to install the files on the Data Governance server to make it ready for a Classification deployment.

Enable Classification in the Designer

The Classification component, which is located under TargetSystem\ADS\QAM, must be enabled in the Designer and the database recompiled. You can locate this option by selecting to Edit configuration parameters.

To recompile database

  1. Click the Database menu and choose Compile database.
  2. Follow the steps of the Database Compiler.
    Once you have completed this process, a Classification node will be available in the Data Governance navigation view of the Manager/Identity Manager application. From here, you can manage your Classification deployment.

Identify the Classification Service Account

Network communication between the Data Governance Edition agents and server and the Classification components is all performed using REST services over HTTPS channels. By default the HTTPS channels are secured using a self-signed certificate, but customers can provide their own certificate. Communication is further secured using a trusted subsystem security model. Before any Classification components can be deployed, one of the Data Governance Edition service accounts must be identified as the “Classification Identity”. When the Classification components are deployed they are configured to run as this identity. All communication related to classification will be performed using this identity.

NOTE! For minimum permission details, see the Minimum Required Permissions.

To identify a service account as the Classification Identity

  1. In the Manager/Identity Manager select the Data Governance navigation view and select Service accounts.
  2. In the Results list, double-click the required service account.
    From the service account overview, you can view the domains associated with the selected service account.
  3. From the Tasks view, select Change master data.
  4. Select the Classification Identity check box, and click Save.

If the administrator changes the classification service account for any reason, all of the deployed services will need to be changed manually to use the new classification service account. To do this, you must go to every instance of a Classification server, Worker server, or Classification agent and ensure that they are logged on using the new service account credentials.

To update the Classification Identity account

  1. Log on to the computer where the Classification Server is installed.
  2. Open Services, locate the Quest QCS Apache and Quest QCS Tomcat x64 services, right-click and select Properties.
  3. Select the Log On tab, select the Account and enter the password and click OK.
  4. Log on to the computer where the Worker server is installed.
  5. Open Services, locate the Quest QCS Worker and Quest QCS Rule Engine services, right-click and select Properties.
  6. Select the Log On tab, select the Account and enter the password and click OK.
  7. Log on to all managed hosts with classification enabled.
  8. Open Services, locate the Quest One Identity Manager Data Governance Classification Agent Service, right-click and select Properties.
  9. Select the Log On tab, select the Account and enter the password and click OK.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating