Introduction
Data Governance Edition Network Communications
Data Governance service
Data Governance service deployment process
Data Governance service configuration
Data Governance service internal tasks
Manually deploying Data Governance service
Data Governance agents
Resource activity collection in Data Governance Edition
Resource Activity database maintenance
QAM module tables
Configurable configuration file settings
Activity database maintenance configuration
Manually running the activity compression utility
Manually running the activity deletion utility
How to validate resource activity is making it to the Resource Activity database
Data Governance service configuration file settings
Configurable registry settings
additionalOperatingSystems
AgentLeaseRenewPeriod
CollectPoi.CheckFrequencyInMinutes
CollectPoi.IgnoreChangedResourceSynchronization
CollectPoi.IncludeDeviations
CollectPoi.MaxConcurrentQueries
CollectPoi.OverdueThresholdInMinutes
CollectPoi.QueryBatchSize
CollectPoi.QueryTimeoutInMinutes
CollectPoi.QueryUpperBound
DfsDataSyncInterval
DisablePerceivedOwnershipUpdate
FolderSecurity.UseAdminPathsForShareFolders
ManagedHostDeleteBatchSize
MessagingCacheFolder
Metrics.CollectionIntervalInSeconds
MinimumSupportedModuleMigrationVersion
OracleBulkImportBatchSize
PerceivedOwnershipActivityPeriod
PerceivedOwnershipByResourceActivity
PerceivedOwnershipByResourceOwner
PerceivedOwnershipCalcUpdatesRefreshIntervalMinutes
PerceivedOwnershipMaxReturnValue
RemoteExecutor.WaitResultTimeout
RestServicePort
SelfService.AllowNonPublishedGroups
SelfService.AllowUnsychronizedGroups
SelfService.EnableSelfServiceRequest
SelfService.IncludeSuitabilityTraceInfo
SelfService.MarkSuitabilityTraceInfo
SelfService.MaximumMethodsCount
SelfService.SuitabilityThreshold
SuggestedAgentCap
SyncDomainPasswordInterval
VerboseHostForTrusteeLogging
Activity weight multipliers
Self-service suitability calculation multipliers
Data Governance agent configuration file settings
baseActivePort
cloudGroupResolutionInSeconds
indexingEnabled (localGroup scanning)
indexingEnabled (local user rights scanning)
indexingEnabled (service identities scanning)
indexingEnabled (share scanning)
keepQueryDocuments
localGroupResolutionInSeconds
numberOfSharepointScanThreads
OverrideFPolicyName
overrideServerUri
serviceIdentityIndexingResolutionInSeconds
shimCloseTimeoutInMinutes
shimOpenTimeoutInMinutes
shimReceiveTimeoutInMinutes
shimSendTimeoutInMinutes
usageFlushIntervalInSeconds
windowsComputerResourceResolutionInSeconds
Data Governance service registry settings
PowerShell commands
Agent query timeout (AsyncQueryTimeoutInMinutes)
Write default classification level data to database (ClassificationLevelDefaultData)
Default employee SID (DefaultEmployeeSid)
Explicit exclusion of groups (ExclusionByDN)
Filter accounts from Resource access report (FilterNoisyAccounts)
Global agent installation location (GlobalAgentInstallLocation)
Manual FPolicy creation (ManualFPolicyCreation)
Resource access data points (MaxDataPoints)
View deviations data points (MaxDataPoints)
Data governance overview results (MaxResults)
Resource Activity database connection string (QAMAuditActivityDBConnectionString)
Deployment name (QAMDeploymentId)
Oracle deployment: Resource Activity database (QDGDBPlatformOracle)
One Identity Manager database connection string (Q1IMDBConnectionString)
Oracle deployment: One Identity Manager database (Q1IMDBPlatformOracle)
Write default managed group template data to database (ResourceTemplateDefaultData)
Agent start/stop timeout (StartStopServiceTimeout)
WCF timeouts (wcfTimeoutInMinutes)
Reporting timeout (WcfTimeoutReportingInMinutes)
Adding the PowerShell snap-ins
Finding component IDs
Data Governance Edition deployment
About us
Get-QDeploymentInfo
Get-QEncryptionOptions
Get-QServerAllLogs
Get-QServerVersion
Initialize-QDataGovernanceActivity
Initialize-QDataGovernanceServer
Register-QServiceConnectionPoint
Remove-QServiceConnectionPoint
Set-QDeploymentInfo
Set-QEncryptionOptions
Set-QServiceConnection
Service account management
Add-QServiceAccount
Get-QLogonServiceAccount
Get-QServiceAccounts
Remove-QServiceAccount
Set-QServiceAccountUpdated
Managed domain deployment
Agent deployment
Managed host deployment
Add-QDfsManagedHost
Add-QManagedHostByAccountName
Clear-QResourceActivity
Get-QHostsForTrustee
Get-QManagedHosts
Remove-QManagedHost
Set-QManagedHostProperties
Set-QManagedHostUpdated
Trigger-QDfsSync
Account access management
Get-QAccountAccess
Get-QAccountAccessOnHosts
Get-QAccountActivity
Get-QAccountAliases
Get-QAccountsForHost
Get-QADAccount
Get-QGroupMembers
Get-QIndexedTrustees
Resource access management
Export-QResourceAccess
Get-QChildResources
Get-QFileSystemSearchResults
Get-QHostResourceActivities
Get-QPerceivedOwners
Get-QResourceAccess
Get-QResourceActivity
Get-QResourceSecurity
Set-QResourceSecurity
Governed data management
Get-QDataUnderGovernance
Get-QPerceivedOwnerPol
Get-QSelfServiceClientConfiguration
Get-QSelfServiceMethodsToSatisfyRequest
Remove-QDataUnderGovernance
Set-QBusinessOwner
Set-QDataUnderGovernance
Set-QSelfServiceClientConfiguration
Trigger-QDataUnderGovernanceCollection
Upgrade-QDataUnderGovernanceRecords
Classification management
Configurable registry settings
Configurable registry settings
There are registry settings that can be configured for the Data Governance service.
|
|
NOTE: Legacy Data Governance agent registry settings are no longer available. Use the agent's configuration file to modify agent configurations that are not available in the Manager client. For more information, see Data Governance agent configuration file settings. |
|
|
NOTE: One Identity does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986: Windows registry information for advanced users, on the Microsoft support site. |
Data Governance service registry settings
The following Data Governance service settings can be altered or created in the registry to modify the default behavior.
|
|
Note: After modifying a registry key, restart the Data Governance service and Manager to apply the changes. |
| Registry key setting | Description |
|---|---|
| Agent query timeout (AsyncQueryTimeoutInMinutes) | Specifies the maximum amount of time (in minutes) an agent query can run before it times out. |
| Resource access data points (MaxDataPoints) | Specifies the maximum number of data points to be included in a Resource Access report. |
| View deviations data points (MaxDataPoints) | Specifies the maximum number of data points to be included when viewing deviations. |
| Data governance overview results (MaxResults) | Specifies the maximum number of records to be returned and displayed on the Data governance overview. |
| WCF timeouts (wcfTimeoutInMinutes) | Specifies the maximum amount of time it should take a WCF command to complete before it times out. |
| Reporting timeout (WcfTimeoutReportingInMinutes) | Specifies the maximum amount of time it should take to generate a report before it times out. |
| Registry key setting | Description |
|---|---|
| Write default classification level data to database (ClassificationLevelDefaultData) | Indicates whether the default classification level data is to be written to the One Identity Manager database. |
| Default employee SID (DefaultEmployeeSid) | Specifies the SID of the default employee used by the Data Governance topology harvest process. |
| Explicit exclusion of groups (ExclusionByDN) | Indicates whether to exclude groups from self-service group selection. |
| Filter accounts from Manage Access view (FilterNoisyAccounts) | Determines whether to filter out noisy accounts (that is, built-in accounts (Administrators and Users)) from the Manage Access view. |
| Global agent installation location (GlobalAgentInstallLocation) | Specifies the default installation location for deploying Data Governance agents. |
| Manual FPolicy creation (ManualFPolicyCreation) | Determines whether to manually create the FPolicy for a NetApp filer. |
| Resource Activity database connection string (QAMAuditActivityDBConnectionString) | Specifies the connection string to the Data Governance Resource Activity database. |
| Deployment name (QAMDeploymentId) | Specifies the deployment name assigned to the Data Governance Edition deployment. |
| Oracle deployment: Resource Activity database (QDGDBPlatformOracle) | Indicates whether you are using a SQL Server or Oracle database for the Resource Activity database. |
| One Identity Manager database connection string (Q1IMDBConnectionString) | Specifies the connection string to the One Identity Manager database. |
| Oracle deployment: One Identity Manager database (Q1IMDBPlatformOracle) | Indicates whether you are using a SQL Server or Oracle database for the One Identity Manager database. |
| Write default managed resource data to database (ResourceTemplateDefaultData) | Indicates whether the default managed resource data is written to the One Identity Manager database. |
| Agent start/stop timeout (StartStopServiceTimeout) | Sets the amount of time to wait for the agent service to start or stop before it times out. |
Agent query timeout (AsyncQueryTimeoutInMinutes)
Configurable registry settings > Data Governance service registry settings > Agent query timeout (AsyncQueryTimeoutInMinutes)
Agent query timeout (AsyncQueryTimeoutInMinutes)
Create the following registry key on the client computer where the Manager is installed to specify the maximum amount of time (in minutes) an agent query can run before it times out.
| Location | Registry | ||
| Path |
HKEY_CURRENT_USER\SOFTWARE\One Identity\Broadway\Client\Controls
| ||
| Value name | AsyncQueryTimeoutInMinutes | ||
| Value type | REG_DWORD | ||
| Value |
Maximum amount of time, in minutes, before an agent query times out. Default: 20 minutes |
Write default classification level data to database (ClassificationLevelDefaultData)
Configurable registry settings > Data Governance service registry settings > Write default classification level data to database (ClassificationLevelDefaultData)
Write default classification level data to database (ClassificationLevelDefaultData)
This key indicates whether the default classification levels defined in Data Governance Edition are written to the One Identity Manager database.
|
|
NOTE: This registry value is checked on Data Governance service startup and if not present or if its value is set to 0, Data Governance Edition writes the default classification values into the One Identity Manager database and sets the registry value. When this value is set to 1, this indicates that the default classification level data is already stored in One Identity Manager database and should not be overwritten on service startup. |
| Location | Registry |
| Path |
HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server |
| Value name | ClassificationLevelDefaultData |
| Value type | REG_DWORD |
| Value |
Valid values:
|
| Notes |
If you delete the default classification levels in your Data Governance Edition deployment and replace them with new classification levels, you must move or set this registry key if you move the Data Governance service to another machine. When you move the Data Governance service to another machine, before starting the Data Governance service ensure that this registry key is set (value is set to 1); otherwise, the Data Governance service will reload any previously deleted default database data that was inserted when the Data Governance service was initially started (on the first machine). If you modify the default classification levels in your Data Governance Edition deployment, the classification level data is retained if you move the Data Governance service to another machine. |