Get-QPerceivedOwners
Calculates the perceived owners for a resource. You can use this information to determine the true business owners and custodian for data.
|
|
Note: The perceived owner for data is calculated from the resource activity history or security information collected by Data Governance Edition. Activity is collected based on the aggregation time span settings and recorded in the Data Governance Resource Activity database. |
Syntax:
Get-QPerceivedOwners [-ResourcePath] <String> [-ResourceType] <QAM.Common.Interfaces.ResourceType> [[-NumberOfOwners] [<Int32>]] [<CommonParameters>]
| Parameter | Description | ||
|---|---|---|---|
| ResourcePath |
Specify the full path to the resource whose perceived ownership information is to be queried.
| ||
| ResourceType |
Specify the type of resource being queried. Valid values are:
| ||
| NumberOfOwners | (Optional) Specify the number of potential owners to return. |
Examples:
| Example | Description |
|---|---|
|
Get-QPerceivedOwners -ResourcePath "\\2K8R2DJSQL\C$\Test Data" -ResourceType NTFS\Folder |
Calculates and returns the perceived owners for the specified NTFS resource. |
|
Get-QPerceivedOnwers -ResourcePath "//DGEPROD.ONMICROSOFT.COM (SHAREPOINT)/root/Site Contents/Documents/Doc1" -ResourceType Cloud\Folder |
Calculates and returns the perceived owners for the specified cloud resource. |
Details retrieved:
| Detail | Description |
|---|---|
| TrusteeName | The name of the account returned as a result of the perceived owner calculations. |
| TrusteeSid | The security identifier (SID) of the account (trustee). |
| TrusteeType | The type of account. |
| TotalOperationWeight | The activity weight assigned to the account based on the operations performed during the specified time. |
| UseCount | The number of times the account accessed the resource during the specified time frame. |
Get-QResourceAccess
Retrieves the security information for selected resources from a specific managed host, and child objects whose security differs from the parent. You can retrieve file, folder, share, administrator rights, local operating system rights, and service identity rights.
|
|
TIP: This cmdlet is used with the Export-QResourceAccess cmdlet that exports the saved results. |
Syntax:
Get-QResourceAccess [-ManagedHostId] <String> [-ResourceType] <QAM.Client.PowerShell.ResourceAccessQueryResourceType> [[-Resources] [<String []>]] [-ExcludeSubObjectDeviations [<SwitchParameter>]] [<CommonParameters>]
| Parameter | Description | ||
|---|---|---|---|
| ManagedHostId |
Specify the ID (GUID format) of the managed host that you would like to see access information on.
| ||
| ResourceType |
Specify the type of rights you would like to see resource access information for. Valid values are:
| ||
| Resources |
(Optional) Specify the specific resource you would like to see resource access information for. This parameter only applies to files, folders or shares. To get file and folder security information, specify the network path for remote managed hosts or the local path for local managed hosts. To get share security information, specify the share name only. | ||
| ExcludeSubObjectDeviations | (Optional) Specify this parameter to only return the security data for the root objects specified. If this parameter is not specified, the cmdlet returns security information for children below the roots where security differs from the parent. |
Examples:
| Example | Description |
|---|---|
|
C:\PS>$resourceAccess = Get-QResourceAccess -ManagedHostId 973c7042-c413-45fb-9f52-057c64d4f8aa -ResourceType NTFS\Folder -Resources "C:\Test1","C:\Test2" C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get file/folder access (local managed host): Retrieves resource access (folder security) for the two folders "C:\Test1" and "C:\Test2" that are located on a local managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet |
|
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType NTFS\Folder "\\MachineName\C$\Test1","\\MachineName\C$\Test2" C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get file/folder access (remote managed host: Retrieves resource access (folder security) for the two folders "\\MachineName\C$\Test1" and "\\MachineName\C$\Test2" that are located on a remote managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
|
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f8aa -ResourceType "Windows Computer\Share" -Resources "ShareName" C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get share access: Retrieves resource access (share security) for the specified share. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
|
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Service Identities\Windows Service Identity" -Resources "Dhcp" C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get service identities: Retrieves resource access (entire host) for the security identities on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
|
C:\PS>$resourceAccess = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Windows Computer\Local User Rights" C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get local operating system rights: Retrieves resource access (entire host) for the OS rights on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
|
C:\PS>$resourceAccessInfo = Get-QResourceAccess 973c7042-c413-45fb-9f52-057c64d4f800 -ResourceType "Windows Computer\Operating System Administrative Rights" C:\PS> Export-QResourceAccess $resourceAccess –OutputPath "C:\ResourceAccessInfo.csv" |
Get administrator rights: Retrieves resource access (entire host) for the admin rights on the specified managed host. The access results are saved to a variable called $resourceAccess which can be exported to a file using the Export-QResourceAccess cmdlet. |
Details retrieved:
The most useful information retrieved is the security descriptor details for the specified resource.
| Detail | Description |
|---|---|
| RootResources |
RootResources is an array that can be expanded to display the following information:
|
| RootResources.ResourceSecurityDescriptor |
ResourceSecurityDescriptor under the RootResource parameter is an array that can be expanded to display the following information:
|
| RootResources.ResourceSecurityDescriptor.AceList |
AceList under the ResourceSecurityDescriptor parameter is an array that can be expanded to display the following information for each ACE:
|
| RootResources.ResourceSecurityDescriptor.AceList.AceTrustee |
AceTrustee under the AceList parameter is an array that can be expanded to display the following information for each account:
|
Get-QResourceActivity
Retrieves the activity associated with a resource. The results provide a granular list of activities recorded over a period of time that can be used to verify proper resource usage and make decisions on modifying access.
|
|
Note: Resource activity collection (and therefore, this cmdlet) is not supported for the following host types:
|
Syntax:
Get-QResourceActivity [-ManagedHostId] <String> [-Resources] <String[]> [[-StartTime] [<DateTime>]] [[-EndTime] [<DateTime>]] [[-Exclusions] [<String[]>]] [[-ExcludedOperations] [<String[]>]] [<CommonParameters>]
| Parameter | Description | ||
|---|---|---|---|
| ManagedHostId |
Specify the ID (GUID format) of the managed host that you would like to see resource activity for.
| ||
| Resources |
Specify the specific resource you would like to see resource activity for. Specify NTFS resources in the following format: "C:\Share","C:\ADFS"
| ||
| StartTime |
(Optional) Specify the start date and time from which you want to see resource activity. Specify the start time in the following format (UTC): "23/01/2016 10:36:30 PM" | ||
| EndTine |
(Optional) Specify the end date and time up to which you want to see resource activity. Specify the end time in the following format (UTC): "23/01/2016 11:36:30 PM" | ||
| Exclusions |
(Optional) Specify the security identifier (SID) of the users to be excluded from the resource activity search. Specify the SIDs to exclude using the following format: domain: S-1-5-21 Example: TSX:S-1-5-21-3263556741-3296809600-1972185209-1104 | ||
| ExcludedOperations |
(Optional) Specify the operations to be excluded from the resource activity search. Valid values are:
|
Examples:
| Example | Description |
|---|---|
| Get-QResourceActivity "ce21c3ec-3b79-4225-955a-c54cb46790f1" "C:\Share","C:\ADFS" | Retrieves all activity on the specified managed host for the "C:\Share" and "C:\ADFS" folders. |
Details retrieved:
| Detail | Description |
|---|---|
| NodeId | The ID used to link the activity database to the QAMNode table. (AuditNodeId in QAMNode table.) |
| ResourceId | The ID assigned to the operation that was performed. |
| ParentResourceId | Shows which resource in the activity database is the parent. |
| ResourcePath | The path of the resource. |
| ResourceName | The name of resource. |
| Resource | The type of resource. |
| Operation | The operation that was performed. |
| AccessCount | The number of times the operation occurred during the aggregation interval. |
| StartTime | The start date and time for collecting resource activity. Activity is stored in 'time spans'. |
| EndTime | The end date and time for collecting resource activity. Activity is stored in 'time spans'. |
| TrusteeType | The type of account that initiated the operation. |
| TrusteeName | The name of the account that initiated the operation. |
| TrusteeSid | The security identifier (SID) assigned to the account that initiated the operation, |
| AuditTrusteeId | The ID associated with the account that performed the operation. (UID_QAMTrustee in QAMTrustee table.) |
Get-QResourceSecurity
Returns the security descriptor for a given resource in the SSDL format.
Syntax:
Get-QResourceSecurity [-ResourceUri] <String> [-ResType] <String> [-DomainDNSName] <String> [[-NoSACL] [<SwitchParameter>]] [[-NoDACL] [<SwitchParameter>]] [[-NoOwner] [<SwitchParameter>]] [[-NoGroup] [<SwitchParameter>]] [<CommonParameters>]
| Parameter | Description |
|---|---|
| ResourceUri | Specify the path to the resource for which you want the security descriptor. |
| ResType |
Specify the type of resource in question:
|
| DomainDNSName | Specify the DNS domain name of the domain where the managed host with the resource in question resides. |
| NoSACL |
(Optional) Specify this parameter if you do not want to return the SACL information in the SDDL. If this parameter is not specified, the SACL information will be included. |
| NoDACL |
(Optional) Specify this parameter if you do not want to return the DACL information in the SDDL. If this parameter is not specified, the DACL information will be included. |
| NoOwner |
(Optional) specify this parameter if you do not want to return the Owner information in the SDDL. If this parameter is not specified, the owner information will be included. |
| NoGroup |
(Optional) Specify this parameter if you do not want to return the group information in the SDDL. If this parameter is not specified, the group information will be included. |
Examples:
| Example | Description |
|---|---|
|
Get-QResourceSecurity -ResourceUri "\\QAMAUTOMem1\c$\autoroot\test_folder" -ResType Folders -DomainDNSName QAMAUTO.QC.HAL.CA.QSFT |
Returns the security descriptor for the specified resource on QAMAUTOMem1 in the specified domain. |