Set-QResourceSecurity
Sets or updates the security on a given resource to the specified security descriptor.
|
|
Note: The existing security descriptor is completely replaced. |
Syntax:
Set-QResourceSecurity [-SDDL] <String> [-ResourceUri] <String> [-ResType] <String> [-DomainDNSName] <String> [-HostDownLevelName] <String> [<CommonParameters>]
| Parameter | Description |
|---|---|
| SDDL | Specify the security descriptor (SDDL format) to be set. |
| ResourceUri | Specify the path to the resource that you want to set the security for. |
| ResType |
Specify the resource type of the resource to have its security descriptor set. Valid values are:
|
| DomainDNSName | Specify the DNS name of the resource's domain. |
| HostDownLevelName | Specify the downlevel name of the host where the resource resides. |
Examples:
| Example | Description |
|---|---|
|
Set-QResourceSecurity -SDDL "O:BAG:DUD:AI(A;;FA;;;BA)(A;OICIID;FA;;;BA)(A;OICIID;FA;;;SY)(A;OICIIOID;GA;;;CO) (A;OICIID;0x1200a9;;;BU)(A;CIID;LC;;;BU)(A;CIID;DC;;;BU)S:PAI" -ResourceUri "\\QAMAUTOMem1\c$\autoroot\test_folder" -ResType Folders -DomainDNSName QAMAUTO.QC.HAL.CA.QSFT -HostDownLevelName QAMAUTOMem1 |
Sets the security on the specified resource to the specified SDDL on the computer qamautomem1 in the domain qamauto.qc.hal.ca.qsft. |
Governed data management
Governing unstructured data allows you to manage data access, preserve data integrity, and provide content owners with the tools and workflows to manage their own data.
The following commands are available to you to manage governed data.
|
Use this command |
If you want to | ||
|---|---|---|---|
|
Get-QDataUnderGovernance |
View the data within your organization that has been placed under governance. Data is considered “governed” when it has been explicitly placed under governance or published to the IT Shop. | ||
|
Get-QPerceivedOwnerPoI |
View the name of the perceived owner for the specified governed resource. You can use the calculated perceived owners to identify potential business owners for data within your environment. | ||
|
Get-QSelfServiceClientConfiguration |
View the options that are available for self-service requests within the IT Shop. For more information, see Get-QSelfServiceClientConfiguration. | ||
|
Get-QSelfServiceMethodsToSatisfyRequest |
View the group membership that is required to satisfy an access request. When employees request access to a resource, an approval workflow is put into action. Before the request for resource access can be granted, the business owner must select a group to which that employee could be added to fulfill their request. For more information, see Get-QSelfServiceMethodsToSatisfyRequest.
| ||
|
Remove-QDataUnderGovernance |
Remove data from governance.
| ||
|
Set-QBusinessOwner |
Set the business owner on a governed resource to establish a custodian for data. The business owner should be an employee who understands the nature of the data and the list of authorized users. Ownership can be established for an individual employee or for all employees in an application role. | ||
|
Set-QDataUnderGovernance |
Place a resource under governance. Once data is “governed”, the Data Governance server periodically queries the agent responsible for scanning that data and retrieves detailed security information concerning it and any child data. The data is then placed in the central database to be used by policies and attestations. You can also use this command to set the business owner on governed resources to establish a custodian for data. The business owner should be an employee who understands the nature of the data and the list of authorized users. Ownership can be established for an individual employee or for all employees in an application role. | ||
|
Set-QSelfServiceClientConfiguration |
Set the options that are available for self-service requests within the IT Shop. For more information, see Set-QSelfServiceClientConfiguration. | ||
|
Trigger-QDataUnderGovernanceCollection |
Trigger data collection for governed resources for a given managed host. For more information, see Trigger-QDataUnderGovernanceCollection. | ||
|
Upgrade-QDataUnderGovernanceRecords |
Upgrade the format of existing governed data in the database after an upgrade from version 6.1.1 or earlier.
For more information, see Upgrade-QDataUnderGovernanceRecords. |
Get-QDataUnderGovernance
Retrieves the data within your organization that has been placed under governance.
Syntax:
Get-QDataUnderGovernance [[-ResourcePath] [<String>]] [[-ManagedHostId] [<String>]] [[-MaxResults] [<Int32>]] [<CommonParameters>]
| Parameter | Description | ||||
|---|---|---|---|---|---|
| ResourcePath |
Specify the path to a particular resource under governance. If this parameter is not specified, all resources under governance on the specified managed host are returned.
| ||||
| ManagedHostId |
Specify the ID (GUID format) of the managed host you are interested in.
| ||||
| MaxResults |
(Optional) Specify the maximum number of results to be returned. If this parameter is not specified, all results are returned. |
Examples:
| Example | Description |
|---|---|
| Get-QDataUnderGovernance -ResourcePath \\QAMAUTOMEM1\C$\AutoRoot\DuG\Folder1 | Returns the data under governance object for the resource specified. |
Details retrieved:
| Detail | Description (Associated key or property in QAMDuG table) |
|---|---|
| ManagedHostId | Value (GUID) assigned to the managed host computer. |
| IsForITShop | Indicates if the resource is available for requests through the IT Shop. |
| DatePublishedToITShop | The date (UTC) when the resource was published to the IT Shop. |
| IsPublishable | Indicates that the resource is able to be published to the IT Shop. |
| IsPointOfInterest | Indicates that a point of interest was intentionally placed under governance. |
| RequiresOwnership | Indicates that the resource requires that an owner be assigned. |
| DisplayName | Name of the governed resource. |
| DisplayPath | Path and name of the governed resource. |
| Description | Descriptive information entered for the governed resource. |
| FullPath | Full path of the governed resource. |
| FullPathHashSHA1 | Hash value over the full path for unique identification. |
| Justification | The reason for assigning this owner to the resource. |
| OwnershipSetBy | Name of the account that set the owner. |
| PlacedUnderGovernanceBy | Name of the account that placed the resource under governance. |
| RiskIndex | Calculated risk index of all assignments to this data. |
| ActivityResourceId | The value that relates the roots in this database to data in the Data Governance activity resource database. |
| DateOwnershipSet | The date (UTC) when the ownership of the resource was set. |
| UID_QAMDuG | The identifier assigned to the governed resource by Data Governance Edition. |
| IsStale | Indicates whether the resource was renamed or deleted. |
| LastEncounteredTime | The time detailed security information was successfully collected. |
| PersonOwnerKey | If you have assigned a person as the business owner of this resource, this is the primary key of that person. |
| PersonOwnerDisplay | If a person is assigned as the business owner, the name of that employee. |
| RoleOwnerKey | If you have assigned a role as the business owner of this resource, this is the primary key of that role. |
| RoleOwnerDisplay | If an application role is assigned as the business owner, the name of that application role. |
| ResourceType | The governed data type. |
| ManagedHostName | The name of the managed host computer. |
| UseBackingFolderSecurity | Indicates to use the backing folder of a share. |
| LastPoiCollection | The date (UTC) when the POI was last collected. |
| LastPoiSubmission | The date (UTC) when the POI was last submitted. |
| Security | The security used for governance. (SecurityForGovernance) |
| ClassificationLevelId | If a classification level is assigned, the identifier assigned to the classification level. (UID_QAMClassificationLevelMan Value) |
| ClassificationLevelName | If a classification level is assigned, the name assigned to the classification level. (UID_QAMClassificaitonLevelMan) |
Get-QPerceivedOwnerPol
Retrieves the name of the perceived owner for the specified governed resource. You can then use the calculated perceived owners to identify potential business owners for data within your environment.
Syntax:
Get-QPerceivedOwnerPoI [-GovernedDataId] <String> [<CommonParameters>]
| Parameter | Description | ||
|---|---|---|---|
| GovernedDataId |
Specify the ID (GUID format) of the governed resource whose perceived owner information you want to identify.
|
Examples:
| Example | Description |
|---|---|
|
C:\PS>$resources = Get-Content 'C:\Resources.txt' foreach($resource in $resources) { try { $governed = Get-QDataUnderGovernance $resource if($governed) { $perceivedOwner = Get-QPerceivedOwnerPoI $governed.UID_QAMDuG $resource += ';' $resource += $perceivedOwner.EmployeeId Add-Content 'c:\PerceivedOwnerResource.txt' $resource } else { $resource += ';' $resource += 'Resource Not Governed' Add-Content 'c:\PerceivedOwnerResource.txt' $resource } } catch { Writestatus $_ } } |
Returns the perceived owner information for a governed resource with the specified id. This PowerShell script takes a list of governed resources and returns the perceived owner for each. |
Details retrieved:
| Detail | Description (Associated key or property in QAMPoIPerceivedOwner table) |
|---|---|
| EmployeeName | The name of the perceived owner (employee) for the governed resource. |
| EmployeeId | The value (GUID) assigned to the perceived owner (employee). |
| TrusteeName | The name of the account that initiated the operation. |
| TrusteeId | The value (GUID) assigned to the trustee (UID_QAMTrustee). |
| TrusteeXObjectKey | The value (<Key>) assigned to the account. |
| TrusteeType |
The type of account. |