Background operations
Background operations view
Selecting Background operations in the Data Governance navigation view allows you to view the progress of various background operations, including:
- Log export operations
- Account access operations submitted from the Manage access view.
The following table describes the information displayed for current background operations.
| Column title | Description |
|---|---|
| Description | A description of the background operation being processed by Data Governance Edition. |
| Status | The status of the background operation. |
| Resource | The resource involved in the operation. |
| Operation | The background operation being processed. |
| Start Time | The date and time (UTC) the operation began. |
| End Time | The date and time (UTC) the operation completed. |
In addition to the default columns, you can add the following columns to the view using the Column Chooser command.
|
|
NOTE: Right-click the column header and select Column Chooser to add hidden columns to the display. In the Customization dialog, double-click the required column or drag and drop it onto the column header bar. To hide a column, right-click the column header and select Remove This Column. The column is now listed in the Customization dialog and can be re-added to the view as explained above. |
| Column title | Description |
|---|---|
| Enqueued Time | The date and time (UTC) the operation was added to the background queue. |
| Error | Any errors encountered during the background operation. |
Resource browser
The Resource browser provides a live view of the data on the selected managed host. Using the Resource browser, you can browse through the supported files system to view and manage security information for folders and shares on the target managed host.
The Resource browser displays the following information:
- For a Windows computer, the shares and file system display.
- For a SharePoint farm, each farm is represented as a hierarchy, with the farm as the top level, followed by web applications, site collections, sites and then the contents of the site. The contents of a list are shown as “list item”, regardless of the type of item in SharePoint. The Resource browser displays a list of the web applications on the selected farm.
- For a Distributed File System Root, links are displayed at the top level. Browsing into a link shows its target paths and browsing into a target path takes you to the appropriate backing folder. While browsing a backing folder, the Distributed File System path is shown in the Location field at the top of the page.
-
For Cloud managed hosts, each site is represented by a folder hierarchy, with the Home top level site displayed as Site contents folder, followed by all other subsites. Each site contains a Site contents folder encompassing other nested folders. The contents of a site and document library are shown as 'folder' type, whereas, files are shown as 'file' type items. No other resource types are managed for Cloud managed hosts.
NOTE: The resource browser and resource access reports do not display the limited access users or "previewer" accounts.
You can display the Resource browser from the following views:
- Managed hosts view
- Accounts view
- Governed data view
Double-click through the resources to locate a resource. Depending on the resource type, you can perform the following tasks against the selected resource.
| Task | Description | For more information | ||||||
|---|---|---|---|---|---|---|---|---|
| Calculate perceived owners | Calculates and provides a list of the perceived owners for the selected resource using the resource activity history or security information. | Calculating perceived owner | ||||||
| Copy resource path | Copies the full path of the selected resource to the clipboard. | |||||||
| Copy Share Path | Copies the path of the selected Share to the clipboard. | |||||||
| Edit host settings | Launches the Managed Host Settings dialog allowing you to view or edit the configuration settings for the selected managed host. | Editing managed host settings | ||||||
|
Place resource under governance |
Places the selected resource under governance, making it available for use in policies and attestations.
|
Placing a resource under governance | ||||||
| Publish to IT Shop |
Publishes the selected resources to the IT Shop, making it available for employees and business owners to request and grant access to it. If applicable, also places the resources under governance.
|
Publishing resources to the IT Shop | ||||||
| Refresh | Retrieves and displays the latest details in the Resource browser. | |||||||
| Remove resources from governance | Removes the selected resources from governance. | Removing resources from governance | ||||||
| Resource access report | Generates a report that identifies the accounts that have access to specific resources within your environment. | |||||||
| Resource activity report |
Generates a report that provides a list of activities recorded over a period of time to verify proper resource usage and decide whether to remove access for particular accounts.
|
|||||||
| Toggle layout options |
Shows or hides the Layout controls at the top of the view, allowing you to change the layout displayed. |
Toggle layout options | ||||||
| Unpublish from IT Shop |
Removes a previously published resource from the IT Shop.
|
Publishing resources to the IT Shop | ||||||
| View deviations |
Displays a tree view of all resources and all sub-resources below the root that have explicit security applied to them and any deviation warnings or errors encountered for the selected resource. As you select resources in the tree, you can view and manage their security.
|
Managing security deviations | ||||||
| View governed data details | Displays a graphical representation of the details available for governed resources. |
When an account in the resource's permissions pane (lower pane) is selected, you can perform the following tasks against the selected account.
|
|
Note: These account tasks are not available for resources on NFS managed hosts. |
| Task | Description | For more information | ||
|---|---|---|---|---|
| Account access report | Generates a report displaying the account's resource access across all managed hosts within the enterprise. Selecting this task displays the Account Access dialog allowing you to define the report parameters for running the Account access report. | |||
| Account comparison |
Displays the Account Comparison view allowing you to compare the resource access of two accounts.
|
Comparing accounts | ||
| Account simulation |
Displays the Account Simulation view allowing you to simulate changes to group membership to see the access that would be granted or revoked.
|
Simulating the effects of group membership modifications on an account | ||
| Add rights | Launches the Add Permissions dialog allowing you to manage a user or group's access to the selected resource. From this dialog, you can add or edit an account's access as required. |
Modifying discretionary access control list (DACL) permissions for NTFS resources Modifying auditing system access control list (SACL) permissions for NTFS resources | ||
| Manage access |
Displays the Manage access view that shows the managed hosts where the selected account has access. From here, you can also view detailed group membership information. |
|||
| Remove all explicit permissions | Removes all explicitly assigned permissions from the selected resource. | Managing security deviations | ||
| Remove selected permissions | Removes the selected permissions from the selected resource. |
Modifying discretionary access control list (DACL) permissions for NTFS resources Modifying auditing system access control list (SACL) permissions for NTFS resources |
In addition, you can access the following views from the Resource browser.
| View | Description | For more information | ||
|---|---|---|---|---|
| Governed data | Displays the Governed data view to view all the resources within the selected host that have been placed under governance. | |||
| Accounts view |
Displays the security index information returned by Data Governance agents for the selected managed host.
|
Accounts view |
Related Topics
Add permissions dialog
The Add Permissions dialog allows you to add rights to a given account. This dialog appears when you select the Add rights task from the Resource browser or Deviations view.
This dialog contains the following controls.
| Page | Control | Description |
|---|---|---|
| Select Accounts | Select Accounts list | Displays the list of selected user and group accounts. Use the Add and Delete buttons to populate this list. |
|
Add |
Click Add to locate and select the users or groups to be included in the Selected Accounts list. Clicking Add displays the | |
|
Delete |
Click Delete to remove the selected account from the Selected Accounts list. | |
| Permissions | Apply onto |
Use this field to specify the scope of coverage. Valid options are:
|
| Permission |
Select the corresponding check box to apply or deny a particular permission. | |
|
Apply these permissions to objects and/or containers within this container only |
Select this option to apply the selected permissions to objects and containers within the selected container only. |
Use the buttons across the bottom of the dialog to navigate through the dialog and to save your selections.
| Button | Description |
|---|---|
|
Next |
After selecting one or more accounts on the Select Accounts page, click the Next button to display the Permissions page to choose the permissions to be applied to the selected accounts. |
|
Back |
If you need to return to the Select Accounts page, click the Back button on the Permissions page. |
|
Finish |
Once you have chosen the permissions to be applied to the selected accounts, click the Finish button to save your selections and close the dialog. |
|
Cancel |
Click the Cancel button to close the dialog without saving your selections. |
Select User or Group dialog
The Select User or Group dialog allows you to construct queries to search for users and groups from domains and servers. This dialog is used throughout the Data Governance Edition solution allowing you to locate and select accounts related to the selected task.
This dialog contains the following controls.
| Control | Description | ||
|---|---|---|---|
| From this location |
This field is pre-populated with the local domain to be searched. Use the drop-down arrow to the right of this field to change the domain or server to be searched. Clicking this button displays a list of domains and servers. | ||
|
Show Active Directory containers |
Select this check box to include Active Directory containers in the location drop-down list. | ||
| Name |
Use these controls to define queries to search for user and group accounts. The search is conducted against the account's samAccountName, displayName, and cn attributes. In the first field, select the expression to be used to match an account's name:
In the second field, enter the string (partial or full account name) to be used in the query.
| ||
|
Find Now |
After entering your query, select the Find Now button to initiate the search. | ||
| Search results |
The bottom pane displays the search results. From this pane, select one or more accounts to be included in the selected accounts list.
| ||
|
OK |
Click the OK button to save your selections and close the dialog. | ||
|
Cancel |
Click the Cancel button to close the dialog without saving your selections. |