Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - Deployment Guide

Introduction Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting Appendix: NetApp managed host deployment Appendix: EMC managed host deployment Appendix: SharePoint managed host deployment About us

Not receiving scheduled reports

Probable cause

The One Identity Manager service (job server) is not configured correctly. If you are having issues with scheduled report execution and are not receiving your reports through email, the first place to check is the Job Server log.

Resolution

Scheduled reports are run by the job server with the SMTP Host server mask. To allow this job server to query the Data Governance server, it must be running as an Active Directory account with an associated One Identity Manager Employee with either the Data Governance\Administrators or Data Governance\Access Managers application role.

To change the identity the job server runs as, open the Services console on the computer hosting the job server and change the Log On identity. For example, the DGEAdministrator Active Directory account needs to be associated with an Employee record that was granted the DataGovernance\Administrators role or be a Data Governance service account itself. This new identity allows the job server to authenticate against the Data Governance server and perform the necessary queries required for report execution.

Groups missing from the Group Memberships tree view

To examine group membership in your enterprise, Data Governance Edition requires credentials that allow it to read group memberships in the domains that make up your enterprise structure. These credentials are provided when syncing the domain for Active Directory. For SharePoint group membership, it uses the provided database connection string and reads group information from the SharePoint database. If Data Governance Edition is having trouble resolving group memberships, you will see a link in the lower-left pane (after having selected Manage Access from the client). Clicking this link displays a list of issues that details any problems encountered during group expansion.

Resolution

Ensure that you have provided credentials with the required access.

Appendix: NetApp managed host deployment

Data Governance Edition uses the NetApp Data ONTAP file screening policy (FPolicy) to track activities on the filer. This policy allows third-party file screening software to interact with the NetApp filer.

Understanding the following aspects of the deployment process are key to ensuring a successful deployment of NetApp managed hosts:

Permissions required to access NetApp filer

The service account for the remote agent responsible for scanning the NetApp filer must meet the following minimum permissions:

  • Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.)
  • Must be a member of the local Administrators group on the NetApp filer.
  • Must have permissions to access the folders being scanned.
Related Documents