In order to assign ownership to a cloud resource, ensure that an Active Directory employee is assigned to the SHAREPOINTONLINE or ONEDRIVEBUSINESS account.
To assign a One Identity Manager Employee to a cloud account:
Locate and select the employee, right-click and select Tasks | Assign user accounts.
|
Note: If you have the CSM module installed, you will see an additional task, Assign cloud user accounts. Do NOT use this new task, you must select your Data Governance Edition cloud user account from the Assign user accounts task. |
The following table lists the One Identity Manager Database configuration parameters that must be set in the Designer to use various features.
|
Note: In the table, parameters marked as (Optional) may not need to be modified in order to enable email notifications. All other parameters listed must be modified with the proper information. |
If you want to: | Edit these parameters: |
---|---|
Receive email notifications from Data Governance Edition |
Common | MailNotification Common | MailNotification | DefaultAddress Common | MailNotification | DefaultCulture Common | MailNotification | DefaultLanguage Common | MailNotification | DefaultSender Common | MailNotification | SMTPAccount (Optional) Common | MailNotification | SMTPDomain (Optional) Common | MailNotification | SMTPPassword (Optional) Common | MailNotification | SMTPRelay |
Use report subscriptions and schedule reports using the web portal |
Common | MailNotification Common | MailNotification | DefaultAddress Common | MailNotification | DefaultCulture Common | MailNotification | DefaultLanguage Common | MailNotification | DefaultSender Common | MailNotification | SMTPAccount (Optional) Common | MailNotification | SMTPDomain (Optional) Common | MailNotification | SMTPPassword (Optional) Common | MailNotification | SMTPRelay QER | RPS | DefaultSenderAddress |
Receive email notifications regarding attestation cases |
QER | Attestation | DefaultSenderAddress QER | Attestation | MailApproval (Optional) QER | Attestation | MailApproval | Account (Optional) QER | Attestation | MailApproval | DeleteMode (Optional) QER | Attestation | MailApproval | Domain (Optional) QER | Attestation | MailApproval | ExchangeURI (Optional) QER | Attestation | MailApproval | Inbox (Optional) QER | Attestation | MailApproval | Password (Optional) |
Receive email notifications regarding IT Shop requests |
QER | ITShop | DefaultSenderAddress QER | ITShop | MailApproval (Optional) QER | ITShop | MailApproval | Account (Optional) QER | ITShop | MailApproval | DeleteMode (Optional) QER | ITShop | MailApproval | Domain (Optional) QER | ITShop | MailApproval | ExchangeURI (Optional) QER | ITShop | MailApproval | Inbox (Optional) QER | ITShop | MailApproval | Password (Optional) |
To edit configuration parameters
Navigate to the required configuration parameter and click the check box to the left of the entry to enable the parameter.
|
Note: Some configuration parameters will already be enabled (check box is selected) and others need to be enabled. |
Select the required parameter to display the parameter's properties in the bottom pane. Enter the required value in the Properties tab at the bottom of the pane. Click the Edit button to save your settings, which will then appear in the top pane.
|
Note: The parameter must be enabled (check box is selected) and the proper value must be specified. |
When Quest Change Auditor is installed, you can configure Data Governance Edition to collect resource activity directly from the Change Auditor database. When enabled, Change Auditor collects the selected activity events every 15 minutes on all managed hosts. The events received from Change Auditor are harvested by the Data Governance server, aggregated and placed directly into the Data Governance Resource Activity database.
The following considerations should be taken into account to determine whether Change Auditor should be used to collect resource activity:
The Change Auditor SDK authentication uses the same credentials as the Data Governance Edition managed domain service account. In this initial release of the feature, this is the user name and password used to connect to the Change Auditor SDK public port. There is no way of entering different Change Auditor SDK credentials at this time.
|
Note: This Change Auditor SDK account must have the "View Sdk" permission set. You can define an application group using the Application User Interface page in Change Auditor to assign users to roles with the proper permissions. For more information, see the Quest Change Auditor User Guide. |
The Change Auditor event collection feature only collects activity for file system, SharePoint farm and NAS events.
|
Note: Change Auditor does not always contain enough information to map to Data Governance Edition resources. Therefore, the following SharePoint farm events are not included in Data Governance Edition activity reports:
|
Collect and aggregate events is selected by default.
|
Note: Read events are disabled by default; however, each managed host can specify the types of events to be collected. |
To use Change Auditor to collect resource activity
Navigate to and expand TargetSystem | ADS | QAM.
Click the check box to the left of UseChangeAuditor.
When enabled, Change Auditor collects events every 15 minutes on all managed hosts. To change this collection interval, modify the CAAggregationIntervalMinutes parameter.
|
TIP: If you have large amounts of real-time Change Auditor events, you may want to reduce the aggregation interval to every five minutes. Check the Data Governance service log for the Change Auditor query results to determine the number of events returned to Data Governance Edition. In this scenario, do NOT increase the aggregation interval (for example, to 24 hours), as this will cause Data Governance Edition to try and accept millions of events from Change Auditor, which could cause the Data Governance service to fail or timeout. |
If you install the One Identity Manager Application Server under IIS, you must add an account that is able to access the Data Governance server (that is, an Active Directory user account that is mapped to a One Identity Manager employee with the Data Governance/Administrators and Data Governance/Access Managers application roles applied) as the application pool identity.
To modify the application pool identity
If the Application Server application pool is set to the default Network Security identity, Data Governance Edition reports will fail to generate.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy