Governing unstructured data allows you to manage data access, preserve data integrity, and provide content owners with the tools and workflows required to manage their own data.
By publishing a resource to the IT Shop, the resource is placed under governance and is then available for users to request access to it. You can publish and request access to NTFS shares, files and folders, and SharePoint objects from the site level and below. Beginning with Data Governance Edition version 7.0.1, you can request to have a file system share created that can then be made available to others through the IT Shop.
|Data Governance Administrator||
Data Governance Administrators must be assigned to the Data Governance\Administrators application role. They must also be assigned to the Request & Fulfillment\IT Shop\Product Owners application role or an application role under the Product Owners role to approve IT Shop requests.
The Data Governance Administrator uses the Manager to ensure self-service resource access requests are available in the IT Shop. For more details on setting up the IT Shop, see Setting up resource access requests and Setting up share creation requests.
The Data Governance Administrator uses the web portal to perform the following tasks after a file share creation request is submitted:
The Resource Access shelf is available through the Identity & Access Lifecycle shop, which is included by default with the One Identity Manager installation. All active employees are automatically members of this shop and can therefore make requests.
End-users or resource consumers use the web portal to perform the following tasks:
Business owners must be assigned to the Data Governance\Direct Owners application role, which is automatically assigned when ownership is set. They must also be assigned to the Request & Fulfillment\IT Shop\Product Owners application role or an application role under the Product Owners role to approve IT Shop requests.
The business owner of a resource uses the web portal to perform the following tasks:
Business owners who have both the Data Governance\Administrators and Data Governance\Direct Owners application roles assigned, can also use the web portal to define who can see and access owned resources. For more information, see Restricting access to self-service resource access requests.
Employee managers must be assigned to the Request & Fulfillment\IT Shop\Product Owners application role or an application role under the Product Owners role to approve IT Shop requests.
An employee's manager uses the web portal to perform the following tasks after a file system share creation request is submitted:
The One Identity Manager Data Governance Edition IT Shop Resource Access Requests User Guide is intended for employees interested in learning more about the IT Shop resource access and share creation request process. For Data Governance Administrators, it provides the setup instructions required to make self-service requests available to employees in the IT Shop. For employees, it explains how to initiate a request through the IT Shop and the approval processes used for each type of request. For business owners, group owners and managers, it explains how to approve or deny a request. For Data Governance Administrators, it explains how to select the server to host the new file system share and define the groups that will have permissions to the new file system share. It also provides troubleshooting tips and customization instructions for administrators who are interested in modifying the default configuration and processes used.
For more information on how to use the web portal or set up the IT Shop for governed data, see the following documents:
Note: This document does not cover all types of product requests that can be made through the web portal. It covers resource access requests for resources placed under governance and file system share creation requests. See the documents listed above for more information about the other features available through the One Identity Manager web portal and IT Shop.
Using the web portal IT Shop, employees can request access to resources that are governed and published to the IT Shop. When a resource access self-service request is successfully processed and approved, the employee is added to the specified group and access is granted through this group membership.
For more details on setting up the IT Shop, requesting and approving resource access requests, troubleshooting issues, or customizing the default process, see:
As the Data Governance Administrator, use the Manager to perform the following tasks to enable self-service resource access requests within the One Identity Manager IT Shop: