Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management
About us

Configurable registry settings

There are registry settings that can be configured for the Data Governance service.

NOTE: Legacy Data Governance agent registry settings are no longer available. Use the agent's configuration file to modify agent configurations that are not available in the Manager client. For more information, see Data Governance agent configuration file settings.

NOTE: One Identity does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986: Windows registry information for advanced users, on the Microsoft support site.

Data Governance service registry settings

The following Data Governance service settings can be altered or created in the registry to modify the default behavior.

Note: After modifying a registry key, restart the Data Governance service and Manager to apply the changes.

Table 75: Registry key settings: HKEY_CURRENT_USER
Registry key setting Description
Agent query timeout (AsyncQueryTimeoutInMinutes) Specifies the maximum amount of time (in minutes) an agent query can run before it times out.
Resource access data points (MaxDataPoints) Specifies the maximum number of data points to be included in a Resource Access report.
View deviations data points (MaxDataPoints) Specifies the maximum number of data points to be included when viewing deviations.
Data governance overview results (MaxResults) Specifies the maximum number of records to be returned and displayed on the Data governance overview.
WCF timeouts (wcfTimeoutInMinutes) Specifies the maximum amount of time it should take a WCF command to complete before it times out.
Reporting timeout (WcfTimeoutReportingInMinutes) Specifies the maximum amount of time it should take to generate a report before it times out.
Table 76: Registry key settings: HKEY_LOCAL_MACHINE
Registry key setting Description
Write default classification level data to database (ClassificationLevelDefaultData) Indicates whether the default classification level data is to be written to the One Identity Manager database.
Default employee SID (DefaultEmployeeSid) Specifies the SID of the default employee used by the Data Governance topology harvest process.
Explicit exclusion of groups (ExclusionByDN) Indicates whether to exclude groups from self-service group selection.
Filter accounts from Manage Access view (FilterNoisyAccounts) Determines whether to filter out noisy accounts (that is, built-in accounts (Administrators and Users)) from the Manage Access view.
Global agent installation location (GlobalAgentInstallLocation) Specifies the default installation location for deploying Data Governance agents.
Manual FPolicy creation (ManualFPolicyCreation) Determines whether to manually create the FPolicy for a NetApp filer.
Resource Activity database connection string (QAMAuditActivityDBConnectionString) Specifies the connection string to the Data Governance Resource Activity database.
Deployment name (QAMDeploymentId) Specifies the deployment name assigned to the Data Governance Edition deployment.
Oracle deployment: Resource Activity database (QDGDBPlatformOracle) Indicates whether you are using a SQL Server or Oracle database for the Resource Activity database.
One Identity Manager database connection string (Q1IMDBConnectionString) Specifies the connection string to the One Identity Manager database.
Oracle deployment: One Identity Manager database (Q1IMDBPlatformOracle) Indicates whether you are using a SQL Server or Oracle database for the One Identity Manager database.
Write default managed resource data to database (ResourceTemplateDefaultData) Indicates whether the default managed resource data is written to the One Identity Manager database.
Agent start/stop timeout (StartStopServiceTimeout) Sets the amount of time to wait for the agent service to start or stop before it times out.

Agent query timeout (AsyncQueryTimeoutInMinutes)

Agent query timeout (AsyncQueryTimeoutInMinutes)

Create the following registry key on the client computer where the Manager is installed to specify the maximum amount of time (in minutes) an agent query can run before it times out.

Table 77: Registry setting: AsyncQueryTimeoutInMinutes
Location Registry
Path

HKEY_CURRENT_USER\SOFTWARE\One Identity\Broadway\Client\Controls

NOTE: The Controls subkey does not exist by default and will need to be created.
Value name AsyncQueryTimeoutInMinutes
Value type REG_DWORD
Value

Maximum amount of time, in minutes, before an agent query times out.

Default: 20 minutes

Write default classification level data to database (ClassificationLevelDefaultData)

Write default classification level data to database (ClassificationLevelDefaultData)

This key indicates whether the default classification levels defined in Data Governance Edition are written to the One Identity Manager database.

NOTE: This registry value is checked on Data Governance service startup and if not present or if its value is set to 0, Data Governance Edition writes the default classification values into the One Identity Manager database and sets the registry value. When this value is set to 1, this indicates that the default classification level data is already stored in One Identity Manager database and should not be overwritten on service startup.
Table 78: Registry setting: ClassificationLevelDefaultData
Location Registry
Path

HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server

Value name ClassificationLevelDefaultData
Value type REG_DWORD
Value

Valid values:

  • 0: Write the default classification level data into the One Identity Manager database.
  • 1: Default classification level data is already stored in the One Identity Manager database: do not overwrite on Data Governance service startup.
Notes

If you delete the default classification levels in your Data Governance Edition deployment and replace them with new classification levels, you must move or set this registry key if you move the Data Governance service to another machine. When you move the Data Governance service to another machine, before starting the Data Governance service ensure that this registry key is set (value is set to 1); otherwise, the Data Governance service will reload any previously deleted default database data that was inserted when the Data Governance service was initially started (on the first machine).

If you modify the default classification levels in your Data Governance Edition deployment, the classification level data is retained if you move the Data Governance service to another machine.

Related Documents