Introduction
Data Governance Edition Network Communications
Data Governance service
Data Governance service deployment process
Data Governance service configuration
Data Governance service internal tasks
Manually deploying Data Governance service
Data Governance agents
Resource activity collection in Data Governance Edition
Resource Activity database maintenance
QAM module tables
Configurable configuration file settings
Activity database maintenance configuration
Manually running the activity compression utility
Manually running the activity deletion utility
How to validate resource activity is making it to the Resource Activity database
Data Governance service configuration file settings
Configurable registry settings
additionalOperatingSystems
AgentLeaseRenewPeriod
CollectPoi.CheckFrequencyInMinutes
CollectPoi.IgnoreChangedResourceSynchronization
CollectPoi.IncludeDeviations
CollectPoi.MaxConcurrentQueries
CollectPoi.OverdueThresholdInMinutes
CollectPoi.QueryBatchSize
CollectPoi.QueryTimeoutInMinutes
CollectPoi.QueryUpperBound
DfsDataSyncInterval
DisablePerceivedOwnershipUpdate
FolderSecurity.UseAdminPathsForShareFolders
ManagedHostDeleteBatchSize
MessagingCacheFolder
Metrics.CollectionIntervalInSeconds
MinimumSupportedModuleMigrationVersion
OracleBulkImportBatchSize
PerceivedOwnershipActivityPeriod
PerceivedOwnershipByResourceActivity
PerceivedOwnershipByResourceOwner
PerceivedOwnershipCalcUpdatesRefreshIntervalMinutes
PerceivedOwnershipMaxReturnValue
RemoteExecutor.WaitResultTimeout
RestServicePort
SelfService.AllowNonPublishedGroups
SelfService.AllowUnsychronizedGroups
SelfService.EnableSelfServiceRequest
SelfService.IncludeSuitabilityTraceInfo
SelfService.MarkSuitabilityTraceInfo
SelfService.MaximumMethodsCount
SelfService.SuitabilityThreshold
SuggestedAgentCap
SyncDomainPasswordInterval
VerboseHostForTrusteeLogging
Activity weight multipliers
Self-service suitability calculation multipliers
Data Governance agent configuration file settings
baseActivePort
cloudGroupResolutionInSeconds
indexingEnabled (localGroup scanning)
indexingEnabled (local user rights scanning)
indexingEnabled (service identities scanning)
indexingEnabled (share scanning)
keepQueryDocuments
localGroupResolutionInSeconds
numberOfSharepointScanThreads
OverrideFPolicyName
overrideServerUri
serviceIdentityIndexingResolutionInSeconds
shimCloseTimeoutInMinutes
shimOpenTimeoutInMinutes
shimReceiveTimeoutInMinutes
shimSendTimeoutInMinutes
usageFlushIntervalInSeconds
windowsComputerResourceResolutionInSeconds
Data Governance service registry settings
PowerShell commands
Agent query timeout (AsyncQueryTimeoutInMinutes)
Write default classification level data to database (ClassificationLevelDefaultData)
Default employee SID (DefaultEmployeeSid)
Explicit exclusion of groups (ExclusionByDN)
Filter accounts from Resource access report (FilterNoisyAccounts)
Global agent installation location (GlobalAgentInstallLocation)
Manual FPolicy creation (ManualFPolicyCreation)
Resource access data points (MaxDataPoints)
View deviations data points (MaxDataPoints)
Data governance overview results (MaxResults)
Resource Activity database connection string (QAMAuditActivityDBConnectionString)
Deployment name (QAMDeploymentId)
Oracle deployment: Resource Activity database (QDGDBPlatformOracle)
One Identity Manager database connection string (Q1IMDBConnectionString)
Oracle deployment: One Identity Manager database (Q1IMDBPlatformOracle)
Write default managed group template data to database (ResourceTemplateDefaultData)
Agent start/stop timeout (StartStopServiceTimeout)
WCF timeouts (wcfTimeoutInMinutes)
Reporting timeout (WcfTimeoutReportingInMinutes)
Adding the PowerShell snap-ins
Finding component IDs
Data Governance Edition deployment
About us
Get-QDeploymentInfo
Get-QEncryptionOptions
Get-QServerAllLogs
Get-QServerVersion
Initialize-QDataGovernanceActivity
Initialize-QDataGovernanceServer
Register-QServiceConnectionPoint
Remove-QServiceConnectionPoint
Set-QDeploymentInfo
Set-QEncryptionOptions
Set-QServiceConnection
Service account management
Add-QServiceAccount
Get-QLogonServiceAccount
Get-QServiceAccounts
Remove-QServiceAccount
Set-QServiceAccountUpdated
Managed domain deployment
Agent deployment
Managed host deployment
Add-QDfsManagedHost
Add-QManagedHostByAccountName
Clear-QResourceActivity
Get-QHostsForTrustee
Get-QManagedHosts
Remove-QManagedHost
Set-QManagedHostProperties
Set-QManagedHostUpdated
Trigger-QDfsSync
Account access management
Get-QAccountAccess
Get-QAccountAccessOnHosts
Get-QAccountActivity
Get-QAccountAliases
Get-QAccountsForHost
Get-QADAccount
Get-QGroupMembers
Get-QIndexedTrustees
Resource access management
Export-QResourceAccess
Get-QChildResources
Get-QFileSystemSearchResults
Get-QHostResourceActivities
Get-QPerceivedOwners
Get-QResourceAccess
Get-QResourceActivity
Get-QResourceSecurity
Set-QResourceSecurity
Governed data management
Get-QDataUnderGovernance
Get-QPerceivedOwnerPol
Get-QSelfServiceClientConfiguration
Get-QSelfServiceMethodsToSatisfyRequest
Remove-QDataUnderGovernance
Set-QBusinessOwner
Set-QDataUnderGovernance
Set-QSelfServiceClientConfiguration
Trigger-QDataUnderGovernanceCollection
Upgrade-QDataUnderGovernanceRecords
Classification management
Default employee SID (DefaultEmployeeSid)
Configurable registry settings > Data Governance service registry settings > Default employee SID (DefaultEmployeeSid)
Default employee SID (DefaultEmployeeSid)
This registry key specifies the security identifier (SID) of the default employee used by the Data Governance topology harvest process. This setting is used by the ManagementServer internal service that manages the core Data Governance service dependencies.
| Location | Registry |
| Path | HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server |
| Value name | DefaultEmployeeSid |
| Value type | REG_SZ |
| Value | SID of the user used by the Data Governance topology harvest process. |
| Note | This key is present if you used the Data Governance Configuration wizard to install the Data Governance service. |
Explicit exclusion of groups (ExclusionByDN)
Configurable registry settings > Data Governance service registry settings > Explicit exclusion of groups (ExclusionByDN)
Explicit exclusion of groups (ExclusionByDN)
On the Data Governance server, configure the following registry key to exclude groups from self-service group selection.
|
|
NOTE: You may want to mark certain groups as being ineligible for self-service requests, especially when Data Governance Edition is configured to allow for non-published groups to be presented. In this case, it is possible to mark either specific groups, or all groups within a particular Active Directory container as being ineligible for access requests. |
| Location | Registry | ||
| Path |
HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server\DeploymentData\SelfService
| ||
| Value name | ExclusionByDN | ||
| Value type | REG_SZ | ||
| Value |
Create string values whose names match the distinguished name of the groups that are to be excluded.
|
Filter accounts from Resource access report (FilterNoisyAccounts)
Configurable registry settings > Data Governance service registry settings > Filter accounts from Resource access report (FilterNoisyAccounts)
Filter accounts from Manage Access view (FilterNoisyAccounts)
Create the following registry key on the client computer where the Manager is installed to indicate whether noisy accounts (that is, accounts with indirect access granted through the BUILTIN\Administrators or BUILTIN\Users accounts), are to be filtered from the Manage Access view.
| Location | Registry |
| Path | HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Client |
| Value name | FilterNoisyAccounts |
| Value type | DWORD |
| Value |
Valid values:
|
Global agent installation location (GlobalAgentInstallLocation)
Configurable registry settings > Data Governance service registry settings > Global agent installation location (GlobalAgentInstallLocation)
Global agent installation location (GlobalAgentInstallLocation)
By default, the agent will be installed in %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services. To change this default location, create the following new string value in the registry on the Data Governance server.
| Location | Registry |
| Path | HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server |
| Value name | GlobalAgentInstallLocation |
| Value type | REG_SZ |
| Value | Agent installation location |
| Note | All agents attempt to deploy the folder specified in this registry setting. If, when you deploy an individual agent, you select an alternate installation location on the Managed Hosts Settings dialog, the location specified takes precedence over the default location specified in the registry. |