There are a number of ways, as described below, to verify that resource activity is being recorded properly:
At the Data Governance server level, check the DataGovernanceEdition.Service.exe.dlog file for a message similar to the one below which is logged when an agent sends activity to the Data Governance server (search for the words in bold):
2016-07-2015:14:33:539 [INFO][SendSplitMessageResponses(179)] Sending UpdateResourceUsage in 1 parts.
In the Manager, run the Resource Activity report:
Data Governance Edition information is stored in the QAM module tables in One Identity Manager. This chapter provides some additional details regarding some of the commonly used QAM module components.
The following One Identity Manager database tables are used to store Data Governance Edition data.
Contains the installed agents for all locally managed hosts and remote hosts. Includes the correlation to a managed host, current agent status, agent version, agent name and public key information.
Agent DGE-SERVER is a local agent monitoring the server DGE-SERVER. Current status is OK and current version is x.x.
|QAMAgentEvent||Stores the critical errors sent in by a running agent. You can view or clear critical errors through the Agents view in the Manager.|
Contains the managed paths for all installed agents. Contains the responsible agent, the full path of the root, and the root type. This information is pushed to the agent configuration file as well.
\\dge-server\C$\Shares\Share1 is a folder managed path for agent DGE-SERVER.
Stores data about the classification levels (pre-defined or customer-defined) available for classifying data.
Contains the DFS paths for all managed DFS hosts. Includes information pertaining to DFS targets, associating local paths on a given server to a DFS managed host: Local Path, Target Server, Target Share, DFS Path and DFS managed host.
DFS-Folder is a DFS target located on server X at local path Y associated with DFS managed host Z.
Contains the resources under governance across all managed hosts, including the responsible managed host, resource type, security descriptor, paths, business ownership information, as well as whether the data is a point of interest, is published to the IT Shop, is stale, or is a backing folder for a share.
Share1 is an NTFS/Folder resource that is a point of interest, currently published to the IT Shop using Folder security, and owned by Gary. Last point of interest calculation occurred 15 minutes ago.
These tables help correlate accounts found in permissions, and therefore in QAMTrustee, to their identity, synchronized by One Identity Manager. These tables are also used by the web portal to map accounts and employees used to calculate perceived owners.
For example, it shows the correlation between an Active Directory user found in a security index on an agent to the Active Directory account synchronized within an Active Directory domain.
|QAMLocalGroup||Stores the local groups discovered and synchronized on a Windows computer by the local agent.|
|QAMLocalUser||Stores the local users discovered and synchronized on a Windows computer by the local agent.|
|QAMLocalUserInLocalGroup||Correlates the local user accounts in QAMLocalUsers with the groups they belong to in QAMLocalGroups.|
Contains the installed managed hosts. The managed host information includes the host type, status, and agent configuration settings such as: file system activity settings, file system indexing settings, and file system scanning settings.
DGE-SERVER is a Windows Server, currently in OK status, with 256 total resources under governance, and 256 points of interest. The current agent configuration excludes x files and folders, synchronizes activity every 15 minutes under a five minute aggregation, and scans security index information once a day.
|QAMOtherSIDInLocalGroup||Stores Active Directory accounts found in local groups by a local agent that were not resolved in Active Directory. This links to Active Directory sync of unresolved SIDs.|
Stores the agent scanner states.
For example, a scanner would be the Windows Computer, Service Identities, Local Groups, NTFS, SharePoint, NFS, and Cloud. Each of these "scans" the managed paths collecting security data.
Contains direct access points for accounts that have been scanned by Data Governance agents, indicating the type of access that they have.
Contains information for security accounts that have explicit ACL security. This table is closely paired with QAMSecurityIndex and contains the specific account information, such as the account's security identifier (SID).
Gary with SID 123, is a Domain User, and has a display value of Domain\Gary.
The following One Identity Manager views (queries) retrieve Data Governance Edition resource activity and security information.
Contains a summary view of who has generated activity events on what resources. The summary contains information about the trustee account, the managed host, and the activity the account generated on the resource.
Gary performed a delete operation on governed resource X located on managed host Y.
Contains a summary view of who has what security permissions on what resources. The summary contains information about the trustee account, the resource under governance, the managed host, and the access information that the account has on the resource.
Gary has AllowFullControlAccess on governed resource X located on managed host Y.