Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management
About us

Resource types

The following resource types are referenced in Data Governance Edition data.

Table 9: Resource types
Value Resource type
0101 Windows Computer\Share
0102 Windows Computer\Local User Rights
0103 Windows Computer\Operating System Administrative Rights
0201 NTFS\File
0202 NTFS\Folder
0301 Service Identities\Windows Service Identity
0401 SharePoint\Farm
0402 SharePoint\FarmAdminRight
0403 SharePoint\WebAppPolicy
0404 SharePoint\SiteCollectionAdminRight
0405 SharePoint\ServiceApplicationPermission
0406 SharePoint\ResourceItem
0407 SharePoint\WebApplication
0408 SharePoint\SiteCollection
0409 SharePoint\Site
0410 SharePoint\List
0411 SharePoint\Folder
0412 SharePoint\ListItem
0601 DFS\Link
0701 NFS\File
0702 NFS\Folder
0801 Cloud\File
0802 Cloud\Folder

Trustee types

This table lists the types of accounts that Data Governance Edition is aware of.

Table 10: Trustee types
Value Trustee type
1 Domain User
2 Domain Group
3 Domain
4 Alias
5 Wellknown
6 Deleted
7 Invalid
8 Unknown
9 Computer
60000 Broadway
60001 Machine Local User
60002 Machine Local Group
60003 SharePoint Identifying Claim
60004 SharePoint Group
60005 SharePoint Claim
60006 Unix Owner
60007 Unix Group
60008 Unix Other
70001 Cloud User
70002 Cloud SPOGroup (that is, SharePoint Online group)
70003 Cloud ODBGroup (that is, OneDrive for Business group)

Configurable configuration file settings

Data Governance Edition provides configuration files for the Data Governance service and the Data Governance agents.

Data Governance service configuration file settings

The following Data Governance service configuration settings can be configured in the DataGovernanceEdition.Service.exe.config file in the server directory: %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server.

Table 11: Server settings
Configuration setting Description
AgentLeaseRenewPeriod Sets the agent lease renewal interval.
DfsDataSyncInterval Sets the default DFS synchronization interval.
DisablePerceivedOwnershipUpdate Can be used to disable the automatic perceived owner calculation for governed data.
FolderSecurity.UseAdminPathsForShareFolders Controls how the Data Governance server deals with the security that backs folders.
ManagedHostDeleteBatchSize Defines the batch size used to delete managed hosts and their associated resources and resource activity records from the database.
MessagingCacheFolder Defines the server messaging cache location.
Metrics.CollectionIntervalInSeconds Sets the metrics collection interval.
MinimumSupportedModuleMigrationVersion Specifies the minimum supported module migration version.
OracleBulkImportBatchSize Specifies the number of records to be imported at a time during a bulk import for an Oracle database.
PerceivedOwnershipActivityPeriod Defines the time period (in days) to look for past resource activity to determine perceived owners.
PerceivedOwnershipByResourceActivity Indicates the primary source for calculating perceived owners: resource activity history or security information.

PerceivedOwnershipByResourceOwner

Indicates whether the access control list owner within the target system should be considered as a perceived owner suggestion.

PerceivedOwnershipCalcUpdatesRefreshIntervalMinutes Sets the perceived ownership update interval.
PerceivedOwnershipMaxReturnValue Defines the maximum number of perceived ownership suggestions returned as a result of calculating perceived owners for a resource.
RemoteExecutor.WaitResultTimeout Defines how long the Data Governance service should wait for results from the RemoteExecutor before timing out.
RestServicePort Sets the communication port for HTTP protocol and REST services. (Communications with PowerShell and One Identity Manager clients and web server.)
SuggestedAgentCap Defines the suggested maximum number of agent instances on a given computer.
SyncDomainPasswordInterval Sets the managed domain and security information cache refresh interval.
VerboseHostForTrusteeLogging Debug setting used to log the complete Alias table used for the query.
Table 12: Self-service settings
Configuration setting Description
SelfService.AllowNonPublishedGroups Indicates whether groups not published to the IT Shop are displayed in self-service web portal.
SelfService.AllowUnsychronizedGroups Indicates whether groups not synchronized with One Identity Manager are displayed in self-service web portal.
SelfService.EnableSelfServiceRequest Indicates whether self-service requests are enabled.
SelfService.IncludeSuitabilityTraceInfo Indicates whether the suitability trace information is to be included as a property in the self-service request results.
SelfService.MarkSuitabilityTraceInfo Indicates whether the suitability integer is to be shown in the user interface when self-service groups are returned.
SelfService.MaximumMethodsCount Defines the maximum number of self-service groups that can be returned for consideration.
SelfService.SuitabilityThreshold Specifies the lowest possible suitability score to be used when returning self-service groups.
Table 13: Points of interest (POI) settings
Configuration setting Description
CollectPoi.CheckFrequencyInMinutes Sets the stale POI information check interval.
CollectPoi.IgnoreChangedResourceSynchronization Indicates whether the changed resource synchronization should be ignored.
CollectPoi.IncludeDeviations Indicates whether deviations are to be included in POI query.
CollectPoi.MaxConcurrentQueries Defines the maximum number of simultaneous POI queries to be performed.
CollectPoi.OverdueThresholdInMinutes Sets the amount of time before a resource is considered to be overdue for POI collection.
CollectPoi.QueryBatchSize Defines the threshold on which a query is sent to the agent.
CollectPoi.QueryTimeoutInMinutes Sets the amount of time before a POI query expires.
CollectPoi.QueryUpperBound Defines the maximum number of resources to be returned from a POI query.
Table 14: Custom host parameters
Configuration setting Description

additionalOperatingSystems

Allows you to specify additional operating systems so that those hosts can be added as generic managed hosts

In addition to the server, POI collection, and self-service settings listed above, you will find the following settings in the Data Governance service configuration file:

Related Documents