The Select objects dialog is used throughout the Data Governance Edition solution allowing you to locate and select the appropriate objects for a given process.
This dialog contains the following controls:
Control | Description |
---|---|
Select this object type | This field is pre-populated with the appropriate object type(s) based on the task that launched the dialog. |
Object Types | Click the Object Types button to change the types of objects to be searched. Clicking this button displays a list of object types from which you can select from. |
From this location | This field is pre-populated with the local domain to be searched. |
Locations | Click the Locations button to change the location to be searched. Clicking this button displays a list of reference domains from which you can select from. |
Enter the object names to select | Enter the name or partial name of the object to be located. |
Check names |
After entering the object name, click the Check names button to search for the specified objects. |
Object list |
If a single object is found that matches the object name (or partial name), it appears in the objects list. If multiple objects are found that match the object name (or partial name), the Multiple Names Found dialog appears, allowing you to select one or more objects from the list. Click OK to save your selection and close the dialog. The objects selected now appear in the object list. To remove an object from this list, right-click an object and select Remove. |
Advanced | Use the Advanced button to specify a more advanced query for locating an object. Clicking this button displays the Select Users, Computers or Groups dialog to specify the query to be used to locate the object. |
Import | Use the Import button to import a previously exported QAM Account list (*.qamtl file). |
Export | Use the Export button to export the currently displayed list of objects to a QAM Account list (*.qamtl file). |
Controlling access to data is vital to eliminating issues such as security breaches, loss of sensitive information, or non-compliance with external and internal guidelines. You need a process that enables you to:
Assigning the business owner for a resource to establish the custodian for data should be done with care. This employee can be identified through various reports. For more information, see Managing business ownership for a resource.
|
Note: The assignment of a business owner is an essential component of data governance as this role is inherently part of the compliance workflows. You do not need to assign an owner when you place a resource under governance; however, you cannot assign an owner unless the resource is governed. |
Resource access requests are performed within the web portal for resources located in the IT Shop. For more information, see Publishing resources to the IT Shop.
Policies and violations can help to identify resources that need to be placed under governance.
For a list of the governed data company policies provided with Data Governance Edition, see Appendix: Governed data company policies
Attestation reviews ensure that the business has a clear statement of an employee’s data access and ensure that access to NTFS and SharePoint data is correct.
The attestation process places responsibility for the attestation review with the data or business owner as they have the best knowledge of the data and its intended use.
For a list of the governed data attestation policies provided with Data Governance Edition, see Appendix: Governed data attestation policies
Placing a resource under governance
Removing resources from governance
Managing resources under governance
Publishing resources to the IT Shop
Managing business ownership for a resource
Establishing compliance policies
Governing unstructured data allows you to manage data access, preserve data integrity, and provide content owners with the tools and workflows to manage their own data. The workflows cross the Manager and the web portal.
Through the Manager, you can:
Publish resources (folders or shares) to the IT Shop, thereby enabling self-service requests that provide compliance checks.
|
Note: Publishing resources to the IT Shop is not available for resources on NFS or Cloud managed hosts. |
Through the web portal, users have access to:
Data is considered “governed” when one of the following actions has occurred:
Once data is "governed", the Data Governance server periodically queries the agent responsible for scanning that data and retrieves detailed security information concerning it and any child data. The data is then placed in the central database to be used by policies and attestations.
The Data Governance server also periodically retrieves resource activity summary and security information which is used to calculate perceived ownership suggestions for data under governance. The activity summary information is used for populating various dashboards and views in the web portal and the perceived ownership data is used for reports.
|
Note: If you are using an Oracle database, you can configure bulk inserts of governed data security information to improve performance. To do this, add or modify the following setting to the DataGovernanceEdition.Service.exe.config file (located in the Data Governance server installation directory): <add key="OracleBulkImportBatchSize" value="500"/> Value: The number of records to be imported at a time during a bulk import. The default is 500 records. |
Identifying data to be governed is continuously adaptive in nature. Those responsible for identifying the data may include the business owner, the administrator, the compliance officer, and managers.
Consider the following when making your selection:
|
NOTE: For all managed host types, when placing a resource under governance, the resource must be a managed path or a folder or share under a managed path.
|
|
Note: On a per host basis, ensure to complete all tasks (such as adding managed paths and placing resources under governance) in the same manner — either at the share or folder level. |
|
NOTE: In order for a DFS link, target share path or folder to be placed under governance or published to the IT Shop, both the DFS server hosting the DFS namespace and the share server where the DFS link is pointing to must be added as managed hosts. If the required servers (those that contain DFS security details) are not already managed, a message box appears listing the servers that need to be added as managed hosts. Click the Add managed hosts with default options button to deploy a local agent to the servers listed in the message box and complete the selected operation. Click Cancel to cancel the selected operation and manually add the servers as managed hosts. |
To place a resource under governance
On the Place resource under governance dialog, confirm the display name and click Govern Resources.
When placing a share under governance, you can use the backing folder security or share permissions for self-service resource access requests in the web portal. The Use backing folder security for self-service option is selected by default and uses the backing folder security for the share. Clear this option to use the share permissions for the share.
When placing a DFS link under governance, select the type of security to be used:
Back in the Resource browser, "True" now appears in the Governed Resource column. The governed resource is also added to the Governed data view.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy