Data Governance Edition ships with predefined classification levels; however, you may need to modify these predefined classification levels to match the classification levels defined for your organization. You can use the Manager or Windows PowerShell to add, edit or delete the classification levels in your Data Governance Edition deployment.
By default, the following Classification levels are defined for you:
|
Note: When the Data Governance service first starts up, it writes the default classification level data into the One Identity Manager database. This behavior is controlled by a registry key, HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server\ClassificationLevelDefaultData. If you delete the default classification levels in your Data Governance Edition deployment and replace them with new classification levels, you must move or set this registry key if you move the Data Governance service to another machine to prevent the reloading of previously deleted default classification levels. If you modify the default classification levels in your Data Governance Edition deployment, the data is retained if you move the Data Governance service to another machine. For more information about this registry key, see the One Identity Manager Data Governance Edition Technical Insight Guide. |
You can use the Manager or Windows PowerShell to define a new classification level in your Data Governance Edition deployment.
To add a new classification level (Manager)
In the Manager, select Data Governance | Classification.
The Classification view appears listing the current classification levels defined in your Data Governance Edition deployment.
Select the New task or right-click command.
Description: Enter descriptive text to be associated with the new classification level.
Click OK to save the new classification level and close the dialog.
Back on the Classification view, the new classification level appears at the bottom of the list.
Use the Move up and Move down tasks to define where in the display order the new classification level is to appear.
To add a new classification level (PowerShell)
If necessary, import the QAM.Client.PowerShell.dll assembly:
Import-Module "<path>"
Where <path> is the file path for the QAM.Client.PowerShell.dll assembly. By default, the <path> for the Data Governance server machine is "C:\Program Files\One Identity\One Identity Manager\QAM.Client.PowerShell.dll".
Run the following cmdlet to define each classification level:
Add-QClassifictionLevel [-Name] <String> [-Description] <String> [[-SortOrder] [<Int>]]
Name: Specify the name to be associated with the new classification level.
Description: Enter descriptive text to be associated with the new classification level.
SortOrder: (Optional) Specify a value to indicate where in the display order the new classification level is to appear.
|
Note: The classification levels are displayed in ascending order based on SortOrder. If no SortOrder value is specified, the classification level will appear at the top of the list. |
You can use the Manager or Windows PowerShell to edit an existing classification level in your Data Governance Edition deployment.
|
Note: Any Data Governance Edition customizations (such as attestation or company policies) that use the name of a classification level, will no longer work if you edit the name of the classification level. |
To edit a classification level (Manager)
In the Manager, select Data Governance | Classification.
Click OK to save your changes and close the dialog.
To edit a classification level (PowerShell)
If necessary, import the QAM.Client.PowerShell.dll assembly:
Import-Module "<path>"
Where <path> is the file path for the QAM.Client.PowerShell.dll assembly. By default, the <path> for the Data Governance server machine is "C:\Program Files\One Identity\One Identity Manager\QAM.Client.PowerShell.dll".
Run the following cmdlet to define each classification level:
Set-QClassificationLevel [-ID] <String> [[-Name] [<String>]] [[-Description] [<String>]] [[-SortOrder] [<Int>]]
ID: Specify the Identifier of the classification level to be modified.
|
Note: Run the Get-QClassificationLevelConfiguration cmdlet to retrieve a list of configured classification levels, including their assigned identifiers. |
SortOrder: Specify to change where in the display order the classification level is to appear.
|
Note: The classification levels are displayed in ascending order based on SortOrder. |
You can use the Manager or Windows PowerShell to remove a classification level from your Data Governance Edition deployment.
|
TIP: Deleting a classification level will automatically remove it from all associated governed data. Run the Get-QDataUnderGovernanceByClassificationLevel cmdlet to retrieve a list of the resources still assigned to the classification level before running the delete operation. |
|
Note: Any Data Governance Edition customizations (such as attestation or company policies) that use the name of a classification level, will no longer work if you remove the classification level. |
To remove a classification level (Manager)
To remove a classification level (PowerShell)
If necessary, import the QAM.Client.PowerShell.dll assembly:
Import-Module "<path>"
Where <path> is the file path for the QAM.Client.PowerShell.dll assembly. By default, the <path> for the Data Governance server machine is "C:\Program Files\One Identity\One Identity Manager\QAM.Client.PowerShell.dll".
Run the following cmdlet to define each classification level:
Remove-QClassificationLevel [-ID] <String>
ID: Specify the identifier assigned to the classification level to be removed.
|
Note: Run the Get-QClassificationLevelConfiguration cmdlet to retrieve a list of configured classification levels, including their assigned identifiers. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy