Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - User Guide

Introduction Data Governance navigation node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting Appendix: EMC, NetApp Filer, and SharePoint configuration details Appendix: PowerShell commands Appendix: Governed data attestation policies Appendix: Governed data company policies Appendix: Governed data risk index functions About us

Rejecting the ownership of a governed resource

The Master data page for a governed resource contains the properties for the resource, including the ownership assigned to the resource. As a business owner, you can reject ownership of a governed resource using this page.

To reject the ownership of a resource

  1. From the Home page, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select a resource.
  4. Click Master data to display the resource's properties.
  5. Click the Reject ownership button at the bottom of the page.
  6. On the Reject Ownership dialog, enter a reason in the text box and click Submit.

    An email request is immediately sent and not added to the shopping cart.

To view the resource ownership rejection request, navigate to Request | My Requests | Request History.

Viewing and assigning classification level to owned resources

As a business owner, you can use the web portal to see what classification level is assigned to the resources you own. The classification level information is available on the following pages in the Governed Data view:

  • Overview: The Governed Data pane on this page provides a read-only view of the classification level assigned.
  • Classification: The current classification assignments are displayed on this page.

These pages contain the following details related to classification for the selected resource.

Table 71: Owned resource properties related to classification
Property Description
Classification Level

The classification level assigned to the resource.

NOTE: On the Classification page, this field contains a drop-down menu allowing you to assign a different classification level to the selected resource.
Description

Descriptive text (read-only) associated with the selected classification level.

NOTE: This field is only available on the Classification page.
Justification

Use this text box to enter a reason for assigning the current classification level.

NOTE: This field is only available on the Classification page.

To view classification level assigned to owned resources

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select the resource.

  4. Open one of the following pages to view the current classification level assignment:

    • Overview
    • Classification

    NOTE: In addition to viewing the properties on the Classification page, you can assign a different classification level to the selected resource.

To classify an owned resource (web portal)

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select the resource.
  4. Click Classification to display the current classification level assignment.
  5. From this page, you can assign a classification level to the selected resource:

    • Classification level: Select a classification level from the drop-down menu.
    • Description: Read-only field displaying the description of the selected classification level.
    • Justification: (Optional) Enter a reason for assigning this level of classification to the resource.
  6. Click Save. A "Your changes have been saved" message appears at the top of page.

Viewing groups and accounts with access permissions for governed resources

The Access page for a governed resource displays all Active Directory groups and accounts that have at least one of the five access permissions to the resource:

  • AllowChangePermissions: This is checked when "Change Permissions" access control is allowed.
  • AllowFullControl: This is checked when "Full Control" access control is allowed.
  • AllowRead: This is checked when any type of read permission (such as, Read Permissions, Read Attributes, List Folder/Read Data) is allowed.
  • AllowWrite: This is checked when any type of write permission (such as, Create Files/Write Data, Write Attributes, Write Extended Attributes) is allowed.
  • AnyAllow: This is checked when any "Allow" permissions are specified.

Note: Access control entries on governed resources, as displayed in the web portal by a business owner, may not always appear as expected. For example, the access right "List Folder Contents" will show as "AllowRead" and "AnyAllow" in the web portal. This is because the List Folder Contents right enables the "allow" read permissions.

In addition, if the assigned permissions are not correct, you can submit a request to remove an access permission or modify the access permissions for a resource. For more information, see Changing access permissions for a governed resource.

To view the groups and accounts with access permissions for a governed resource

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select the resource.
  4. Click the Access tab.
  5. Select the Show assigned permissions option.

    The Active Directory accounts that are directly on the security descriptor for the resource appear. The access permissions assigned to each account or group is also displayed.

    (Optional) Select the Include accounts of type "Alias" and "Wellknown" check box to include those accounts in the access permissions grid.

  6. Select the Show effective permissions option to expand groups so you can then drill down to see the actual members of the group that have access to the selected resource.
Related Topics

Changing access permissions for a governed resource

Viewing access permissions of authorized accounts and groups

Changing access permissions for a governed resource

The Access page for a governed resource displays all Active Directory groups and accounts that have at least one of the five access permissions to the resource. In addition, if the security settings on this resource are incorrect, you can submit a request to modify the access rights.

To change the access permissions for a resource

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select the resource.
  4. Click the Access tab.
  5. Select the Show assigned permissions option to view the access permissions assigned to the Active Directory accounts and groups.
  6. To request the removal of a specific permission, click on the associated check mark (for example, click the check mark in the AllowFullControl column).

    The Security modification dialog appears. The reason is pre-populated, but can be edited if necessary. Click Submit.

    The request is immediately sent and not added to the shopping cart.

  7. To request a different type of security modification (for example to add an additional permission), click the Request modification button.

    On the Security modification dialog, enter the type of modification to be made in the Reason text box and click Submit.

    The request is immediately sent and not added to the shopping cart.

To view the change resource security request, navigate to Request | My Requests | Request History.

Related Documents