Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - User Guide

Introduction Data Governance navigation node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting Appendix: EMC, NetApp Filer, and SharePoint configuration details Appendix: PowerShell commands Appendix: Governed data attestation policies Appendix: Governed data company policies Appendix: Governed data risk index functions About us

Analyzing access by organizational structure

You can use the Access Analysis page on the Governed Data view to display a graphical representation showing who has access to a governed resource based on organizational structure.

To analyze access by organizational structure:

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select the resource you want to analyze.
  4. Select Access Analysis to view a graphical representation or details gather from analyzing access based on organizational structure.

    This view contains the following tabs:

    • Access analysis on <resource type>: For the selected resource, this page displays different graphics showing the access rights assigned to people based on organizational structure.
    • Access analysis on backing folder permissions: For the backing folder associated with the resource, this page displays different graphics showing the access rights assigned to people based on organizational structure.
    • Access Details: This page displays a list of the people used in the access analysis of the selected resource.

    For more information, see Resource's Governed Data view.

  5. The data is displayed in pie charts; however, clicking the Grid view link will pop up a dialog that displays the data in a grid format.
  6. Clicking a segment in a pie chart or the View People button in the grid view displays a list of the people associated with the selected item.

Generating governed data reports

The Reports page for a governed resource displays the Data Governance Edition reports that can be generated for the selected resource. The following Data Governance Edition reports can be generated for a resource:

Table 72: Governed data reports
Report Description
Resource Access

This report identifies which accounts have access to the resource. This can help you meet your compliance and audit goals by ensuring only authorized users can access the specific resources.

The report includes subfolders and files of the identified resources if the security differs from the parent (for example, if inheritance is overridden or blocked).

This report helps to identify data with several access points that should be monitored and potentially governed. Content that is available to "Everyone" or "All Sales" for example, can pose a high risk of having a sensitive file placed within it. These entitlements might arise either in error or through malicious intent.

Resource Activity

This report provides a list of activities recorded over a period of time to verify proper resource usage and make decisions on removing access for particular accounts.

NOTE: This report requires that resource activity collection be enabled on local managed hosts (Windows computers), SharePoint managed hosts, or remote agents used to scan supported NAS devices. Resource activity collection is NOT available for remotely managed Windows computers, Windows clusters, Generic or Cloud managed hosts.

Business owners who also have the Data Governance\Administrators application role, can generate these additional reports from the Reports page of the Governed Data view in the web portal:

Table 73: Governed data reports (Business owners with Data Governance\Administrators application role)
Report Description
Data Owners vs. Perceived Owners This report helps you track down if the probable business owners should be the designed business owners due to change of responsibilities. This report displays all the resource data owners who have had resource access. The perceived owners are displayed for the resource with percentage points based on their level of activity or security as well as the business owner.
Data Ownership Over Time This report provides information to help you understand how ownership of resources change over time for better control over access to data.
Interesting Resources without an Owner This report highlights data that has a high level of activity but does not have an owner. The report includes the perceived owner for this resource.
Perceived Owners for Data Under Governance

This report can be used to identify the probable business owners for the data that is marked for governance.

Historical resource activity or security information is used to determine the perceived owner and provide guidance on who should be assigned as the business owner for a particular resource. For more information, see Managing business ownership for a resource.

To generate a Data Governance Edition report for a resource

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select the resource.
  4. Click Reports to open the reports view.
  5. Select the Generate report button to the right of the report to be generated.

    A dialog appears, allowing you to specify details and options for generating the report.

  6. Enter the requested information and select Send report.

    The report is sent to your email account.

TIP: You can also subscribe to the Data Governance Edition reports from the My Settings | Report Subscriptions page, which is accessed by selecting Settings in the upper right corner just below the web portal header. For more information on subscribing to reports, see the One Identity Manager Web Portal User Guide.

Viewing the risk analysis for an owned resource

As a business owner, you can use the web portal to review the risk analysis for an owned resource. The calculated risk index value assigned to the resources you own is displayed on the All my resources page of the Governed Data view. You can then drill down to review the properties and assignments used in the risk assessment for an individual resource.

To view the risk analysis for an owned resource

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. On the Governed Data view, open the All my resources tab to view a list of owned resources and their risk index assignment.
  4. Select a resource and on that resource's Governed Data page, select Risk to review the properties and assignments that contributed to the calculated risk index for the selected resource.
  5. Click the View risk functions button to view the attributes and assignments used in the risk assessment.

Analyzing governed data access

Roles are used to help manage assignments to employees. You can use the Usage page on the Governed Data view to see all role members that can be members of a governed resource.

To analyze governed data access

  1. From the menu bar, select Responsibilities | My Responsibilities.
  2. On the My Responsibilities view, select the Governed Data tile.
  3. Open the All my resources tab and select the resource you want to analyze.
  4. Select Usage to view the employees who have accessed or may access the selected resource.
  5. Select one of the following options:

    • Show employees who have access permissions to this resource

      Select this option to show all employees who are entitled to access this resource.

    • Show employees who have accessed this resource in the last 7 days

      Select this option to show employees who have accessed the resource in the past seven days.

  6. Select a role class from the Role classes drop-down menu.

    A hierarchy chart appears allowing you to select a sub-role. Select a sub-role by clicking on the name of the role in the chart.

  7. An information icon ( ) displays next to a role where at least one employee is assigned to this base object, is a member of the role or is a child role.

    Click the icon to display the Assigned employees dialog, which lists the employees who are members of the object that have access permissions to the selected resource.

    Click Close to close the Assigned employees dialog.

  8. Click the More Information button to see the employees that are assigned to the root object.

    The Legend dialog appears, displaying the following information:

    • Employees assigned to this root object.
    • Employees assigned to this root object that are members of at least one child role.
    • Employees assigned to this root object that are members of this role.
    • Employees assigned to this root object that are members of this role and at least one child role.

    Click Close to close the Legend dialog.

Related Documents