You can use the Access Analysis page on the Governed Data view to display a graphical representation showing who has access to a governed resource based on organizational structure.
To analyze access by organizational structure:
Select Access Analysis to view a graphical representation or details gather from analyzing access based on organizational structure.
This view contains the following tabs:
The Reports page for a governed resource displays the Data Governance Edition reports that can be generated for the selected resource. The following Data Governance Edition reports can be generated for a resource:
This report identifies which accounts have access to the resource. This can help you meet your compliance and audit goals by ensuring only authorized users can access the specific resources.
The report includes subfolders and files of the identified resources if the security differs from the parent (for example, if inheritance is overridden or blocked).
This report helps to identify data with several access points that should be monitored and potentially governed. Content that is available to "Everyone" or "All Sales" for example, can pose a high risk of having a sensitive file placed within it. These entitlements might arise either in error or through malicious intent.
This report provides a list of activities recorded over a period of time to verify proper resource usage and make decisions on removing access for particular accounts.
Business owners who also have the Data Governance\Administrators application role, can generate these additional reports from the Reports page of the Governed Data view in the web portal:
|Data Owners vs. Perceived Owners||This report helps you track down if the probable business owners should be the designed business owners due to change of responsibilities. This report displays all the resource data owners who have had resource access. The perceived owners are displayed for the resource with percentage points based on their level of activity or security as well as the business owner.|
|Data Ownership Over Time||This report provides information to help you understand how ownership of resources change over time for better control over access to data.|
|Interesting Resources without an Owner||This report highlights data that has a high level of activity but does not have an owner. The report includes the perceived owner for this resource.|
|Perceived Owners for Data Under Governance||
This report can be used to identify the probable business owners for the data that is marked for governance.
Historical resource activity or security information is used to determine the perceived owner and provide guidance on who should be assigned as the business owner for a particular resource. For more information, see Managing business ownership for a resource.
To generate a Data Governance Edition report for a resource
Select the Generate report button to the right of the report to be generated.
A dialog appears, allowing you to specify details and options for generating the report.
Enter the requested information and select Send report.
The report is sent to your email account.
|TIP: You can also subscribe to the Data Governance Edition reports from the My Settings | Report Subscriptions page, which is accessed by selecting Settings in the upper right corner just below the web portal header. For more information on subscribing to reports, see the One Identity Manager Web Portal User Guide.|
As a business owner, you can use the web portal to review the risk analysis for an owned resource. The calculated risk index value assigned to the resources you own is displayed on the All my resources page of the Governed Data view. You can then drill down to review the properties and assignments used in the risk assessment for an individual resource.
To view the risk analysis for an owned resource
Roles are used to help manage assignments to employees. You can use the Usage page on the Governed Data view to see all role members that can be members of a governed resource.
To analyze governed data access
Select one of the following options:
Show employees who have access permissions to this resource
Select this option to show all employees who are entitled to access this resource.
Show employees who have accessed this resource in the last 7 days
Select this option to show employees who have accessed the resource in the past seven days.
Select a role class from the Role classes drop-down menu.
A hierarchy chart appears allowing you to select a sub-role. Select a sub-role by clicking on the name of the role in the chart.
An information icon ( ) displays next to a role where at least one employee is assigned to this base object, is a member of the role or is a child role.
Click the icon to display the Assigned employees dialog, which lists the employees who are members of the object that have access permissions to the selected resource.
Click Close to close the Assigned employees dialog.
Click the More Information button to see the employees that are assigned to the root object.
The Legend dialog appears, displaying the following information:
Click Close to close the Legend dialog.