Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.2 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QDataUnderGovernance

Retrieves the data within your organization that has been placed under governance.

Syntax:

Get-QDataUnderGovernance [[-ResourcePath] [<String>]] [[-ManagedHostId] [<String>]] [[-MaxResults] [<Int32>]] [<CommonParameters>]

Table 234: Parameters
Parameter Description
ResourcePath

Specify the path to a particular resource under governance.

If this parameter is not specified, all resources under governance on the specified managed host are returned.

Either the ResourcePath or ManagedHostId parameter must be specified.

ManagedHostId

Specify the ID (GUID format) of the managed host you are interested in.

Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.

Either the ResourcePath or ManagedHostId parameter must be specified.

MaxResults

(Optional) Specify the maximum number of results to be returned.

If this parameter is not specified, all results are returned.

Examples:
Table 235: Examples
Example Description
Get-QDataUnderGovernance -ResourcePath \\QAMAUTOMEM1\C$\AutoRoot\DuG\Folder1 Returns the data under governance object for the resource specified.
Details retrieved:
Table 236: Details retrieved
Detail Description (Associated key or property in QAMDuG table)
ManagedHostId Value (GUID) assigned to the managed host computer.
IsForITShop Indicates if the resource is available for requests through the IT Shop.
DatePublishedToITShop The date (UTC) when the resource was published to the IT Shop.
IsPublishable Indicates that the resource is able to be published to the IT Shop.
IsPointOfInterest Indicates that a point of interest was intentionally placed under governance.
RequiresOwnership Indicates that the resource requires that an owner be assigned.
DisplayName Name of the governed resource.
DisplayPath Path and name of the governed resource.
Description Descriptive information entered for the governed resource.
FullPath Full path of the governed resource.
FullPathHashSHA1 Hash value over the full path for unique identification.
Justification The reason for assigning this owner to the resource.
OwnershipSetBy Name of the account that set the owner.
PlacedUnderGovernanceBy Name of the account that placed the resource under governance.
RiskIndex Calculated risk index of all assignments to this data.
ActivityResourceId The value that relates the roots in this database to data in the Data Governance activity resource database.
DateOwnershipSet The date (UTC) when the ownership of the resource was set.
UID_QAMDuG The identifier assigned to the governed resource by Data Governance Edition.
IsStale Indicates whether the resource was renamed or deleted.
LastEncounteredTime The time detailed security information was successfully collected.
PersonOwnerKey If you have assigned an identity as the business owner of this resource, this is the primary key of that identity.
PersonOwnerDisplay If an identity is assigned as the business owner, the name of that identity.
RoleOwnerKey If you have assigned a role as the business owner of this resource, this is the primary key of that role.
RoleOwnerDisplay If an application role is assigned as the business owner, the name of that application role.
ResourceType The governed data type.
ManagedHostName The name of the managed host computer.
UseBackingFolderSecurity Indicates to use the backing folder of a share.
LastPoiCollection The date (UTC) when the POI was last collected.
LastPoiSubmission The date (UTC) when the POI was last submitted.
Security The security used for governance. (SecurityForGovernance)
ClassificationLevelId If a classification level is assigned, the identifier assigned to the classification level. (UID_QAMClassificationLevelMan Value)
ClassificationLevelName If a classification level is assigned, the name assigned to the classification level. (UID_QAMClassificaitonLevelMan)

Get-QPerceivedOwnerPol

Retrieves the name of the perceived owner for the specified governed resource. You can then use the calculated perceived owners to identify potential business owners for data within your environment.

Syntax:

Get-QPerceivedOwnerPoI [-GovernedDataId] <String> [<CommonParameters>]

Table 237: Parameters
Parameter Description
GovernedDataId

Specify the ID (GUID format) of the governed resource whose perceived owner information you want to identify.

Run the Get-QDataUnderGovernance cmdlet to retrieve a list of governed resources and their associated IDs (UID_QAMDuG value) for a specific managed host.

Examples:
Table 238: Examples
Example Description

C:\PS>$resources = Get-Content 'C:\Resources.txt'

foreach($resource in $resources)

{

   try

   {

      $governed = Get-QDataUnderGovernance $resource

      if($governed)

      {

         $perceivedOwner = Get-QPerceivedOwnerPoI $governed.UID_QAMDuG

         $resource += ';'

         $resource += $perceivedOwner.EmployeeId

         Add-Content 'c:\PerceivedOwnerResource.txt' $resource

      }

      else

      {

         $resource += ';'

         $resource += 'Resource Not Governed'

          Add-Content 'c:\PerceivedOwnerResource.txt' $resource

      }

   }

   catch

   {

      Writestatus $_

   }

}

Returns the perceived owner information for a governed resource with the specified id.

This PowerShell script takes a list of governed resources and returns the perceived owner for each.

Details retrieved:
Table 239: Details retrieved
Detail Description (Associated key or property in QAMPoIPerceivedOwner table)
EmployeeName The name of the perceived owner (identity) for the governed resource.
EmployeeId The value (GUID) assigned to the perceived owner (identity).
TrusteeName The name of the account that initiated the operation.
TrusteeId The value (GUID) assigned to the trustee (UID_QAMTrustee).
TrusteeXObjectKey The value (<Key>) assigned to the account.
TrusteeType

The type of account.

Get-QSelfServiceClientConfiguration

Returns the options available for self-service requests within the IT Shop.

Syntax:

Get-QSelfServiceClientConfiguration [<CommonParameters>]

Examples:
Table 240: Examples
Example Description
Get-QSelfServiceClientConfiguration Returns the self-service client configuration information.
Details retrieved:
Table 241: Details retrieved
Detail Description
AllowNonPublishedGroups Indicates whether groups that have not been published to the IT Shop are allowed for self-service access requests.
AllowUnsynchronizedGroups Indicates whether groups that have not been synchronized with One Identity Manager are allowed for self-service access requests.
MaximumMethodsCount The maximum number of groups returned from a call to the Get-QSelfServiceMethodsToSatisfyRequest, which returns the groups that satisfy a resource access request.
EnableSelfServiceAccessRequest Indicates whether self-service access requests are enabled in the IT Shop.

Get-QSelfServiceMethodsToSatisfyRequest

Returns the group membership that satisfies a resource access request. Use this command to simulate the "best fit" calculation to see what groups are returned if you request read or read and write access to a specific resource.

Note: This PowerShell cmdlet does not support NFS or Cloud resources (since these types of resources cannot be published to the IT Shop).

Syntax:

Get-QSelfServiceMethodsToSatisfyRequest [-Path] <String> [-DomainName] <String> [-ActionIdentifier] <String> [[-ClientCulture] [<String>]] [[-ResourceTypeString] [<String>]] [<CommonParameters>]

Table 242: Parameters
Parameter Description
Path Specify the path of the resource.
DomainName Specify the name of the domain where the resource is located.
ActionIdentifier

Specify the type of self-service action:

  • RequestReadAccess: Use this option if you want read access to items within a folder.
  • RequestChangeAccess: Use this option if you want read and write access to items within a folder.
ClientCulture (Optional) Set the client culture.
ResourceTypeString

(Optional) Specify the type of resource for which to request access:

  • NTFS\Folder
  • NTFS\File
  • Windows\Computer\Share
  • SharePoint\Site
  • SharePoint\Folder
  • SharePoint\List
  • SharePoint\ListItem
  • SharePoint\ResourceItem
Examples:
Table 243: Examples
Example Description
Get-QSelfServiceMethodsToSatisfyRequest -Path "\\2K8RDJSQL\CS\Test Data\Email_Addresses.txt" -DomainName VMSET6 -ActionIdentifier "RequestReadAccess" -ResourceTypeString NTFS\File Returns the groups that satisfy the "RequestReadAccess" request for a NTFS/File.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating