立即与支持人员聊天
与支持团队交流

Classification Module 6.1.1 - User Guide

Introduction Deploying Classification in Identity Manager Configuring Classification: Taxonomies, Categories, and Rules
An Overview of Classification Configuration Steps Required to Implement Classification Creating Taxonomies Setting Up Manual Categorization Implementing Rules for Automated Categorization Classifying Resources When Do Categorization and Classification Occur? Importing and Exporting Taxonomies Working with a Taxonomy XML File Managing the Life Cycle of Taxonomies and Categories Advanced Rule Applications
Working with Categorized Resources Appendix A: PowerShell cmdlets Appendix B: Oracle Configuration Appendix C: Classifying Data with Data Governance Templates Glossary

Steps Required to Implement Classification

Proper deployment of your classification system requires the coordination of the administrator responsible for managing the data that is scanned or monitored, the classification analyst responsible for managing the taxonomies in the system, the business owners responsible for verifying and managing the categorization of resources, and the security or compliance officer responsible for oversight. You should also consider how you plan to make changes over time. See Managing the Life Cycle of Taxonomies and Categories

Action Role For More Information
Activate classification in your deployment. Data Governance Administrator Activating Classification
Set up scanning and change watching for classification on your servers Data Governance Administrator Enable and Disable Automatic Classification on Specific Managed Hosts
Create taxonomies and add categories Classification Analyst Creating Taxonomies
Make categories available for manual categorization if desired Classification Analyst Setting Up Manual Categorization
Add rules and associate them to categories, and adjust the category threshold if needed. Classification Analyst Implementing Rules for Automated Categorization
Manage your classification taxonomy Classification Analyst Working with Classification Taxonomies
Test your rules and categories to ensure desired results Classification Analyst Testing and Reviewing Automated Classification
Make categories available for automated categorization Classification Analyst Making a Category Available to the Automated System
Build polices, attestations and reports to help secure resources Compliance Officer
Security Officer		 See the Identity Management User Guide
Refine the categorization of resources Business Owner
Classification Analyst		 Working with the Categorization of Your Resources
Manage the life cycle of your categories Classification Analyst Managing the Life Cycle of Taxonomies and Categories
.

Creating Taxonomies

Careful planning and coordination is required to get the most out of classification in Quest One Identity Manager Data Governance Edition. Ideally, one or more well-organized taxonomies will be deployed in your organization, and used to categorize resources of interest in your environment.

NOTE! You must be assigned the role of Classification Analyst, Classification Officer, or create a customized role that includes relevant permissions in order to create or modify a taxonomy.

A taxonomy is a set of related categories, organized as a tree structure. The top node represents the taxonomy as a whole, and each branch is a category. Although taxonomies tend to be tall rather than deep, you can have subcategories nested as you need.

All categories in a taxonomy should be related in some way. Create a separate taxonomy for each related set of categories. This makes it easier for users to understand their resources’ categorization.

To view the taxonomies in your environment using the Web Portal

  • Select Governed Data | Taxonomy Manager | Categorizations.

To return a list of taxonomies in your environment using PowerShell

  • Run the Get-QTaxonomies cmdlet with the following mandatory parameter:
    a) ServerAddress
    Provide the name of the computer hosting the Data Governance server, and the port. Enter in the form computername:port number. The default port is 8723.

Working with Taxonomies

Using the Web Portal or Quest.Classification PowerShell snap in, you can create and edit taxonomies. See Deploying a Taxonomy before publishing any taxonomies in your production Data Governance environment.

You can work with taxonomies using the following methods:

Creating a Taxonomy

In Identity Manager, you can create your own taxonomies using either the Taxonomy Manager in the Web Portal, or the PowerShell cmdlets found in the Quest.Classification snap-in.

When you create a taxonomy, you are providing the base for the category tree, as well as creating a category that could be applied to resources. For example, if you are creating a PHI taxonomy, you will then add categories to it to create the desired taxonomy. However, if you want, you can assign rules to the top level node, PHI, for it to be used in automated categorization, or you can make it available for manual categorization. There are a number of parameters associated with a category. See Working with Categories on page 30 for more information. These parameters only affect the use of the top node of the taxonomy tree applied as a category, and do not apply to the taxonomy as a whole. For example, when you select Publish this category, it does not make the entire taxonomy available, only the top node.

To create a taxonomy using the Web Portal

  1. Select Governed Data | Taxonomy Manager | Categorizations.
  2. Click Create new taxonomy.
  3. Provide a name for the taxonomy.
    The name will appear anywhere the taxonomy is shown.
  4. Enter an optional description.
    The description appears in the list of taxonomies on the Manage Taxonomies page.
  5. Modify any of the category parameters. See Working with Categories for more information.
  6. Click Save.
    The Edit Taxonomy dialog box appears. You can either add categories now, or click OK to complete the creation of the taxonomy. For more details, see Creating a Category, Editing a Category and Deleting a Category.

To create a taxonomy using PowerShell

  1. Run the Add-QTaxonomy cmdlet with the following mandatory parameters:
    1. ServerAddress
      Provide the name of the computer hosting the Data Governance server, and the port. Enter in the form computername:port number. The default port is 8723.
    2. Name
      The name will appear anywhere the taxonomy is shown.
  3. If desired, you can set any of the following optional parameters:
    1. Description
      The description appears in the list of taxonomies on the Manage Taxonomies page.
    2. Category parameters: Risk, CausesGovernance, IsPublished, IsAutomaticClassificationEnabled, IsMutuallyExclusive, IsStrictlyOrdered.
      By default, the risk is set to 0, and all other parameters are set to $false. The threshold is set to 1. For more information on setting the parameters on a category, see Working with Categories.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级