Introduction
Deploying Classification in Identity Manager
Classification Overview
Required Components
Component Workflow
Activating Classification
Configuring Classification: Taxonomies, Categories, and Rules
Install the Classification Components
Identify the Classification Service Account
Deploy the Classification Server
Deploy Classification Workers
Examining the Classification Deployment
Using the Classification Logs
Review Deployed Classification Workers
Review the Classification Service
Enable and Disable Automatic Classification on Specific Managed Hosts
Enabling Categorization on Folders (Security Index Roots)
Managing the File Types to be Classified
Restart or Upgrade Agents for Classification
Perform a Data Re-classification with PowerShell
Assign Classification Application Roles
An Overview of Classification Configuration
Steps Required to Implement Classification
Creating Taxonomies
Setting Up Manual Categorization
Implementing Rules for Automated Categorization
Working with Categorized Resources
An Overview of Rules
How Rules Affect Categorization
Writing XML Rules
Managing Rules in the Classification System
Associating Rules to Categories
Testing and Reviewing Automated Classification
Classifying Resources
When Do Categorization and Classification Occur?
Importing and Exporting Taxonomies
Working with a Taxonomy XML File
Managing the Life Cycle of Taxonomies and Categories
Advanced Rule Applications
Testing a Rule against a Resource
Testing all Rules Against a Resource
Viewing the Text from a Resource
Determining Why Categorizations Were Applied to a Resource
Viewing Categorized Resources
Making a Category Available to the Automated System
Working with the Categorization of Your Resources
Appendix A: PowerShell cmdlets
What Categories Can You Apply?
Working With Manually Categorized Resources
Working With Automatically Categorized Resources
Categorization Statistics and Views
Adding the PowerShell Snap-ins
Deploying the Classification Server and the Classification Worker
Troubleshooting Deployment
Managing Taxonomies
Appendix B: Oracle Configuration
Appendix C: Classifying Data with Data Governance Templates
Available Templates
Glossary
Editing a Taxonomy
You can change the name and description of a taxonomy. If you plan to apply the top node of a taxonomy as a category, you may want to change the category parameters. For more information, see Editing a Category.
To edit the name and description of a taxonomy using the Web Portal
- Select Governed Data | Taxonomy Manager |Categorizations.
- Locate the row containing the taxonomy, and click Edit.
- Select the top node of the tree, and click Edit.
- Modify the name and description.
- Click Apply Changes.
You can change any of the category parameters as well. For details, see Working with Categories.
To edit the name and description of a taxonomy using PowerShell
- If you do not know the required taxonomy ID, run the Get-QTaxonomies cmdlet, using the following mandatory parameter:
-
- ServerAddress
Provide the name of the computer hosting the Data Governance server, and the port. Enter in the form computername:port number. The default port is 8723. - Locate your desired taxonomy, and note or copy the taxonomy ID.
- ServerAddress
- Run the Set-QTaxonomy cmdlet, with the following parameters:
- ServerAddress (mandatory)
Provide the name of the computer hosting the Data Governance server, and the port. Enter in the form computername:port number. The default port is 8723. - TaxonomyID (mandatory)
The ID of the taxonomy you want to change. - Name (optional)
The new name of the taxonomy. - Description (optional)
The updated description of the taxonomy.
You can change any of the category parameters as well. For details, see Working with Categories.
- ServerAddress (mandatory)
Deleting a Taxonomy
If a taxonomy has been in use, you should use extreme care deleting it. When you delete a taxonomy:
- All categories in the taxonomy will be deleted.
- If resources were categorized using any category in the taxonomy, the association will be removed.
- Any policy that included a category from the taxonomy may no longer have the expected results.
- Attestations involving any category from the taxonomy may no longer work.
- Reports will no longer include data about any category in this taxonomy.
If you choose to delete a taxonomy, you should ensure that the proper administrators are notified so that policies, attestations and reports can be modified as needed. A safer approach may be to delete categories individually. For more information, see Deleting a Category.
To delete a taxonomy using the Web Portal
- Select Governed Data | Taxonomy Manager | Categorizations.
- Locate the row containing the taxonomy, and click Delete.
- In the confirmation dialog box, select the I still want to delete this taxonomy check box.
- Click Delete Taxonomy.
To delete a taxonomy using PowerShell
- Make sure you know the ID of the taxonomy. For more information, see Finding a Taxonomy or Category ID using PowerShell.
- Run the Remove-QTaxonomy cmdlet with the following mandatory parameters:
- ServerAddress (mandatory)
Provide the name of the computer hosting the Data Governance server, and the port. Enter in the form computername:port number. The default port is 8723. - TaxonomyID (mandatory)
The ID of the taxonomy you want to delete.
- ServerAddress (mandatory)
- Press enter to confirm the deletion.
Working with Categories
Contents
The proper configuration of a category is integral to a properly working system. Categories should be created and refined in test mode, and published when they are ready to be used in your production environment. Deployments of categories should be properly managed. See Managing the Life Cycle of Taxonomies and Categories for more information.
You can work with categories using the following methods:
- Web Portal, under the Governed Data node
- Powershell snap-in (see Adding the PowerShell Snap-ins)
- Editing the template XML directly (see Working with a Taxonomy XML File)
Each category has a number of settings, which have an impact on the category’s behavior. In the table below, the parameter in brackets is the PowerShell and XML equivalent of the setting in the Web Portal.
| Setting | |
| Category Risk (Risk) |
Indicates the relative risk of the category. This is then used to determine how a resource is classified. For more information, see Classifying Resources. |
| Publish this category (IsPublished) |
Makes a category available for manual categorization. You must also enable this for automation to work. Publish a category only when you are ready for business owners to have access to it. A subcategory must have a published parent category. If you publish a subcategory, and the parent is unpublished, the action is ignored. |
| Allow this category to be used by the automated system (IsAutomaticClassificationEnabled) |
You can make a category available to the automated system. Automated categorization is based on the rules associated with the category, so you should associate rules and test the category before automating it. Automation will not take place until the category is published as well. |
| Govern using this category (CausesGovernance) |
When a category that causes governance is applied to a resource, that resource is placed under governance and can be managed using the Web Portal. Resources under governance can be subject to polices and attestations. |
| Mutually Exclusive (IsMutuallyExclusive) |
The mutually exclusive setting applies to the children of a category. If a category has been defined as mutually exclusive, only a single subcategory can be applied to a resource. For example, consider a category in your taxonomy called PHI, which has three subcategories: Level 1, Level 2, Level 3. If PHI is set to mutually exclusive, you can only apply one of the subcategories. To create an entire taxonomy that is mutually exclusive, so that only one category can be assigned from the taxonomy, all parent categories must be set to mutually exclusive. When more than one category could be applied to resource based on the associated rules and category threshold, the category with the highest combined rule score is applied. |
| Strictly Ordered (IsStrictlyOrdered) |
Strictly ordered is a special kind of mutual exclusivity, in which the order of the subcategories has meaning. When more than one category could be applied to a resource based on the associated rules and category threshold, the category closest to the parent category will be applied. For example, if your categories are Level 1 and Level 2, in that order, and either category could be applied, in this case Level 1 will be applied. If you are planning on creating a strictly ordered category, ensure you enter the subcategories in the correct order. There is no way to change the order of subcategories once they are created. You must delete and recreate the categories, including assigning the rules. |
| Threshold | The threshold value determines whether a category is applied. Combined with the weights given to a rule when you associate it, and the match strength of the rule, the threshold gives you control over what causes a resource to have a category applied. For a full explanation, see How Rules Affect Categorization. The default threshold is one. Note: The threshold can only be modified through PowerShell commands. |
See also
Creating a Category
The first step is to create the category, giving it a name and description. A category requires a parent, which can either be the top level taxonomy node or any category in the taxonomy. By default, new categories:
- are created in test mode, and are not available for manual or automated categorization.
- do not cause governance.
- have a threshold value of one.
- are not mutually exclusive.
 |
You should not change these values without fully understanding the implications for your classification system. For more information, see Working with Categories. |
Each category can only belong to a single taxonomy. If you have created a category in one taxonomy and want to move it to another, see Moving a Category.
To create a category using the Web Portal
- Select Governed Data | Taxonomy Manager | Categorizations.
- Locate the row containing the taxonomy, and click Edit.
-OR-
Create a taxonomy as outlined in Creating a Taxonomy, and click Save. - Select the parent category of the new category.
To create a first level category, select the top level taxonomy node, otherwise select the category under which you want the new category to appear. - Click Add.
- Provide a name and optional description for the category.
- Set the risk value.
- If you are ready to allow business owners to use this category to manually categorize their resources, select the Publish this category check box.
You should not make a new category available for use by the automated system, as this requires the association of rules to the category. For more information, see Associating Rules to Categories. - If you want all resources categorized with this category to be governed, select the Govern using this category check box.
- If you plan to allow only one subcategory of this category to be applied to a resource, select the Mutually Exclusive check box.
- If you want the order of the categories to influence categorization, select the Strictly Ordered check box.
- Click Save.
Your new category appears nested under its parent category.
To create a category using PowerShell
- Make sure you know the ID of the parent category. For more information, see Finding a Taxonomy or Category ID using PowerShell.
To create a first level category, provide the ID of the taxonomy root. - Run the Add-QCategory cmdlet with the following mandatory parameters:
- ServerAddress
Provide the name of the computer hosting the Data Governance server, and the port. Enter in the form computername:port number. The default port is 8723. - ParentCategoryID
To create a first level category, use the ID of the parent taxonomy, otherwise use the ID of the category under which you want the new category to appear. - Name
- ServerAddress
- Additionally, you can use the following optional parameters:
- Description
- Risk
- CausesGovernance
By default, this is set to $false. - IsPublished
You should only set this to $true if you are ready for business owners to use this category for manual categorization.
You should not set IsAutomatedClassificationEnabled to $true, as automated categorization requires the association of rules to the category. For more information, see Associating Rules to Categories. - IsMutuallyExclusive
Set this to $true if you plan to allow only one subcategory of this category to be applied to a resource. - IsStrictlyOrdered
Set this to $true if you plan to allow only one subcategory of this category to be applied to a resource, and you want this based on the order of the categories. - Threshold
The default value is one. You should not change this unless you have already determined the rules you plan to associate and the weights for these rules. For more information, see How Rules Affect Categorization.
Note: The threshold can only be modified through PowerShell commands.