立即与支持人员聊天
与支持团队交流

Identity Manager Data Governance Edition 8.1.4 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Resource access management

A key challenge in improving data governance is keeping track of permissions within your environment. To ensure that data is secured in a manner that meets your business needs, you must be able to easily identify who has been given access and manage that access appropriately.

The following commands are available to you to manage resource access. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.

Table 202: Resource access management commands

Use this command

If you want to

Export-QResourceAccess

Export the security information on a selected resource.

For more information, see Export-QResourceAccess.

Get-QChildResources

View the resources contained in a specific root on a managed host. You can use this to enumerate the contents of remote folders and shares.

In particular, it would be similar to the standard Windows PowerShell Get-ChildItems cmdlet but it functions using the Data Governance server as a proxy, so the client machine does not necessarily need direct access to the target machine.

For more information, see Get-QChildResources.

NOTE: This PowerShell cmdlet does not support Cloud managed hosts.

Get-QFileSystemSearchResults

Search an NTFS folder or share for files. Using this command, you can search multiple data roots at once.

For more information, see Get-QFileSystemSearchResults.

Get-QHostResourceActivities

Retrieve a list of the operations, including the resource ID assigned to each operation, performed against a managed host during a given time frame.

For more information, see Get-QHostResourceActivities.

NOTE: This PowerShell cmdlet does not support Cloud managed hosts.

Get-QPerceivedOwners

Calculate the perceived owners for a resource. This information can help to determine the true business owners and custodian for data.

NOTE: The perceived owner for data is calculated from the resource activity history or security information collected by Data Governance Edition. Activity is collected based on the aggregation time span settings and recorded in the Data Governance Resource Activity database.

For more information, see Get-QPerceivedOwners.

Get-QResourceAccess

Retrieve the security information of selected resources from a specific managed host, and child objects whose security differs from the parent.

For more information, see Get-QResourceAccess.

Get-QResourceActivity

Retrieve the activity associated with a resource.

For more information, see Get-QResourceActivity.

NOTE: Resource activity collection (and therefore this cmdlet) is not supported for the following host types:

  • Windows Cluster/Remote Windows Computer
  • Generic Host Type
  • EMC Isilon NFS Device
  • SharePoint Online
  • OneDrive for Business

Get-QResourceSecurity

View the security on a given resource in the SSDL format.

For more information, see Get-QResourceSecurity.

Set-QResourceSecurity

Set security on a given resource.

NOTE: The existing security descriptor is completely replaced.

For more information, see Set-QResourceSecurity.

Export-QResourceAccess

Exports the security information on a selected resource to a .CSV file.

TIP: This cmdlet is used with the Get-QResourceAccess cmdlet that generates the results to be exported.

Syntax:

Export-QResourceAccess [-ResourceAccessResults] <QAM.Common.Interfaces.ResourceAccessQueryResults> [-OutputPath] <String> [[-DisplayInheritedSecurity] [<SwitchParameter>]] [[-OptimizeForExcel] [<SwitchParameter>]] [<CommonParameters>]

Table 203: Parameters
Parameter Description
ResourceAccessResults Specify the results of a resource access query (Get-QResourceAccess).
OutputPath Specify the path to the location on disk where the access results is to be written.
DisplayInheritedSecurity

(Optional) Specify this parameter if child objects with security exactly the same as the parent should be shown.

  • If the parameter is specified without a value, set to $true and show child objects.

  • If the parameter is not specified, set to $false and do not show child objects.

OptimizedForExcel

(Optional) Specify this parameter if you want to export the output to Microsoft Excel.

  • If the parameter is specified without a value, set to $true and export to Excel.

  • If the parameter is not specified, set to $false and do not export to Excel.

Examples:
Table 204: Examples
Example Description

C:\PS># get host id

Get-QManagedHost

# get the access for the resource

$resourceAccess = Get-QResourceAccess -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 -ResourceType NTFS\Folder -Resources "C:\Test Data"

# export the results

Export-QResourceAccess -ResourceAccessResults $resourceAccess -OutputPath "C:\"

Exports the results of a resource access query.

Get-QChildResources

Retrieves the resources contained in a specify root on a managed host. You can use this information to enumerate the contents of remote folders and shares.

Note: The cmdlet is similar to the standard Windows PowerShell Get-ChildItems cmdlet, but it functions using the Data Governance server as a proxy. Therefore, the client machine does not require direct access to the target machine.

Syntax:

Get-QChildResources [-ManagedHostId] <String> [-ResourcePath] <String> [[-ResType] [QAM.Client.PowerShell.GetChildResourcesCmdlet+QueryResourceType]] [<CommonParameters>]

Table 205: Parameters
Parameter Description
ManagedHostId

Specify the ID (GUID format) of the managed host to be queried.

Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.

ResourcePath Specify the path to the root resource.
ResType

(Optional) Specify the type of resource to be located. Available types include:

  • CloudFiles
  • CloudFolders
  • Files
  • Folders
  • Shares
  • LocalOSRights
  • AdminRights
  • ServiceIdentities
  • SharePoint

If this parameter is not specified, all resource types are returned.

Examples:
Table 206: Examples
Example Description
Get-QChildResources -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 -ResourceId "\\2k8rdjsql\Test Data" -ResType Folders Retrieves a list of the child resources on the specified managed host.
Details retrieved:
Table 207: Details retrieved
Detail Description
Path The full path of the child resource.
DuGPath

The path used for data under governance operations.

This will always be empty when shown from the cmdlet; however, it is used elsewhere in the application.

ManagedHostId The value (GUID) assigned to the managed host where the resource is located.
ResourceType The type of child resource.
Properties

The properties of the child resource (such as name, date last modified, file size).

These are the properties you see in the Resource browser.

Get-QFileSystemSearchResults

Search an NTFS folder or share for files. Using this command, you can search multiple data roots at once.

Syntax:

Get-QFileSystemSearchResults [-SearchRoots] <String[]> [-SearchTerm] <String> [[-ItemsRequested] [<Int32>]] [<CommonParameters>]

Table 208: Parameters
Parameter Description
SearchRoots

Specify a string array of NTFS roots to search.

SearchTerm

Specify the string that contains the search term.

You can use the * wildcard character to search for resources. For example, enter Finance* to return all resources with a name that begins with Finance, *.txt to return all resources that end with .txt, and *Fin* to return all resources that contain "Fin".

ItemsRequested (Optional) Specify the number of items you would like returned.
Examples:
Table 209: Examples
Example Description
Get-QFileSystemSearchResults -SearchRoots "\\2K8R2DJSQL\C$\Test Data" -SearchTerm "*.txt" Finds files with the .txt extension in the specified directory.
Details retrieved:

The following details are returned for each file system resource found in the specified directory that matched the specified search term.

Table 210: Details retrieved
Detail Description
Path The full path of the file system resource.
DuGPath

The path used for data under governance operations.

This will always be empty when shown from the cmdlet; however, it is used elsewhere in the application.

ManageHostId The ID (GUID format) of the managed host where the file system resource resides.
ResourceType

The type of resource.

Properties

Properties assigned to the file system resources (such as Attributes, Reserved, FileSize, LastModified).

These are the properties you see in the Resource browser.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级