立即与支持人员聊天
与支持团队交流

Identity Manager Data Governance Edition 8.2 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Agent query timeout (AsyncQueryTimeoutInMinutes)

Create the following registry key on the client computer where the Manager is installed to specify the maximum amount of time (in minutes) an agent query can run before it times out.

Table 87: Registry setting: AsyncQueryTimeoutInMinutes
Location Registry
Path

HKEY_CURRENT_USER\SOFTWARE\One Identity\Broadway\Client\Controls

NOTE: The Controls subkey does not exist by default and will need to be created.

Value name AsyncQueryTimeoutInMinutes
Value type REG_DWORD
Value

Maximum amount of time, in minutes, before an agent query times out.

Default: 20 minutes

Write default classification level data to database (ClassificationLevelDefaultData)

This key indicates whether the default classification levels defined in Data Governance Edition are written to the One Identity Manager database.

NOTE: This registry value is checked on Data Governance service startup and if not present or if its value is set to 0, Data Governance Edition writes the default classification values into the One Identity Manager database and sets the registry value. When this value is set to 1, this indicates that the default classification level data is already stored in One Identity Manager database and should not be overwritten on service startup.

Table 88: Registry setting: ClassificationLevelDefaultData
Location Registry
Path

HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server

Value name ClassificationLevelDefaultData
Value type REG_DWORD
Value

Valid values:

  • 0: Write the default classification level data into the One Identity Manager database.
  • 1: Default classification level data is already stored in the One Identity Manager database: do not overwrite on Data Governance service startup.
Notes

If you delete the default classification levels in your Data Governance Edition deployment and replace them with new classification levels, you must move or set this registry key if you move the Data Governance service to another machine. When you move the Data Governance service to another machine, before starting the Data Governance service ensure that this registry key is set (value is set to 1); otherwise, the Data Governance service will reload any previously deleted default database data that was inserted when the Data Governance service was initially started (on the first machine).

If you modify the default classification levels in your Data Governance Edition deployment, the classification level data is retained if you move the Data Governance service to another machine.

Default employee SID (DefaultEmployeeSid)

This registry key specifies the security identifier (SID) of the default employee used by the Data Governance topology harvest process. This setting is used by the ManagementServer internal service that manages the core Data Governance service dependencies.

Table 89: Registry setting: DefaultEmployeeSid
Location Registry
Path HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server
Value name DefaultEmployeeSid
Value type REG_SZ
Value SID of the user used by the Data Governance topology harvest process.
Note This key is present if you used the Data Governance Configuration wizard to install the Data Governance service.

Explicit exclusion of groups (ExclusionByDN)

On the Data Governance server, configure the following registry key to exclude groups from self-service group selection.

NOTE: You may want to mark certain groups as being ineligible for self-service requests, especially when Data Governance Edition is configured to allow for non-published groups to be presented. In this case, it is possible to mark either specific groups, or all groups within a particular Active Directory container as being ineligible for access requests.

Table 90: Registry setting: ExclusionByDN
Location Registry
Path

HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Broadway\Server\DeploymentData\SelfService

NOTE: If the DeploymentData and SelfService subkeys do not exist, create them.

Value name ExclusionByDN
Value type REG_SZ
Value

Create string values whose names match the distinguished name of the groups that are to be excluded.

To exclude an entire container of groups, specify the distinguished name of the container, with an asterisk ("*") prefix. For example, to exclude all groups in the Users container of example.com. use the following syntax: "*CN=Users,DC=example,DC=com".

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级