立即与支持人员聊天
与支持团队交流

Identity Manager Data Governance Edition 9.1.1 - User Guide

One Identity Manager Data Governance Edition User Guide Data Governance node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting EMC, NetApp Filer, and SharePoint configuration details PowerShell commands Governed data attestation policies Governed data company policies Governed data risk index functions

Background operations view

Selecting Background operations in the Data Governance navigation view allows you to view the progress of various background operations, including:

  • Log export operations
  • Account access operations submitted from the Manage access view.

The following table describes the information displayed for current background operations.

Table 22: Background operations view: Default columns
Column title Description
Description A description of the background operation being processed by Data Governance Edition.
Status The status of the background operation.
Resource The resource involved in the operation.
Operation The background operation being processed.
Start Time The date and time (UTC) the operation began.
End Time The date and time (UTC) the operation completed.

In addition to the default columns, you can add the following columns to the view using the Column Chooser command.

NOTE: Right-click the column header and select Column Chooser to add hidden columns to the display. In the Customization dialog, double-click the required column or drag and drop it onto the column header bar.

To hide a column, right-click the column header and select Remove This Column. The column is now listed in the Customization dialog and can be re-added to the view as explained above.

Table 23: Background operations view: Hidden columns
Column title Description
Enqueued Time The date and time (UTC) the operation was added to the background queue.
Error Any errors encountered during the background operation.

Resource browser

The Resource browser provides a live view of the data on the selected managed host. Using the Resource browser, you can browse through the supported files system to view and manage security information for folders and shares on the target managed host.

The Resource browser displays the following information:

  • For a Windows computer, the shares and file system display.
  • For a SharePoint farm, each farm is represented as a hierarchy, with the farm as the top level, followed by web applications, site collections, sites and then the contents of the site. The contents of a list are shown as “list item”, regardless of the type of item in SharePoint. The Resource browser displays a list of the web applications on the selected farm.
  • For a Distributed File System Root, links are displayed at the top level. Browsing into a link shows its target paths and browsing into a target path takes you to the appropriate backing folder. While browsing a backing folder, the Distributed File System path is shown in the Location field at the top of the page.
  • For Cloud managed hosts, each site is represented by a folder hierarchy, with the Home top level site displayed as Site contents folder, followed by all other subsites. Each site contains a Site contents folder encompassing other nested folders. The contents of a site and document library are shown as "folder" type, whereas, files are shown as "file" type items. No other resource types are managed for Cloud managed hosts.

    NOTE: The Resource browser and resource access reports do not display the limited access users or "previewer" accounts.

You can display the Resource browser from the following views:

  • Managed hosts view
  • Accounts view
  • Governed data view

Double-click through the resources to locate a resource. Depending on the resource type, you can perform the following tasks against the selected resource.

Table 24: Resource browser: Resource tasks
Task Description For more information
Calculate perceived owners Calculates and provides a list of the perceived owners for the selected resource using the resource activity history or security information. Calculating perceived owner
Copy resource path Copies the full path of the selected resource to the clipboard.  
Copy Share Path Copies the path of the selected Share to the clipboard.  
Edit host settings Launches the Managed Host Settings dialog allowing you to view or edit the configuration settings for the selected managed host. Editing managed host settings

Place resource under governance

Places the selected resource under governance, making it available for use in policies and attestations.

NOTE: Only applies to folders and shares. That is, you cannot place a file under governance.

Placing a resource under governance
Publish to IT Shop

Publishes the selected resources to the IT Shop, making it available for employees and business owners to request and grant access to it. If applicable, also places the resources under governance.

NOTE: Only applies to folders and shares. That is, you cannot publish a file to the IT Shop.

NOTE: Not available for resources on NFS managed hosts.

NOTE: Not available for resources on Cloud managed hosts.

Publishing resources to the IT Shop
Refresh Retrieves and displays the latest details in the Resource browser.  
Remove resources from governance Removes the selected resources from governance. Removing resources from governance
Resource access report Generates a report that identifies the accounts that have access to specific resources within your environment.

Resource access report

Viewing selected reports within the Manager

Resource activity report

Generates a report that provides a list of activities recorded over a period of time to verify proper resource usage and decide whether to remove access for particular accounts.

NOTE: Not available for resources on Cloud managed hosts.

Resource activity report

Viewing selected reports within the Manager

Toggle layout options

Shows or hides the Layout controls at the top of the view, allowing you to change the layout displayed.

Toggle layout options
Unpublish from IT Shop

Removes a previously published resource from the IT Shop.

NOTE: Not available for resources on NFS managed hosts.

NOTE: Not available for resources on Cloud managed hosts.

Publishing resources to the IT Shop
View deviations

Displays a tree view of all resources and all sub-resources below the root that have explicit security applied to them and any deviation warnings or errors encountered for the selected resource. As you select resources in the tree, you can view and manage their security.

NOTE: Not available for resources on NFS managed hosts.

NOTE: Not available for resources on Cloud managed hosts.

Managing security deviations
View governed data details Displays a graphical representation of the details available for governed resources.  

When an account in the resource's permissions pane (lower pane) is selected, you can perform the following tasks against the selected account.

Note: These account tasks are not available for resources on NFS managed hosts.

Table 25: Resource browser: Account tasks
Task Description For more information
Account access report Generates a report displaying the account's resource access across all managed hosts within the enterprise. Selecting this task displays the Account Access dialog allowing you to define the report parameters for running the Account access report.

Account access report

Viewing selected reports within the Manager

Account comparison

Displays the Account Comparison view allowing you to compare the resource access of two accounts.

NOTE: This feature is not available for Cloud accounts.

Comparing accounts
Account simulation

Displays the Account Simulation view allowing you to simulate changes to group membership to see the access that would be granted or revoked.

NOTE: This feature is not available for Cloud accounts.

Simulating the effects of group membership modifications on an account
Add rights Launches the Add Permissions dialog allowing you to manage a user or group's access to the selected resource. From this dialog, you can add or edit an account's access as required.

Modifying discretionary access control list (DACL) permissions for NTFS resources

Modifying auditing system access control list (SACL) permissions for NTFS resources

Manage access

Displays the Manage access view that shows the managed hosts where the selected account has access. From here, you can also view detailed group membership information.

Manage access view

Managing account access

Remove all explicit permissions Removes all explicitly assigned permissions from the selected resource. Managing security deviations
Remove selected permissions Removes the selected permissions from the selected resource.

Modifying discretionary access control list (DACL) permissions for NTFS resources

Modifying auditing system access control list (SACL) permissions for NTFS resources

In addition, you can access the following views from the Resource browser.

Table 26: Resource browser: Views
View Description For more information
Governed data Displays the Governed data view to view all the resources within the selected host that have been placed under governance.

Governed data view

Managing resources under governance

Accounts view

Displays the security index information returned by Data Governance agents for the selected managed host.

NOTE: Not available for NFS managed hosts.

Accounts view
Related Topics

Add permissions dialog

Permission levels dialog

Add permissions dialog

The Add Permissions dialog allows you to add rights to a given account. This dialog appears when you select the Add rights task from the Resource browser or Deviations view.

This dialog contains the following controls.

Table 27: Add permissions dialog: Controls
Page Control Description
Select Accounts Select Accounts list Displays the list of selected user and group accounts. Use the Add and Delete buttons to populate this list.

Add

Click Add to locate and select the users or groups to be included in the Selected Accounts list. Clicking Add displays the Select User or Group dialog allowing you to search for and select one or more user or group accounts.

Delete

Click Delete to remove the selected account from the Selected Accounts list.
Permissions Apply onto

Use this field to specify the scope of coverage. Valid options are:

  • This folder only
  • This folder, subfolders and files (default)
  • This folder and subfolders
  • This folder and files
  • Subfolders and files only
  • Subfolders only
  • Files only
Permission

Select the corresponding check box to apply or deny a particular permission.

Apply these permissions to objects and/or containers within this container only

Select this option to apply the selected permissions to objects and containers within the selected container only.

Use the buttons across the bottom of the dialog to navigate through the dialog and to save your selections.

Table 28: Add Permissions dialog: Buttons
Button Description

Next

After selecting one or more accounts on the Select Accounts page, click the Next button to display the Permissions page to select the permissions to be applied to the selected accounts.

Back

If you need to return to the Select Accounts page, click the Back button on the Permissions page.

Finish

Once you have chosen the permissions to be applied to the selected accounts, click the Finish button to save your selections and close the dialog.

Cancel

Click the Cancel button to close the dialog without saving your selections.

Select User or Group dialog

The Select User or Group dialog allows you to construct queries to search for users and groups from domains and servers. This dialog is used throughout the Data Governance Edition solution allowing you to locate and select accounts related to the selected task.

This dialog contains the following controls.

Table 29: Select User or Group dialog: Controls
Control Description
From this location

This field is pre-populated with the local domain to be searched.

Click the drop-down button to the right of this field to change the domain or server to be searched. Clicking this button displays a list of domains and servers.

Show Active Directory containers

Select this check box to include Active Directory containers in the location drop-down menu.
Name

Use these controls to define queries to search for user and group accounts. The search is conducted against the account's samAccountName, displayName, and cn attributes.

In the first field, select the expression to be used to match an account's name:

  • Starts With (default)
  • Ends With
  • Is Exactly

  • Contains

In the second field, enter the string (partial or full account name) to be used in the query.

NOTE: Leaving the second field blank will return all accounts found in the selected domain or container. For searches returning a large number of accounts, the first 2000 accounts found during the SQL query are returned.

Find Now

After entering your query, select the Find Now button to initiate the search.
Search results

The bottom pane displays the search results. From this pane, select one or more accounts to be included in the selected accounts list.

NOTE: You can select multiple accounts using the CTRL or SHIFT keys.

OK

Click the OK button to save your selections and close the dialog.

Cancel

Click the Cancel button to close the dialog without saving your selections.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级