立即与支持人员聊天
与支持团队交流

Identity Manager Data Governance Edition 9.2.1 - User Guide

One Identity Manager Data Governance Edition User Guide Data Governance node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting EMC, NetApp Filer, and SharePoint configuration details PowerShell commands Governed data attestation policies Governed data company policies Governed data risk index functions

Compatibility with Change Auditor for NetApp

If you are using Quest Change Auditor for NetApp to monitor a filer that is also being scanned by Data Governance Edition, you have two options available.

Option 1: Collect activity directly from the Change Auditor database

When Change Auditor is installed, you can configure Data Governance Edition to collect resource activity directly from Change Auditor. When enabled, Change Auditor collects the selected activity events every 15 minutes on all managed hosts. The events received from Change Auditor are harvested by the Data Governance server, aggregated and placed directly into the Data Governance Resource Activity database.

When using Change Auditor to collect resource activity, NetApp managed hosts will not place an FPolicy for Data Governance Edition on the NetApp filer.

In addition, when using Change Auditor to collect resource activity, it is recommended to clear the Collect activity for real-time security updates option for NetApp managed hosts. The agents managing these host types should be configured to scan on a schedule and not run once. The performance gain in using Change Auditor's event collection will be lost if the Data Governance agent is also collecting activity from these storage devices for security updates.

For more information on configuring Data Governance Edition to collect resource activity directly from Change Auditor, see the One Identity Manager Data Governance Edition Deployment Guide.

Option 2: Collect activity using Data Governance Edition

You can use Data Governance Edition to collect resource activity; however, for NetApp 7-Mode managed hosts, you must disable real-time security monitoring. You can disable security monitoring from the Resource Activity tab of the Managed Host Settings dialog.

To disable security monitoring

Note: This approach has the effect of setting the NetApp FPolicy option cifs_setattr to off.

You can verify this by running the following command on the NetApp filer: >fpolicy options <Agent instance>

Where <Agent instance> is in the following format: DGE_<DeploymentName>_<FQDN of managed host>

You will still see setattr as a monitored operation in FPolicy.

  1. In the Navigation view, select Data Governance | Managed hosts.
  2. In the Managed hosts view, select the required managed host.
  3. Select Edit host settings in the Tasks view or right-click menu.
  4. Open the Resource Activity page of the Managed Hosts Setting dialog and click the check box to clear the Security change event.
  5. After making the required change, click OK to save your selections and close the dialog.

Note: This will need to be completed for every NetApp agent. If it is necessary to disable “Security change” due to compatibility settings with Change Auditor for NetApp, ensure the Resource Activity setting is modified prior to the start of the agent scan.

Configure SharePoint to track resource activity

To gather and report on resource activity in SharePoint, ensure that SharePoint native auditing is properly configured for any resources of interest. You can also optionally install the SharePoint Auditing Monitor farm solution to obtain activity for events not available in the native SharePoint auditing system.

Configure auditing on SharePoint farms

You can enable auditing at different levels in the SharePoint farm. It is recommended that you enable auditing at the site collection level to ensure that all events are collected. The methods available for configuring auditing vary depending on the SharePoint edition installed. Sometimes, you can use Central Administration; in all cases you can use Windows PowerShell. It is recommended that you enable all SharePoint native events to ensure maximum coverage for data governance activities, but you may select a smaller set to improve performance if necessary.

Consult your Microsoft documentation for complete information on configuring auditing.

Install the QAM.SharePoint.Auditing.Monitor farm solution

If you install the SharePoint farm solution, you can supplement the events captured by native auditing. Install “QAM.SharePoint.Auditing.Monitor.wsp” from the agent installation folder (by default %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services.) Consult your Microsoft documentation for information on installing a farm solution.

Note: You must enable SharePoint native auditing. The farm solution is not a replacement for native auditing, it is an enhancement.

This farm solution captures some events that are unavailable through native SharePoint auditing, specifically:

  • Adding a folder
  • Adding a library
  • Renaming a list or library
  • Creating a site
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级