Resource access management
A key challenge in improving data governance is keeping track of permissions within your environment. To ensure that data is secured in a manner that meets your business needs, you must be able to easily identify who has been given access and manage that access appropriately.
The following commands are available to you to manage resource access. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.
Table 202: Resource access management commands
|
Export-QResourceAccess |
Export the security information on a selected resource.
For more information, see Export-QResourceAccess. |
|
Get-QChildResources |
View the resources contained in a specific root on a managed host. You can use this to enumerate the contents of remote folders and shares.
In particular, it would be similar to the standard Windows PowerShell Get-ChildItems cmdlet but it functions using the Data Governance server as a proxy, so the client machine does not necessarily need direct access to the target machine.
For more information, see Get-QChildResources.
NOTE: This PowerShell cmdlet does not support Cloud managed hosts. |
|
Get-QFileSystemSearchResults |
Search an NTFS folder or share for files. Using this command, you can search multiple data roots at once.
For more information, see Get-QFileSystemSearchResults. |
|
Get-QHostResourceActivities |
Retrieve a list of the operations, including the resource ID assigned to each operation, performed against a managed host during a given time frame.
For more information, see Get-QHostResourceActivities.
NOTE: This PowerShell cmdlet does not support Cloud managed hosts. |
|
Get-QPerceivedOwners |
Calculate the perceived owners for a resource. This information can help to determine the true business owners and custodian for data.
NOTE: The perceived owner for data is calculated from the resource activity history or security information collected by Data Governance Edition. Activity is collected based on the aggregation time span settings and recorded in the Data Governance Resource Activity database.
For more information, see Get-QPerceivedOwners. |
|
Get-QResourceAccess |
Retrieve the security information of selected resources from a specific managed host, and child objects whose security differs from the parent.
For more information, see Get-QResourceAccess. |
|
Get-QResourceActivity |
Retrieve the activity associated with a resource.
For more information, see Get-QResourceActivity.
NOTE: Resource activity collection (and therefore this cmdlet) is not supported for the following host types:
- Windows Cluster/Remote Windows Computer
- Generic Host Type
- EMC Isilon NFS Device
- SharePoint Online
- OneDrive for Business
|
|
Get-QResourceSecurity |
View the security on a given resource in the SSDL format.
For more information, see Get-QResourceSecurity. |
|
Set-QResourceSecurity |
Set security on a given resource.
NOTE: The existing security descriptor is completely replaced.
For more information, see Set-QResourceSecurity. |
Export-QResourceAccess
Exports the security information on a selected resource to a .CSV file.
TIP: This cmdlet is used with the Get-QResourceAccess cmdlet that generates the results to be exported.
Syntax:
Export-QResourceAccess [-ResourceAccessResults] <QAM.Common.Interfaces.ResourceAccessQueryResults> [-OutputPath] <String> [[-DisplayInheritedSecurity] [<SwitchParameter>]] [[-OptimizeForExcel] [<SwitchParameter>]] [<CommonParameters>]
Table 203: Parameters
| ResourceAccessResults |
Specify the results of a resource access query (Get-QResourceAccess). |
| OutputPath |
Specify the path to the location on disk where the access results is to be written. |
| DisplayInheritedSecurity |
(Optional) Specify this parameter if child objects with security exactly the same as the parent should be shown.
-
If the parameter is specified without a value, set to $true and show child objects.
-
If the parameter is not specified, set to $false and do not show child objects. |
| OptimizedForExcel |
(Optional) Specify this parameter if you want to export the output to Microsoft Excel.
-
If the parameter is specified without a value, set to $true and export to Excel.
-
If the parameter is not specified, set to $false and do not export to Excel. |
Examples:
Table 204: Examples
|
C:\PS># get host id
Get-QManagedHost
# get the access for the resource
$resourceAccess = Get-QResourceAccess -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 -ResourceType NTFS\Folder -Resources "C:\Test Data"
# export the results
Export-QResourceAccess -ResourceAccessResults $resourceAccess -OutputPath "C:\" |
Exports the results of a resource access query. |
Get-QChildResources
Retrieves the resources contained in a specify root on a managed host. You can use this information to enumerate the contents of remote folders and shares.
Note: The cmdlet is similar to the standard Windows PowerShell Get-ChildItems cmdlet, but it functions using the Data Governance server as a proxy. Therefore, the client machine does not require direct access to the target machine.
Syntax:
Get-QChildResources [-ManagedHostId] <String> [-ResourcePath] <String> [[-ResType] [QAM.Client.PowerShell.GetChildResourcesCmdlet+QueryResourceType]] [<CommonParameters>]
Table 205: Parameters
| ManagedHostId |
Specify the ID (GUID format) of the managed host to be queried.
Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs. |
| ResourcePath |
Specify the path to the root resource. |
| ResType |
(Optional) Specify the type of resource to be located. Available types include:
- CloudFiles
- CloudFolders
- Files
- Folders
- Shares
- LocalOSRights
- AdminRights
- ServiceIdentities
- SharePoint
If this parameter is not specified, all resource types are returned. |
Examples:
Table 206: Examples
| Get-QChildResources -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 -ResourceId "\\2k8rdjsql\Test Data" -ResType Folders |
Retrieves a list of the child resources on the specified managed host. |
Details retrieved:
Table 207: Details retrieved
| Path |
The full path of the child resource. |
| DuGPath |
The path used for data under governance operations.
This will always be empty when shown from the cmdlet; however, it is used elsewhere in the application. |
| ManagedHostId |
The value (GUID) assigned to the managed host where the resource is located. |
| ResourceType |
The type of child resource. |
| Properties |
The properties of the child resource (such as name, date last modified, file size).
These are the properties you see in the Resource browser. |
Get-QFileSystemSearchResults
Search an NTFS folder or share for files. Using this command, you can search multiple data roots at once.
Syntax:
Get-QFileSystemSearchResults [-SearchRoots] <String[]> [-SearchTerm] <String> [[-ItemsRequested] [<Int32>]] [<CommonParameters>]
Table 208: Parameters
| SearchRoots |
Specify a string array of NTFS roots to search. |
| SearchTerm |
Specify the string that contains the search term.
You can use the * wildcard character to search for resources. For example, enter Finance* to return all resources with a name that begins with Finance, *.txt to return all resources that end with .txt, and *Fin* to return all resources that contain "Fin". |
| ItemsRequested |
(Optional) Specify the number of items you would like returned. |
Examples:
Table 209: Examples
| Get-QFileSystemSearchResults -SearchRoots "\\2K8R2DJSQL\C$\Test Data" -SearchTerm "*.txt" |
Finds files with the .txt extension in the specified directory. |
Details retrieved:
The following details are returned for each file system resource found in the specified directory that matched the specified search term.
Table 210: Details retrieved
| Path |
The full path of the file system resource. |
| DuGPath |
The path used for data under governance operations.
This will always be empty when shown from the cmdlet; however, it is used elsewhere in the application. |
| ManageHostId |
The ID (GUID format) of the managed host where the file system resource resides. |
| ResourceType |
The type of resource. |
| Properties |
Properties assigned to the file system resources (such as Attributes, Reserved, FileSize, LastModified).
These are the properties you see in the Resource browser. |
