After you have published data, you can view the items, such as users and applications, along with their attributes, such as a user’s phone number. Identity Governance attribute values are generally displayed as plain text. The Description field allows additional option to display text in HTML. For example, when HTML or Markdown elements are collected, curated, or entered when creating a permission, the description will render as HTML and other fields will display as plain text in the catalog and within other functional areas such as reviews and policies.
To view the attributes of a specific item in the catalog, select Catalog, the type of data you want to view, and the object you want to view.
To edit attribute values individually, select the pencil icon for that item. Identity Governance displays any attributes that the Data Administrator has designated as editable, along with the current attribute value. When you edit the data, you override the originally collected content and Identity Governance shows an icon next to the value to indicate the change. Any attribute that you edit will be persisted through subsequent collection and publication, even if the original value for the attribute changes. You can later reset the attribute value to its collected value. You can also associate tags, or metadata, so you can more easily identify the information when you create and perform a review.
To edit multiple attributes at the same time, see the following sections:
NOTE:
You can edit only the attributes that are marked as editable.
You can add new external attributes each time you collect data from a data source. However, after you publish the data for that collector, you cannot remove the attributes.
When you specify a string type for a new extended attribute, Identity Governance always truncates the string at 2000 characters.
You can reset only the attribute values that are collected. Attributes that are configured such as Last Account Review Date or Last Unmapped Account Review Date cannot be reset.
If you edit any permission records to set the excludeFromCatalog attribute to true, the only way to see these records in the catalog again is to manually change the permission table value back to false. If bulk editing was used to set the excludeFromCatalog attribute to true, copy the Bulk Data Update CSV file that made the original edits, and change the edited value to UNDO_CURATION.
IMPORTANT:Identity Governance evaluates only collected attribute values for the authentication matching rules, not edited values. For more information, see Changing the Values for Authentication Matching and Identity Governance Services
in Identity Governance 3.6 Installation and Configuration Guide.
Before you edit attribute values in bulk, a system administrator must have created the Bulk Data Update Base folder and the Input and Output subfolders, provided Identity Governance service read/write access permission to the subfolders, then specified the following parameters using the Identity Governance Configuration Utility:
The full path name of the Base folder in the file system.
Identity Governance creates the CSV data template file in the output subfolder, and you must copy the updated file to the input subfolder.
(Optional) Specifies the maximum number of CSV data rows processed at one time. This option is useful for tuning the memory usage of the Bulk Update process. The default value is 1000.
When you copy the CSV file to the input folder, Identity Governance changes the file extension as it processes the file. Here are the different extensions and processes the file goes through during the bulk process:
File Extension Name |
Process |
---|---|
.csv |
Identity Governance starts the bulk process. It is the name on the file when you add it to the input folder. |
.ph1 |
Phase 1 of the bulk process. |
.fail |
If the bulk process fails, the file name becomes .fail. |
.done |
If the bulk process succeeds, the name becomes .done. |
You can edit attribute values for multiple objects at the same time by importing the data into Identity Governance using a CSV file. For example, you might want to add photos for users in the catalog. When adding multiple values to a single attribute, separate the values with the pipe sign (|).
NOTE:When importing a bulk update file, ensure that the file matches a bulk update policy in the system. The generated bulk file that the user edits has an ID in the file that must match a bulk update policy in the system. In addition, that policy must have the same attributes, decision context attributes, and mapping attributes. If the ID and attributes do not match, the bulk update will be rejected.
To edit a number of attribute values:
Under Data Sources, select Identities or Applications depending on the type of data you want to edit.
In the upper right, select Bulk data update.
Click +.
Specify all the mandatory fields.
Click + next to Attributes to update and select the attributes.
(Optional) Select + next to Decision context attributes and select the attributes that will provide context for update decisions.
(Optional) Select + next to Mapping attributes and select the attributes that will be used to identify Identity Governance users by attribute values from other systems.
Save your settings.
Click the Export file icon to generate the template.
Copy the template from the output folder on the Identity Governance server.
Copy the template from the appropriate location on the Identity Governance server.
Edit the template, then copy it to the input folder. Identity Governance automatically detects updated files and applies the updated information to your data.
NOTE:You can specify multiple users as permission owners. When performing bulk edits of permission owners, the ID name changes from uniqueUserId to uniqueOwnerId and uniqueOwnerId requires a new flag, #true, with each permission owner ID.
You can also undo an edited value or explicitly set a value to null. Identity Governance recognizes certain keywords in cells that perform specific actions:
UNDO_CURATION: Removes any previously edited values for this attribute.
SET_NULL: Sets the appropriate null or empty value on this attribute.