After you have published data, you can view the items, such as users and applications, along with their attributes, such as a user’s phone number. Identity Governance attribute values are generally displayed as plain text. The Description field includes the option to display text in HTML. For example, when HTML or markdown elements are collected, curated, or entered when creating a permission, the description will render as HTML, and other fields will display as plain text in the catalog and within other functional areas such as reviews and policies.
To view the attributes of a specific item in the catalog, click Catalog, the type of data you want to view, and the object you want to view.
To edit attribute values individually, click the pencil icon for that item. Identity Governance displays any attributes that the Data Administrator has designated as editable, along with the current attribute value. When you edit the data, you override the originally collected content, and Identity Governance displays an icon next to the value to indicate the change. Any attribute that you edit will be persisted through subsequent collection and publication, even if the original value for the attribute changes. You can later reset the attribute value to its collected value. You can also associate tags, or metadata, so you can more easily identify the information when you create and perform a review.
To edit multiple attributes at the same time, see the following sections:
NOTE:
You can edit only the attributes that are marked as editable.
You can add new external attributes each time you collect data from a data source. However, after you publish the data for that collector, you cannot remove the attributes.
When you specify a string type for a new extended attribute, Identity Governance always truncates the string at 2000 characters.
You can reset only the attribute values that are collected. Attributes that are configured such as Last Account Review Date or Last Unmapped Account Review Date cannot be reset.
If you edit any permission records to set the excludeFromCatalog attribute to true, the only way to see these records in the catalog again is to manually change the permission table value back to false. If bulk editing was used to set the excludeFromCatalog attribute to true, copy the Bulk Data Update CSV file that made the original edits, and change the edited value to UNDO_CURATION.
IMPORTANT:Identity Governance evaluates only collected attribute values for the authentication matching rules, not edited values. Contact your SaaS Operations Administrator for more information about authentication matching rules.
Before you edit attribute values in bulk, you must determine the bulk upload method you want to use, and a SaaS Operations Administrator must have configured bulk update for that method. Contact the SaaS Operations Administrator for your organization to set up this configuration. The available bulk upload methods are:
Identity Governance database: The SaaS Operations Administrator might use the Identity Governance Global Configuration feature or the Identity Governance Configuration Utility to configure the correct global property for this bulk update method.
Amazon Web Services (AWS) S3 bucket: Setting up an AWS S3 bucket as a bulk update method is an advanced configuration option. Contact Support for information and guidance.
Before you can use the Identity Governance database to update attribute values in bulk, a SaaS Operations Administrator must have configured the following properties :
Identity Governance creates the CSV data template file in Identity Governance database and makes it available for you to download and edit.
(Optional) Specifies the maximum number of CSV data rows processed at one time. This option is useful for tuning the memory usage of the bulk update process. The default value is 1000.
You can edit attribute values for multiple objects at the same time by importing the data into Identity Governance using a CSV file. For example, you might want to add photos for users in the catalog. When adding multiple values to a single attribute, separate the values with the pipe sign (|).
NOTE:When importing a bulk update file, ensure that the file matches a bulk update policy in the system. The generated bulk file that the user edits has an ID in the file that must match a bulk update policy in the system. In addition, that policy must have the same attributes, decision context attributes, and mapping attributes. If the ID and attributes do not match, the bulk update will be rejected.
To edit a number of attribute values:
Under Data Sources, select Identities or Applications depending on the type of data you want to edit.
In the upper right, select Bulk data update.
Click +.
Specify all the mandatory fields.
Click + next to Attributes to update and select the attributes.
(Optional) Click + next to Decision context attributes and select the attributes that will provide context for update decisions.
(Optional) Click + next to Mapping attributes and select the attributes that will be used to identify Identity Governance users by attribute values from other systems.
(Optional) Click + next to Attributes to update to select the attributes you want to update in bulk.
Save your settings.
Click the Generate bulk update template now icon.
(Conditional) If bulk update is configured to use the Identity Governance database method to generate a CSV template file, perform the following steps:
On the Identity Governance menu bar, click the Your Downloads icon.
On the Your Downloads window, select the template you generated, then click the download icon to download the template to the browser Downloads folder.
Open the browser download folder, then open the CSV template file.
Make any necessary changes, then save the file.
Click the Identity Governance upload icon.
(Conditional) If bulk update is configured to use an AWS S3 bucket to generate a CSV template file, perform the following steps:
Log in to AWS using the credentials provided by Support.
Download the CSV template file from AWS. The generated file will be in the S3 bucket and folder specified in the base folder property, and within the output subfolder.
Open the CSV template file and make any necessary changes.
Save the file.
Upload the CSV template file to the input subfolder within the AWS S3 bucket and base folder. Identity Governance automatically detects updated files and applies the updated information to your data.
NOTE:You can specify multiple users as permission owners. When performing bulk edits of permission owners, the ID name changes from uniqueUserId to uniqueOwnerId and uniqueOwnerId requires a new flag, #true, with each permission owner ID.
NOTE:If you have a large data set, the CSV template file could take longer than expected to generate and upload.
You can also undo an edited value or explicitly set a value to null. Identity Governance recognizes certain keywords in cells that perform specific actions:
UNDO_CURATION: Removes any previously edited values for this attribute.
SET_NULL: Sets the appropriate null or empty value on this attribute.
After you perform the bulk attribute update action, you can verify the changes by selecting Catalog > Identities or Catalog > Accounts to see if the attribute changes you made appear in the Catalog.