Business Resource Owners
Business resources in Data Access Security are assigned to users so they can see the resources in the various screens they are permitted to access. The business resources assigned to a user are defined as the user’s scope. A business resources owner, or Data Owner, is defined in the system as a user with user scope assigned to them, who has the Data Owner capability. The Data Owner is the owner all the business resources that are assigned to them.
Assigning Data Owners
You can select business resource owners through any of the following methods:
Manually (using Data Owners page) - Navigate to Resources > Owners. See Assigning a Data Owner Manually for more information.
Bulk Upload (using Import User Scope) - See Import User Scope for more information.
Important
This process only updates the user scope. You must add the Data Owner capability in order to make the user a data owner of this scope.
Important
The bulk assignment of data ownership overrides data ownership previously assigned to an individual business resource.
Assigning a Data Owner Manually
By default, data owners own the entire tree below the business resource they are assigned to, via data owner hierarchy.
To assign a data owner to a resource manually, you must first break the hierarchy.
Complete the following to add a data owner to a resource:
- Navigate to Resources > Owners.
- Select a resource from the resources tree on the panel on the left.
-
If there is a current owner inherited from a higher hierarchy, uncheck Inherit data owners from [application][business resource]. There are two options for breaking the hierarchy:
- Yes - Breaks the inheritance and removes the current owner(s).
- Yes - Copy the current owners - Breaks the inheritance and adds a new owner in addition to the current owner(s).
-
Select + Add New Owner.
- Select the requested user by entering part of the name and selecting from the dropdown list.
- Select Save.
Data Owner Inheritance
The owner of a business resource is also the owner of the child business resource, unless you assign a different data owner to a specific child business resource.
If the business resource has an owner through data owner inheritance, there is no button to add an owner. Breaking the inheritance allows assigning additional data owners at this level and below.
If you break the data owner inheritance but do not assign a new owner, the data owner inheritance switches back on.
The new owner assigned to the business resource is the owner of the current and all downstream resources.
Breaking Data Ownership Inheritance
In this example, Data_Admin is the owner of folder C$\Data.
You want to assign the folder C\Data\HR to Admin_HR and the folder C\Data\System to the users Data_Admin and Example_Ops.
- Navigate to Resources > Owners.
-
Assign a unique owner for HR:
- Select the folder C$\Data\HR on the Resource Tree.
- On the Current Owners panel uncheck Inherit data owners from [application]C$.
- Select Yes to indicate that you want to break the inheritance, and not continue Data_Admin as the local owner from this branch down.
- Select + Add New Owner.
- Select the user Admin_HR. You can start entering the name and select from the dropdown list.
- Select Save.
-
Assign additional owner for System:
- Select the folder C$\Data\System.
- On the Current Owners panel, uncheck Inherit data owners from [application]C$.
- Select Yes – Copy the current owners to indicate that you want to break the inheritance, and add a new owner in addition to Data_Admin for this resource.
- Select + Add New Owner.
- Select the user Example_Ops. You can starting entering the name and select from the dropdown list.
- The names Data_Admin and Example_Ops are listed as current owners for this, and all downstream folders.
- Select Save.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.