DSPM DRA - Data Assets and Data Controls
- Space Sync for Confluence
This information predates Quick Start Wizard. The instructions outlined in this document are now automated. It is no longer required to perform these steps for a new deployment.
In this document we will show you how to configure a fresh deployment of Getvisibility DSPM+ product. In particular we will:
import role templates to Keycloak
enable DSPM roles for gv master user account
ensure group membership for gv master user account
run automation scripts to populate:
list of Departments available in Policy Center
list of Data Controls rules available in Controls Orchestration
0. Prerequisites
In Keycloak / GV realm / Realm settings use Partial Import to add permissions.json and rbacSetup.json as shown below. You can ignore any remarks about some entries being skipped.
Ensure the user account that will be used to perform all actions below is a member of GV Administrators and GV Users groups.
Ensure user account used has the following Realm Roles configured: ADMIN and USER
For the same user account you will need to ensure all DSPM Client roles have been properly assigned. Here is completed list of all roles required:
realm-admin | USER |
view-users | CONNECTIONS_WRITE |
DATA_REGISTER_READ | DEPARTMENTS_FULL_READ |
DATA_RISK_WRITE | DEPARTMENTS_FULL_WRITE |
ANALYTICS_WRITE | EXPLORE_PAGE_WRITE |
PATTERN_MATCHING_WRITE | COMPLIANCE_HUB_WRITE |
DATA_REGISTER_WRITE | AGENT_CONFIGURATION_WRITE |
REPORTS_WRITE | TAGGING_WRITE |
USER_MANAGEMENT_WRITE | COMPLIANCE_HUB_READ |
ADMIN | LANGUAGE_SETTINGS_WRITE |
DEPARTMENTS_PARTIAL_WRITE | DEPARTMENTS_PARTIAL_READ |
Below you can see the two first from the list above - realm-admin and view-users being assigned to master user gv. You need to repeat the whole process to assign all roles listed above:
If at this stage you will not see the role you are looking for in Keycloak then it means you made an error when running Partial Import earlier - please revisit and verify.
At the end of this process you should have 24 roles assigned to your user:
We are now ready to run our automation scripts.
1. Prepare the environment
Run the below commands one after another:
sudo apt install jq
mkdir /tmp/scripts
cd /tmp/scripts
wget https://assets.master.k3s.getvisibility.com/dra-dashboards.tar.gz
tar -xzf dra-dashboards.tar.gz
cd data/scripts/
export GV_HOST="10.30.4.10"Replace content of GV_HOST above with the IP of the Dashboard.
2. Retrieve authentication token
Log into the Dashboard as the user we configured previously, open Developer Tools (SHIFT+CTRL+I) and click on the Network tab as per screenshot below. Copy the value of access_token inside quotation marks to your clipboard:
Update jwt_token.txt file using below command, pasting the token from clipboard:
echo "paste_your_token_here" > jwt_token.txt3. Run the scripts
bash getUsers.sh
bash setDepartments.sh
bash setDataControls.sh4. Verification
After completing the above steps, navigate to:
Policy Center→Compliance Hub→Departments:It should have HR, Finance, Marketing, Sales, InfoSec, and Engineering departments set up.
Policy Center→Controls Orchestration:It should have controls for:
New Risky Sensitive Data
PII Data at Risk
Critical Data At High Risk
Publicly exposed critical data to the world
Overshared internally critical information
Critical information shared with 3rd parties
PII Files Older than 3 years
Externally Shared Data not updated in 1 year
Valuable IP Exposure
Trade Secret Exposure
5. Troubleshooting
5.1 Departments are not populated
Confirm that your master user account is a member of GV Administrators and GV Users group.
Confirm that all the required roles have been assigned to your master user account.
Continue from step 2.
5.2 No controls in Controls Orchestration
You will need to update the jwt_token.txt as per Step 2 and then run
After that jump to step 4.
Related content
Classified as Getvisibility - Partner/Customer Confidential