Specify how changes to system objects should be handled on the tab. You can select the following default methods. Furthermore, the schema types of the various target systems provide additional processing methods if required.
The processing methods are defined for different sets of objects.
-
Objects only found in the target system and missing in One Identity Manager.
-
Objects only found in One Identity Manager and missing in the target system.
-
Objects with modified properties
This means there are object pairs whose objects differ.
-
Objects without modifications
This means there are object pairs whose objects are identical.
Table 52: Default processing methods in a synchronization step
Insert |
Objects that only exist in one of the are added to the other system. |
Delete |
Objects that only exist in one of the connected system are deleted from the system.
The following applies to synchronization in One Identity Manager.
The object is immediately deleted if it came from a primary system. Deferred deletion is not taken into account. Deferred deletion is taken into account if the object comes from a secondary system. For more information, see Synchronizing user data with different systems. For more information about deferred deletion, see the One Identity Manager Configuration Guide. |
Update |
Objects whose properties have change are updated. |
MarkAsOutstanding |
Objects that only exist in the One Identity Manager are marked as outstanding during synchronizing in the direction of One Identity Manager. These objects can be reworked after synchronization is complete. Objects marked as outstanding are ignored by subsequent synchronization. |
No processing |
No processing methods are run. |
Table 53: Meaning of the icons
|
Adds an extra processing method for the object set.
If you allow several processing methods for one object set, add conditions for processing these methods. |
|
Create a condition for running the method.
All objects are processed the same way if you do not create a condition. |
|
Moves the processing method forwards in the running order. |
|
Moves the processing method backwards in the running order. |
|
Deletes the processing method. |
Detailed information about this topic
Some target systems provide extra methods in addition to the default ones. One Identity Manager can run different processing methods in sequence for the same set of objects.
To define different processing methods for a set of objects
- Select a processing method from the menu for an object set.
- Click to specify another processing method for this object set. Select a processing method from the menu.
- Use and to specify the order in which to run the processing methods.
Example
You can enter external user IDs for One Identity Manager user accounts in SAP. User accounts that only exist in SAP are added if One Identity Manager user accounts from SAP R/3 are synchronized with One Identity Manager. The associated external user ID's are also transferred into the target system.
Objects only found in One Identity Manager are: |
Insert
AddExtID |
Related topics
methods can be limited to a set of the objects. To do this, specify the condition under which the processing method is to be run. You can specify different processing methods for different sets of objects. These are run in the given order.
To define processing for different sets
- Select a processing method from the menu for an object set.
- Click to specify another processing method for this object set. Select a processing method from the menu.
- Create the conditions required for running the processing method. Click next to the method.
Enter the condition. You can use comparisons, logical operators, and variables. You can write queries with a wizard or enter them directly.
- Use the following expression in the condition to access the schema properties of the system in which you want the processing method to be run: Base.<schema property>
- To access the schema properties of the other system in the condition, use the expression: Other.<schema property>
- Use and to specify the order in which to run the processing methods.
Example
All user accounts that only exist in Active Directory are processed as follows when synchronizing Active Directory user accounts from One Identity Manager in the direction of One Identity Manager:
1 |
All user accounts, connected to an employee, are marked for deletion. |
MarkForDeletion |
Base._Person <> '' |
All user accounts, not connected with an employee, are deleted. |
Delete |
Base.UID_Person = '' |
2 |
All user accounts, in container A, are deleted. |
Delete |
Base.UID_ADSContainer = '4b53ff19-6ae4-4a87-86bd-eca3ddf5ebf2' |
All user accounts, not belonging to container A, are marked for deletion. |
MarkForDeletion |
Base.UID_ADSContainer <> '4b53ff19-6ae4-4a87-86bd-eca3ddf5ebf2' |
|
|
|
|
Related topics
Apart from a connector’s default and additional methods, the can also use processing methods. This is done using custom scripts.
To set up and use a custom processing method
-
In the , create a script to make the necessary modifications to the loaded objects.
Script structure:
References VI.Projector.Database.dll
<Tag("Projector")>
<BaseObjectType("Table")>
Public Sub CCC_ScriptName(unit As IUnitOfWork, entity As IEntity(), args As VI.Projector.Database.ScriptMethodArgs)
'Steps to run
...
End Sub
-
<Tag("Projector")>: Labels the script to use as a processing method. This enables the Synchronization Editor to identify the scripts to use as processing methods.
-
<BaseObjectType("Table")>: Defines the type of objects the script will be applied to. Enter the table that contains the objects to be handled.
If the script can be applied to several object types, define a separate object type for each table.
-
CCC_ScriptName: Script name. In the Synchronization Editor, you can select the script as the processing method under this name. Enter a name that uniquely describes the processing method.
For more information about creating scripts with the Script Editor, see the One Identity Manager Configuration Guide.
-
Compile the script.
-
In the Synchronization Editor, open the .
-
Select the Configuration > One Identity Manager connection category and update the One Identity Manager schema.
-
In the Workflows category, select the in which you want to use the new processing method.
-
Find the synchronization step and click Edit.
The synchronization step must handle the object type defined in the script.
-
On the Processing tab, you can select processing methods under the script name.
Example scripts
The following example script removes the manager from all departments and location that the script will be applied to as a processing method.
References VI.Projector.Database.dll
<Tag("Projector")>
<BaseObjectType("Department")>
<BaseObjectType("Locality")>
Public Sub CCC_Department_RemoveManager(unit As IUnitOfWork, entities As IEntity(), args As VI.Projector.Database.ScriptMethodArgs)
For Each currEntity As IEntity In entities
If Not String.IsNullOrEmpty(currEntity.GetValue("_PersonHead").ToString()) Then
currEntity.PutValue("UID_PersonHead","")
unit.Put(currEntity)
End If
Next
End Sub
The following sample script creates or updates database objects.
References VI.Projector.Database.dll
<Tag("Projector")>
<BaseObjectType("ADSAccount")>
Public Sub CCC_SpecialCommit(unit As IUnitOfWork, entities As IEntity(), args As VI.Projector.Database.ScriptMethodArgs)
For Each entity In entities
For Each kvp In args.Changes
entity.PutValue(kvp.Key, kvp.Value)
Next
unit.Put(entity)
Next
End Sub
Related topics