Chat now with support
Chat mit Support

Identity Manager 8.1.5 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Using scripts Notes on message output Notes on using date values Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing of scripts in Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for executing scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Table types and default columns in the One Identity Manager data model

Different types of tables can be used at database level in One Identity Manager.

Table 14: Table types

Table type

Description

Simple table

Simple tables are the most common form for storing data.

The following columns are defined for simple tables:

  • Primary key, consisting of one column
  • Object key (XObjectKey)

Many-to-many table

Many-to-many or M:N tables contain the relationships between two other tables.

The following columns are defined for many-to-many tables:

  • Two-column primary key

    Both columns are defined as foreign key columns on the referenced table.

  • Object key (XObjectKey)

Many-to-many tables are also called assignment tables in this documentation.

Many-to-all table

Many-to-all or M:all tables are a special type of assignment tables that were developed for One Identity Manager.

M:all tables are implemented if part of an assignment (all) can reference different tables, meaning dynamically determined. Valid tables can be limited in this way. For example, the owner of a group can be a user account or a group.

Furthermore M:all tables are used if additional information about an assignment is mapped, for example, an assignment's validity period.

The following columns are defined for M:all tables:

  • Primary key
  • Foreign key defined as NOT NULL that references the primary key of another table.
  • Dynamic foreign key defined as NOT NULL that reference the object key (XObjectKey) of the valid tables.
  • Object key (XObjectKey)

You can define more foreign keys and dynamic foreign keys. These columns must be defined as NULL.

Work tables

Work tables are used to store data for which objects cannot be created. No primary key is required for work tables. However, you can define up to two primary keys.

Table 15: Default columns
Column Description
Primary key
  • If objects are generated from the table through the object layer, the table requires a primary key.

  • If a table represents a many-to-many mapping, a two column primary key is defined. Both primary key columns are defined as foreign key columns in the referenced tables.

  • No primary key is required for work tables.

  • Primary key columns must be defined in Globally Unique Identifier (GUID) format.

    Default GUID's are created in the [0-9,a-f](8-4-4-4-12) format.

    Predefined module GUID's are mapped in the <MMM>-[0-9,a-f](32) format, where <MMM> corresponds to the module prefix. Custom module GUID's are created in the <CCC>-[0-9,a-f](32) format. For more information, see Working with a globally unique identifier module.

XObjectKey

If objects are generated from the table through the object layer, the table must have an object key column. The object key (XObjectKey) is a unique key, which is capable of referencing every object in the database.

XObjectKey syntax:

<Key><T>TableName</T><P>PrimaryKeyOfRow</P></Key>

with:

  • TableName: table name

  • PrimaryKeyOfRow: primary key column's GUID

An additional <P>SecondPrimaryKeyOfRow</P> is used for two column primary keys. The order in which columns used in the XObjectKey are sorted depends on the foreign key columns identifiers (alphabetical order).

Example:

PersonInProfitcenter table

<Key><T>PersonInProfitCenter</T><P><UID_Person></P><P><>UID_Profitcenter</P></Key>

PersonInDepartment table

<Key><T>PersonInDepartment</T><P><UID_Department></P><P><>UID_Person</P></Key>

Foreign key
  • The name of the foreign key column corresponds, as far as possible, to the name of the references table's primary key.

  • Foreign key columns are defined in GUID format.

  • A table is reference through the referenced table's primary key.

  • If the foreign key column is part of a many-to-all table, the column in the One Identity Manager schema is labeled with the Part of key of many-to-all table option (DialogColumn.IsMAllKeyMember).

Dynamic foreign key
  • Dynamic foreign keys are used if a reference can point to different tables. For example, the manager of a user account (<MMM>Account.ObjectKeyManagertable) can be another user account (<MMM>Account table) or a group (<MMM>Group table).

  • Dynamic foreign keys reference the (XObjectKey) object key of the permitted tables.

  • Permitted tables can be limited. All tables are permitted, if there are no restrictions.

  • A dynamic foreign key is flagged in the One Identity Manager schema with the Dynamic foreign key option (DialogColumn.IsDynamicFK).

  • If the dynamic foreign key is part if a many-to-all table, the column in the One Identity Manager schema is labeled with the Part of key of many-to-all table option (DialogColumn.IsMAllKeyMember).

XDateInserted

The columns contain information about which users made changes at what times. The columns must always exist together.

XDateUpdated

XUserInserted

XUserUpdated
XTouched

This column contains an element's processing status. The processing status is used for creating custom configuration packages.

XMarkedForDeletion

This column defines whether the object is marked for deletion. The columns exists when:

  • The deferred deletion function can be applied to the table.

  • The table is synchronized again a target system and pending objects can be handled.

XOrigin

In order to determine the origin of an assignment, a XOrigin column is defined in a many-to-many or a many-to-all table. The individual bit positions provide the origin of a membership.

For detailed information about calculation of assignments, see the One Identity Manager Identity Management Base Module Administration Guide.

XIsInEffect
  • To discover whether an assignment is in effect, a XIsInEffect column is defined on an assignment table.

  • The column only exists if the number of assignments differs from the number of effective assignments.

    For example, if an employee is deactivated, marked for deletion, or classified as a security risk, inheritance of company resources can be prohibited for this employee. The group assignment is maintained but the assignment has no effect.

  • If the XIsInEffect column is used, a XOrigin column must exist.

For detailed information about calculation of assignments, see the One Identity Manager Identity Management Base Module Administration Guide.

XDateSubItem

This column contains the change date for dependencies and is required in order to take membership changes in a target system into account during synchronization and provisioning.

For detailed information about synchronizing and provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.

Notes on editing table definitions and column definitions

  • You can largely customize the tables and schemas from One Identity Manager to your own requirements. In the Designer, edit the tables and columns in the Schema Editor.

  • The default configuration is moved to a configuration buffer during handling. You can retrieve changes from the configuration buffer and restore the default configuration in this way.

    • Changes to data are labeled with the icon in front of the modified value. As long as the changes have not been saved, you can restore them by clicking the icon.
    • Changes to the default configuration are labeled with the Designer icon in the . To restore the default configuration, click the icon.
  • In the Designer, customized default tables and columns are displayed in the One Identity Manager Schema | Customized tables category. The table definitions and column definitions are labeled with an asterisk (*) in the Schema Editor schema. More information about the customizations is shown in a tooltip.
  • The database must be compiled for some changes to tables and columns.
  • Use the One Identity Manager program to add custom tables or columns to the Schema Extension schema. The Schema Extension program creates the schema extensions in the database and ensures that the necessary extensions are made in the One Identity Manager schema.

    You can then make further adjustments to the table definitions and column definitions in the Designer.

  • In the Designer, customized tables are displayed in the One Identity Manager Schema | Customized tables category.
  • In the Designer, you can get an overview of existing columns with value templates in the One Identity Manager Schema | Templates category. Column dependencies due to value templates are mapped in the schema overview in the Schema Editor.
  • In the Designer, you can get an overview of the existing columns in the system with predefined formatting types or formatting scripts in the One Identity Manager Schema | Formatting rules category.
  • In the Designer, reports on system configuration and customizations of tables and columns are provided in the Documentation category.
Related topics

Table definitions

The One Identity Manager module table definitions are stored in the DialogTable table. Predefined One Identity Manager schema table definitions are maintained through schema installation and only a few properties can be modified.

Use the Designer's Schema Editor to edit One Identity Manager schema table definitions.

Detailed information about this topic

Table types in One Identity Manager

For access through the object layer, the tables in the One Identity Manager schema are labeled with a particular table type. Additional properties are required for the table definition, depending on the table type.

Table 16: Table types in the One Identity Manager schema
Table types Meaning

Table

The Table table type is used for simple tables, many-to-many tables, M:all tables, and work tables.

Base table

The Base table table type is used for simple tables, many-to-many tables, M:all tables, and work tables in order to define database views with the View type. Examples of base tables include the BaseTree table for mapping roles and organizations, and the BasetreeHas* assignment tables for assigning company resources to organizations and roles.

View

The View table type is used for database views on tables with the Base table type. Database views with the View type represent subsets of the underlying tables. Database views with the View type are mainly used to map roles. For example, the database views Department, Locality and Profitcenter are subsets of the Basetree base table.

Proxy

The Proxy table type is used for database views on tables with the Table type or on database views with the View type. Database views with the Proxy type are union views of different tables. Columns are mapped between a database view of the Proxy type and the underlying tables by means of the column definitions and proxy view extensions. Database views with the Proxy type are mainly used for mapping in the Unified Namespace.

Union

The Union table type is used for database views on tables with the Table type or on database views with the View, or Proxy type. Database views with the Union type are union views of different tables and are used to group together different object types with the same context. For example, the QERAccProductUsage database view identifies which service items are used in which IT Shop products. Database views with the Union type are mainly used for editing the user interface and creating reports.

Read only

The Read only table type is used for database views on tables with the Table type or on database views with the View, Proxy, or Union type. Database views with the Read only table type may be subsets or unions of the underlying tables. Database views with the Read only type are for display only and are mainly used for editing the user interface and creating reports.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen