Chatee ahora con Soporte
Chat con el soporte

Identity Manager 9.2.1 - Generic Database Connector User Guide for the CData ADO.NET Provider

Post-processing outstanding objects

To post-process outstanding objects

  1. In the Manager, select the Data synchronization > Target system synchronization: <target system type> category.

    All tables assigned to the target system type are displayed in the navigation view.

  2. Select the table whose outstanding objects you want to edit in the navigation view.

    All objects marked as outstanding are shown on the form.

    TIP:

    To display object properties of an outstanding object

    1. Select the object on the target system synchronization form.

    2. Open the context menu and click Show object.

  1. Select the objects you want to rework. Multi-select is possible.

  2. Click on one of the following icons in the form toolbar to run the respective method.

    Table 16: Methods for handling outstanding objects

    Icon

    Method

    Description

    Delete

    The object is immediately deleted from the One Identity Manager database. Deferred deletion is not taken into account.

    Indirect memberships cannot be deleted.

    Publish

    The object is added to the target system. The Outstanding label is removed from the object.

    This runs a target system specific process that triggers the provisioning process for the object.

    Prerequisites:

    • The table containing the object can be published.

    • The target system connector has write access to the target system.

    • A custom process is set up for provisioning the object.

    Reset

    The Outstanding label is removed for the object.

    TIP: If a method cannot be run due to certain restrictions, the respective icon is disabled.

    • To display the constraint's details, click the Show button in the Constraints column.

  3. Confirm the security prompt with Yes.

NOTE: By default, the selected objects are processed in parallel, which speeds up the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.

Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.

To disable bulk processing

  • Disable the icon in the form's toolbar.

Related topics

Configuring the provisioning of memberships

Memberships, such as user accounts in groups, are saved in assignment tables in the One Identity Manager database. During provisioning of modified memberships, changes made in the target system may be overwritten. This behavior can occur under the following conditions:

  • Memberships are saved as an object property in list form in the target system.

    Examples: List of user accounts in the Member property of a group - OR - List of profiles in the MemberOf property of a user account

  • Memberships can be modified in either of the connected systems.

  • A provisioning workflow and provisioning processes are set up.

If one membership in One Identity Manager changes, by default, the complete list of members is transferred to the target system. Therefore, memberships that were previously added to the target system are removed in the process and previously deleted memberships are added again.

To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.

To allow separate provisioning of memberships

  1. In the Manager, select the Data Synchronization > Basic configuration data > Target system types category.

  2. In the result list, select the target system type.

  3. Select the Configure tables for publishing task.

  4. Select the assignment tables that you want to set up for single provisioning. Multi-select is possible.

  5. Click Merge mode.

    NOTE:

    • This option can only be enabled for assignment tables that have a base table with a XDateSubItem column.

    • Assignment tables that are grouped together in a virtual schema property in the mapping must be marked identically.

      Example: ADSAccountInADSGroup, ADSGroupInADSGroup, and ADSMachineInADSGroup

  6. Save the changes.

For each assignment table labeled like this, the changes made in One Identity Manager are saved in a separate table. Therefore, only newly added and deleted assignments are processed. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and not the entire members list.

NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.

You can restrict single provisioning of memberships with a condition. Once merge mode has been disabled for a table, the condition is deleted. Tables that have had the condition deleted or edited are marked with the following icon: . You can restore the original condition at any time.

To restore the original condition

  1. Select the auxiliary table for which you want to restore the condition.

  2. Right-click on the selected row and select the Restore original values context menu item.

  3. Save the changes.

NOTE: To create the reference to the added or deleted assignments in the condition, use the i table alias.

Example of a condition on the UNSAccountBInUNSGroupB assignment table:

exists (select top 1 1 from UNSGroupB g
where g.UID_UNSGroupB = i.UID_UNSGroupB
and <limiting condition>)

For more information about provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.

Configuring single object synchronization

Changes made to individual objects in the target system can be immediately applied in the One Identity Manager database without having to start a full synchronization of the target system environment. Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

Prerequisites
  • A synchronization step exists that can import the changes to the changed object into One Identity Manager.

  • The table that contains the changed object is assigned to a target system type.

  • The path to the base object of the synchronization is defined for the table that contains the changed object.

Specify the tables that you want to synchronize using single object synchronization and configure single object synchronization for these tables. For more information, see the One Identity Manager Target System Synchronization Reference Guide, section Include custom tables in the synchronization.

To define the path to the base object for synchronization for a table

  1. In the Manager, select the Data Synchronization > Basic configuration data > Target system types category.

  2. In the result list, select the target system type.

  3. Select the Assign synchronization tables task.

  4. In the Add assignments pane, assign the table for which you want to use single object synchronization.

  5. Save the changes.
  6. Select the Configure tables for publishing task.

  7. Select the table and enter the Root object path.

    • If a concrete base object is defined for the target system, enter the path to the base object in the ObjectWalker notation of the VI.DB.

      Example: FK(UID_GAPCustomer).XObjectKey

    • If no concrete base object is defined for the target system, enter the XObjectKey of the base table.

      Example: <Key><T>DialogTable</T><P>RMB-T-Org</P></Key>

  8. Save the changes.

Ignoring data error in synchronization

By default, objects with incorrect data are not synchronized. For example, a user account is not loaded in the One Identity Manager database if, in the user account table, the formatting script of a column contains an email address detects invalid data. These objects can be synchronized once the data has been corrected. In certain situations, however, it might be necessary to synchronize objects like these and ignore the data properties that have errors. This synchronization behavior can be configured in One Identity Manager.

To ignoring data errors during synchronization in One Identity Manager

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > One Identity Manager connection category.

  3. In the General view, click Edit connection.

    This starts the system connection wizard.

  4. On the Additional options page, enable Try to ignore data errors.

    This option is only effective if Continue on error is set in the synchronization workflow.

    Default columns, such as primary keys, UID columns, or mandatory input columns cannot be ignored.

  5. Save the changes.

IMPORTANT: If this option is set, One Identity Manager tries to ignore commit errors that could be related to data errors in a single column. This causes the data changed in the affected column to be discarded and the object is subsequently saved again. This effects performance and leads to loss of data.

Only set this option in the exceptional circumstance of not being able to correct the data before synchronization.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación