Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.3 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics The full-text search in One Identity Manager Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Displaying messages in the user interface Referencing packages and files in scripts Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Committing and compiling script changes Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue Processor tasks Structure of the Jobservice.cfg configuration file

Change labels for the schema extensions

Assign a change label to the schema extensions. Change labels are offered as export criteria in the Database Transporter when you create a customer transport package.

To assign a change label in the Schema Extension

  • On the Define change label page, choose one of the following options.

    • No change label

    • Add new change label: In the Change label box, enter the name of the change label.

    • Use existing change label: Select a change label from the Change label drop-down.

For more information about working with change labels, see the One Identity Manager Operational Guide.

Adding schema extensions to the database

In this step, you add the schema extensions to the One Identity Manager database.

To add schema extensions in the Schema Extension

  1. Changes to the schema are displayed on the System modifications page.

    1. Set Attach statements to existing file to add the statements to an existing file.

    2. Select Save to file and enter a file name. The statements are saved as an XML file.

  2. Click Continue.

  3. Confirm the security prompt with Yes.

    The schema extensions are added to the database and the necessary extensions are made to the One Identity Manager system data model. This make take some time.

  4. The current DBQueue Processor calculation tasks are displayed on the System queue page. After the calculation tasks have finished processing, click Next.

  5. On the Compilation page, click Next.

    The compilation process can take some time.

  6. Click Next after compilation is complete.

  7. On the last page, you return to the beginning of the wizard to enter more extensions or click Finished to end the program.

After completing the schema extensions, you can access them with One Identity Manager tools and make further changes.

Related topics

Recommendations for advanced configuration of custom schema extensions

Once you have added custom tables or columns to the One Identity Manager schema, some additional steps are necessary to display the extensions in the Manager user interface.

General recommendations
  • Edit the object layer using the One Identity Manager tools. This ensures that the data generated have the expected format.

  • Always edit the object layer in the default language of a One Identity Manager installation, for example, English - United States [en-US]. For this purpose, set the login language to English (USA) in the One Identity Manager tools.

  • The Designer contains a variety of consistency checks. Run these consistency checks and apply the repair methods after carrying out a schema extension and after making changes to table and column definitions. For more information about checking data consistency, see the One Identity Manager Operational Guide.

Recommendations for table definitions, column definitions and table relations.

The properties include, for example, display names, descriptions, display templates for tables and columns, value templates, formatting, required field definitions. For more information, see One Identity Manager schema basics.

  • Use the Designer‘s Schema Editor to edit the table definitions and column definitions.

  • Set the table usage types in the Designer. The table's usage type provides the basis for reports and the selection of tasks for daily maintenance.

  • In the Designer, edit the display name and icon for the tables. These properties are used when you create object definitions for the table.

  • In the Designer, define a display pattern to present table entries for instance in the result list of the One Identity Manager tools or in reports.

    NOTE: You do not need to enter a display template for many-to-many tables. For these tables, the viDB.DLL forms the display template from the foreign keys.
  • If there is a column combination for a table that needs to be unique, you define multi-column uniqueness in the Designer.

  • In the Designer, arrange the tables in the schema overview of the Schema Editor. Otherwise, the schema overview shows all new tables in the upper left corner of the module. The colored module background will be automatically adjusted upon re-loading objects.

  • In the Designer, record the display name for each column as well as a comment regarding display in the One Identity Manager tools.

  • In the Designer, you can label columns containing passwords with Encrypted.

  • The syntax type of the column definition is used to give the One Identity Manager tools the appropriate syntax highlighting or input assistance.

  • In the Designer, flag columns containing a user account name with the Central user account value in the Table lookup support property.

  • In the Designer, flag columns containing an email address with the Email address value in the Table lookup support property.

  • To include tables when determining identities for user accounts or email addresses, in the Designer, enter the path to the identity object in the Identity object path for table lookup support property. The resulting data is mapped in QBMSplittedLookup.SplittedElement. If an identity should not be determined for a table, enter the value no.

Recommendations for permissions

When you extend a schema using the Schema Extension program, you already assign permissions to permissions groups. You can carry on editing permissions in the Permissions Editor‘s Designer and also create permissions groups with the User & Permissions Group Editor. Permissions groups can be linked to application roles. The users are assigned to application roles and therefore receive the permissions they require. For more information, see the One Identity Manager Authorization and Authentication Guide.

Recommendations for object definitions

The data in the user interfaces is represented by means of objects. A generally applicable object definition without any limiting selection criteria is already created with the Schema Extension program. You can create other object definition constraints in addition. You create object definitions in the Designer. For more information, see Object definitions for the user interface.

Recommendations for navigation structure

Expand the menu to display the data in the Manager. Use the Designer's User Interface Editor to create menu items for navigation and result lists. For more information, see User interface navigation and Recommendations for editing menu navigation.

Recommendations for user interface forms

Create or extend the forms for editing and displaying in the Manager. For more information, see Recommendations for editing forms, Editing user interface forms, Forms for custom extensions, and Working with overview forms.

Recommendations for task definitions

If you want to offer particular tasks for the objects in the Manager, you must create task definitions in the Designer. For more information, see Task definitions for the user interface.

  • Create new task definitions if required.

  • Task definitions are created for object definitions so that different tasks can be shown in the user interface depending on the selected objects. If required, create more object definitions.

  • Assign the task definitions to the permissions groups for non role-based and role-based login.

  • If required, assign a program function to the task definition. For more information, see the One Identity Manager Authorization and Authentication Guide.

Recommendations for analyzes

For data analysis purposes, you need to create statistics definitions and reports and incorporate these in the user interface. For more information, see Statistics in One Identity Manager and Reports in One Identity Manager.

Recommendations for localizing texts

For language-dependent display of texts in the Manager such as column names, comments, menu items, and form names, translate the texts using the Designer‘s Language Editor. For more information, see Language-dependent data representation.

Notes for custom functions, triggers, or database procedures

You cannot create custom functions, triggers, or database procedures with the Schema Extension program. If you need custom functions, triggers, or database procedures, add these to the database in a suitable program for running SQL queries.

Keep to the following conventions for name database components.

  • Name begin with the CCC_ string.

  • All names are a maximum of 30 characters long.

  • One Identity recommends using UpperCamelCase as notation for the names.

  • Names of triggers

    CCC_T[I|U|D]abc

    with:

    T: Trigger identifier

    I: Insert

    U: Update

    D: Delete

    abc: 4. to 27th character of the table name (recommended)

  • Names of functions

    CCC_F[GI|CV]abc

    with:

    F: Labeled as function

    CV: Convert function

    GI: Get Information

    abc: Freely selectable

  • Names of table functions

    CCC_[TF|IF]abc

    with:

    TF: Labeled as table function

    IF: Labeled as inline function

    abc: Freely selectable

  • Names of procedures

    CCC_Pabc

    with:

    P : Labeled as procedure

    abc: Freely selectable

NOTE: To disable custom triggers centrally, create a configuration parameter below the Custom configuration parameter and query it in the trigger code.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation