Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 8.2 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Logging data changes

NOTE: The information is displayed in the Manager in the process view. For more information, see the One Identity Manager Operational Guide.

To log data changes

  • In the Designer, check whether the Common | ProcessState configuration parameter is set. If not, set the configuration parameter.

  • In the Designer, set the Common | ProcessState | PropertyLog configuration parameter and compile the database.

    When this configuration parameter is set, changes to individual values are logged and shown in the process view in the Manager.

    If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the Conditional compilation using preprocessor conditions.

  • (Optional) To log changes for the user data part to properties that belong to an alternative key, in the Designer, set the Common | ProcessState | PropertyLog | AutoTrackAlternatePK | PayLoad configuration parameter.

  • (Optional) To log changes for the user data part to properties that belong to an alternative key, in the Designer, set the Common | ProcessState | PropertyLog | AutoTrackAlternatePK | PayLoad configuration parameter.

  • Label columns for which changes will be logged.

  • Label columns to be logged when an object is deleted.

    TIP: If you set the Common | ProcessState | PropertyLog | AllDefaultPropertiesForModel configuration parameter in the Designer, One Identity Manager schema columns are already labeled for logging changes and deletions. Define which columns are affected in the QBMVDefaultHistoryColumns table.

Add, change, and delete operations can be recorded for objects. The GenProcID trigger is also passed down so that the changes to one object can be grouped together. The data changes are stored in the DialogWatchOperation and DialogWatchProperty tables. An entry is also created in the status DialogProcess table for the triggering action.

The following information is collected for these operations:

  • Adding an object

    If a new object is added, the object key, object display name, date of insertion, and user are logged.

  • Changing an object

    If a column is changed the old value, change date, and user are logged. Depending on the Common | ProcessState | PropertyLog | AutoTrackAlternatePK and Common | ProcessState | PropertyLog | AutoTrackAlternatePK | PayLoad configuration parameters, changes to properties belonging to an alternative key are logged.

  • Deleting an object

    If an object is deleted, the columns to be logged an all primary key columns are logged. The value, deletion date and user are logged.

Related topics

Labeling columns for recording changes to data

TIP: If you set the Common | ProcessState | PropertyLog | AllDefaultPropertiesForModel configuration parameter in the Designer, One Identity Manager schema columns are already labeled for logging changes and deletions. Define which columns are affected in the QBMVDefaultHistoryColumns database view.

To label a column for recording

  1. In the Designer, select the One Identity Manager schema category.

  2. Select the table and start the Schema Editor with Show table definition.

  3. Select the column and then the Column properties view.

  4. Select the Miscellaneous tab and edit the following properties.

    • Log changes: Set this option to log changes to data in the column.

    • Log changes when deleting: Set this option to record the column when the object is deleted.

Related topics

Logging process information during process handling

NOTE: The information is displayed in the Manager in the process view. For more information, see the One Identity Manager Operational Guide.

To log process information

  • In the Designer, check if the Common | ProcessState configuration parameter is set. If not, set the configuration parameter.

  • In the Designer, check if the Common | ProcessState | ProgressView configuration parameter is set. If not, set the configuration parameter. Select the scope of logging through the configuration parameter option.

    Permitted values are:

    • 1: Full process tracking Process information from all processes marked for process tracking is logged.

    • 2: Web Portal tracking Only process information for process marked for process tracking the Web Portal is logged. (default)

  • Label the process and process steps for process tracking and define templates for event, process, and process step process information.

    In the Designer, use the Process Editor to set up templates for creating process information for processes, process steps, and events. Use #LD notation for language-dependent definition of process information.

If the Common | ProcessState | ProgressView configuration parameter is enabled, the Job generator creates entries in the status tables during process generation for processes, process steps, and events with process information.

Right at the start, the Job Generator uses the GenProcID for the generating operation. If there is no GenProcID passed at runtime, a new one is automatically created. This ID is written to the GenProcID global variable for the current database connection object before the process is generated. It can, therefore, be used by all processes. All partial steps that are triggered by a generating operation are grouped together in this way and logged. Bulk operations, such as synchronization and CSV import, are an exception. In this case, a new GenProcID is created for each individual step in tracking the object changes and not for the process as a whole.

An entry is set up in the DialogProcessStep status table for each process step that is marked for tracking. For each process that has at least one such process step, an entry is made in the DialogProcessChain status table. For each generating operation that has caused an entry in the DialogProcessChain status table, an entry is written to the DialogProcess status table. At the same time, the Job Generator creates the display name for the process view by running the given VB.Net expression for the process information.

The possible processing states and additional information available for the respective processing statuses are listed in the following tables.

Table 121: Possible process states
Process State Description

Initial

<generated> ::= "G"

End of processing

<finalstate> ::= <ended> | <failed> | <not run>

where:

<ended> ::= "E" (processing successful)

<failed> ::= "F" (processing unsuccessful)

<not run> ::= "N" (no longer accessible during processing)

In progress

<workingstate> ::= <delayed> | <processing> [<ProcessStateAddON>]

where:

<delayed> ::= "D" (processing delayed)

<Long delayed>::="L" (processing was put on hold)

<processing> ::= "P" (in progress)

<ProcessStateAddON> ( optional additional information)

Table 122: Possible additional information
Additional Information Description

Processing deferred until

<datetime> ::= <YYYY> - <MM> - <DD> <HH> : <NN> : <SS>

where:

<YYYY> ::= 1980..9999

<MM> ::= 01..12

<DD> ::= 01..31

<HH> ::= 00..23<NN> ::= 00..59

<SS> ::= 00..59

Retries

<retryinfo> ::= 1..99

Related topics

Editing process information for processes

To edit process information for a process

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Click on the element for the process in the process document.

  4. On the General tab in the Process properties view, edit the following information.

    • Process information: Select how the process information should be logged.

      Permitted values are:

      • None: The process information is not logged.

      • Full process tracking: The process information is logged and displayed in the Manager.

      • Web Portal tracking: The process information is logged and displayed in the Manager and the Web Portal.

  5. Enter the following information in the Process properties view on the Process tracking tab.

    • Process information: Value template for the process information as VB.NET term. Use #LD notation for language-dependent definition of process information.

Related topics
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione