Defining where new resources get created can be very complicated and specific to your organization. The Data Governance server allows you to select a managed host or use a server selection script to select the QAMNode to host a new file system share. Creating customized server selection scripts allows you to define the server selection process to be used for selecting the appropriate QAMNode. Available server selection scripts appear on the Server Selection Scripts dialog when the Data Governance Administrator selects to assign a file share host using the script option on the File Share page of the New File Share dialog.
By default, Data Governance Edition provides the following server selection script, which is available in the QAMServerSelectionScript table in One Identity Manager:
- QAM_RandomNode: Randomly selects a managed host from those that have been specified as target machines (that is, managed hosts that have the IsManagedResourceHost flag set to True).
A managed resource function is a One Identity Manager script that can be invoked indirectly by some arbitrary name to satisfy a pre-defined extension point in the business logic. Data Governance Edition provides sample managed resource function records that contain the necessary mappings to perform the following functions which are used in the default process chain (QAM Create DGE Managed Resource) to fulfill self-service requests to managed resources:
- Locate a job server that can process new shares and file paths when creating a new managed resource.
- Locate the Active Directory container ID to be used when creating the new managed resource groups.
- Set a restriction list for managed resource creation.
You can override the default functionality, by mapping a custom script to a predefined managed resource function record. However, each custom script must match the function signature and return the expected object. By doing this, you eliminate the need to modify the existing process chain. If you create a new managed resource function, you are required to create a custom process chain to call the custom managed resource function record.
Before you begin
To point an existing managed resource function record to a custom script (Object Browser)
The ManagedResourceFunction table contains a mapping between the function name and the script to be run. By overriding the functionality in this manner you do not need to modify the process chain.
- Open the Object Browser.
- In the Navigation view, locate and select QAMManagedResourceFunction.
- From the Managed Resource Function result list, select the managed resource function record to be mapped to the new script. For example, select Simple Share - SetRestrictionList.
-
In the Managed Resource Function page (right pane), specify the following:
- UID_DialogScript: Use the drop-down menu to select your custom script.
- UID_QAMManagedResourceType: Do not modify this setting. The function name is unique by ManagedResourceType.
- Description: (Optional) Enter a new description for the managed resource function record.
- Name: Do not modify this setting.
Note: UID_QAMManagedResourceFunction: This value is automatically generated by One Identity Manager and cannot be modified.
-
Click the Save toolbar button to save your selections.
To point an existing managed resource function record to a custom script (PowerShell)
-
If necessary, run the following cmdlet to import the QAM.Client.PowerShell.dll assembly:
Import-Module "<path>"
Where <path> is the file path for the QAM.Client.PowerShell.dll assembly. By default, the <path> for the Data Governance server machine is "C:\Program Files\One Identity\One Identity Manager\QAM.Client.PowerShell.dll".
-
Run the following cmdlet to map a custom script:
Set-QManagedResourceFunction -Id <String> [-Description [<String>]] -DialogScriptID <String>
- Id: Enter the value (GUID) assigned to the managed resource function (UID_QAMManagedResourceFunction) to be changed.
- Description: (Optional) Enter a different description.
- DialogScriptID: Enter the ID (GUID) assigned to the custom script when it was created in One Identity Manager.
For more information, see Managed resource function management.
One Identity Manager uses process steps (also known as process chains) to represent company workflows. A default process chain is provided to fulfill self-service share creation requests; however, if the workflow defined in the default process does not meet your company's procedures, you can use the Process Editor in the Designer to create a new process or modify the default process chains. In order to fulfill self-service share creation requests, the following process chain is provided:
- QAM Create DGE Managed Resource: Defines the process steps for validating the creation parameters, and creating the groups and file share once the request has been approved.
To modify the file share creation process chain
- Use the Process Editor to copy the default process.
-
From the navigation pane, select Process Orchestration and expand Processes to locate target process.
- PersonWantsOrg | QAM Create DGE Managed Resource
-
Right-click and select Navigation | Process Editor | Edit process or click the Edit process task in the far right pane.
The current process is loaded and displayed in the process editor.
-
Use the Process | Copy menu command to make a copy of the original process chain.
The Copy process wizard appears. Ensure the following copy options are selected on the first page:
- Rename process steps
- Copy events
- Disable source process
Enter the requested information (for example, name of the new process and names for the process steps).
- Modify the process chain as required and save your selections.
For more information on modifying process chains, see the One Identity Manager Configuration Guide.
