Converse agora com nosso suporte
Chat com o suporte

Identity Manager 9.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Settings for the database server and the One Identity Manager database in a managed instance in Azure SQL Database

For installation and operation of a One Identity Manager database, the following database server and database settings are required:

Table 6: Database server settings

Property

Value

Comment

Language

English

Select English as the default language for database users.

Server Collation

Case insensitive

SQL_Latin1_General_CP1_CI_AS (recommended)

 

Extreme transaction processing supported (Is XTP supported)

True

Default setting.

Table 7: Database settings

Property

Value

Comment

Collation

SQL_Latin1_General_CP1_CI_AS

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Recovery model

Full

Default setting.

Compatibility level

SQL Server 2019 (150)

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Create Statistics

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Update Statistics

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Update Statistics Asynchronously

False

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Arithmetic Abort enabled

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Quoted Identifiers Enabled

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Is Read Committed Snapshot On

True

The default setting for transactions is AutoCommit. If transactions are required, they are opened explicitly.

These settings have proven to provide the best balance between data security and performance for One Identity Manager's massive parallel processing. Other transaction modes are not supported by One Identity Manager.

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Parameterization

Forced

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Database file and date file group for memory-optimized tables

Required

Default setting.

Table variable deferred compilation (DEFERRED_COMPILATION_TV)

ON

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Interleaved execution (INTERLEAVED_EXECUTION_TVF)

ON

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Users and permissions for the One Identity Manager database in a manage instance in Azure SQL Database

The following users are identified for using a One Identity Manager database in a managed instance in Azure SQL Database with the granular permissions concept. User permissions at server and database level are matched to their tasks.

  • Installation user

    The installation user is required for the initial setup of a One Identity Manager database using the Configuration Wizard.

  • Administrative user

    The administrative user is used by components of One Identity Manager that require authorizations at server level and database level, for example, the Configuration Wizard, the DBQueue Processor, or the One Identity Manager Service.

  • Configuration user

    The configuration user can run configuration tasks within the One Identity Manager, for example, creating customer-specific schema extensions or working with the Designer. Configuration users need permissions at the server and database levels.

  • End users

    End users are only assigned permissions at database level in order, for example, to complete tasks with the Manager or the Web Portal.

For more information about minimum access levels for One Identity Manager tools, see the One Identity Manager Authorization and Authentication Guide.

Permissions for installation users

The server administrator set up when Azure SQL was deployed has the administrative permissions to directly install and use a One Identity Manager database. Likewise, the granulated permissions concept can be enabled by this user.

If this user cannot be used, an SQL login and database user must be provided with the following permissions.

SQL Server:

  • Member of dbcreator server role

    The server role is only required if the database is created using the Configuration Wizard.

  • Member of securityadmin server role

    This server role is required to create SQL logins.

  • view server state permissions with the with grant option option and alter any connection permissions with the with grant option option.

    The permissions are required to check connections and close these if necessary.

  • alter any server role permissions

    The permissions are required to create the server role for the administrative user.

msdb database:

  • alter any user permissions

    The permissions are required to create the necessary database users for the administrative user.

  • alter any role permissions

    This permission is required to create the necessary database role for the administrative user.

master database:

  • alter any user permissions

    The permissions are required to create the necessary database users for the administrative user.

  • alter any role permissions

    This permission is required to create the necessary database role for the administrative user.

  • Run permissions with the with grant option option for the xp_readerrorlog procedure

    The permissions are required to find out information about the database server's system status.

One Identity Manager database:

  • Member of the db_owner database role

    This database role is required for installing the schema with the Configuration Wizard in an existing database or for updating the schema.

Permissions for administrative users

During the installation of the One Identity Manager database with the Configuration Wizard, the following principal elements and permissions are created for the administrative user:

SQL Server:

  • OneIMAdminRole_<DatabaseName> server role

    • alter any server role permissions

      The permissions are required to create the server role for the configuration user.

    • view any definition permissions

      The permissions are required to link the SQL logins for the configuration user and the end user with the corresponding database users.

  • <DatabaseName>_Admin SQL login

    • Member of the OneIMAdminRole_<DatabaseName> server role

    • view server state permissions with the with grant option option and alter any connection permissions with the with grant option option.

      The permissions are required to check connections and close these if necessary.

master database:

  • OneIMRole_<DatabaseName> database role

    • Run permissions for the xp_readerrorlog procedure

      The permissions are required to find out information about the database server's system status.

  • OneIM_<DatabaseName> database user

    • Member of the OneIMRole_<DatabaseName> database role

    • The database user is assigned to the <DatabaseName>_Admin SQL login.

One Identity Manager database:

  • Admin database user

    • Member in db_owner database role

      The database role is required to update a database with the Configuration Wizard.

    • The database user is assigned to the <DatabaseName>_Admin SQL login.

Permissions for configuration users

During the installation of the One Identity Manager database with the Configuration Wizard, the following principal elements and permissions are created for configuration users:

SQL Server:

  • OneIMConfigRole_<DatabaseName> server role

    • view server state and alter any connection permissions

      The permissions are required to check connections and close these if necessary.

  • <DatabaseName>_Config SQL login

    • Member of the OneIMConfigRole_<DatabaseName> server role

One Identity Manager database:

  • OneIMConfigRoleDB database role

    • Create Procedure, Delete, Select, Create table, Update, Checkpoint, Create View, Insert, Run, and Create function permissions for the database

  • Config database user

    • Member of the OneIMConfigRoleDB database role

    • The database user is connected with the <DatabaseName>_Config SQL login.

Permissions for end users

The following principals are created with the permissions for end users during the installation of the One Identity Manager database with the Configuration Wizard:

SQL Server:

  • <DatabaseName>_User SQL login

One Identity Manager database:

  • OneIMUserRoleDB database role

    • Insert, Update, Select, and Delete permissions for selected tables in the database

    • View Definition permissions for the database

    • Run and References permissions for individual functions, procedures, and types

  • User database user

    • Member of the OneIMUserRoleDB database role

    • The database user is connected with the <DatabaseName>_User login.

Requirements for Azure SQL Database as database system

For more information about Azure SQL Database, refer to the Microsoft website under https://azure.microsoft.com/en-us/products/azure-sql/database/.

The following requirements and limitations apply to the use of Azure SQL Database as a database system.

  • If you use Azure SQL Database as the database system, you must supply a database. There is no support for creating a new database in Azure SQL Database with the Configuration Wizard.

  • use statements are not supported.

  • Strong passwords must be used for the SQL login.

    For more information, see under Strong Passwords in the Microsoft documentation.

Related topics

Settings for the database server and the One Identity Manager database in Azure SQL Database

For installation and operation of a One Identity Manager database, the following database server and database settings are required:

Table 8: Database server settings

Property

Value

Comment

Language

English

Select English as the default language for database users.

Server Collation

Case insensitive

SQL_Latin1_General_CP1_CI_AS (recommended)

 

Extreme transaction processing supported (Is XTP supported)

True

Default setting.

Table 9: Database settings

Property

Value

Comment

Collation

SQL_Latin1_General_CP1_CI_AS

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Recovery model

Full

Default setting.

Compatibility level

SQL Server 2019 (150)

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Create Statistics

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Update Statistics

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Update Statistics Asynchronously

False

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Arithmetic Abort enabled

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Quoted Identifiers Enabled

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Is Read Committed Snapshot On

True

The default setting for transactions is AutoCommit. If transactions are required, they are opened explicitly.

These settings have proven to provide the best balance between data security and performance for One Identity Manager's massive parallel processing. Other transaction modes are not supported by One Identity Manager.

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Parameterization

Forced

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Database file and date file group for memory-optimized tables

Required

Default setting.

Table variable deferred compilation (DEFERRED_COMPILATION_TV)

ON

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Interleaved execution (INTERLEAVED_EXECUTION_TVF)

ON

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação