You can customize the One Identity Manager schema by loading so-called transport packages. One Identity Manager recognizes the following types of transport packages that can be copied to the database depending on requirements.
Table 36: Transport package
Migration package |
Migration packages are provided by for the initial database schema installation, for service pack and complete version updates. A migration package contains all the necessary tables, data types, database procedures, and the default One Identity Manager configuration. |
Configuration Wizard |
Hotfix package |
Hotfix packages are provided to load individual corrections to the default configuration such as templates, scripts, processes, or files into the database. Multiple hotfix packages are combined into one cumulative hotfix package.
NOTE: If a hotfix package only contains changed files, load these files into the database using the Software Loader file. |
Database Transporter
Software Loader |
Custom configuration package |
A custom configuration package is used to exchange customer specific changes between the development, test, and productive system database. This transport package is created by the customer and loaded into the database. |
Database Transporter |
NOTE: If other configuration customizations are to be transferred to a One Identity Manager database in addition to a hotfix package, you can create a cumulative transport package to do this and, by using the Database Transporter, import the transport package into the target database.
Related topics
Different methods are implemented for transporting modifications.
-
Transport of single objects is done through the object layer.
When you import a transport package, the permissions, templates, and customizer in the target database are taken into account.
This method is used, for example, if you use the Database Transporter program to create and import custom configuration packages that contain modifications to a system user, modifications starting from a defined date or to individual objects.
-
The transport of the entire system configuration is done through a transfer buffer.
All relevant tables are checked when creating the transport package. The condition applied to the table, defines which objects are transported. The primary key is used to establish whether the transport entry has a GUID module and whether it is transferred to the source database transfer buffer. The transfer buffer is read and transport package is created. When importing into the target database, the contents of the transport package is transferred to the target database's transfer buffer. The information is then transferred to the target tables.
This method is used if you use the Database Transporter program to create and import custom configuration packages that contain the complete system configuration.
-
The system configuration transport as a delta transport, identifies the differences in the configuration data between an existing configuration file and the connected database. These changes are written as insert, update, and delete operations in the new configuration file. The data is imported faster than if the system configuration is transported in its entirety.
When a transport package is imported into a One Identity Manager database, the following operations are carried out:
-
Inserting objects
If no object was found in the destination database using the primary key or alternative key, a new object is created with this key value.
-
Updating objects
An object found in the target database using the primary key will be updated. The update is done using the configuration buffer.
If transporting modifies a default configuration, the default configuration is moved into the configuration buffer. You can retrieve changes from the configuration buffer and restore the default configuration in this way.
If, during a One Identity Manager version upgrade, the default configuration is changed by a service pack, a complete version upgrade or by loading a hotfix package, a check is made to see if it has already been customized. In this case, the modified default configuration is copied to the configuration buffer. This ensures that customizations do not go missing.
-
Deleting objects
Objects that are no longer needed are deleted. This operation is always run if the entire system configuration is transported.
Related topics
To exchange customizations between the development database, test database and the productive database, use the Database Transporter to create transport packages. You also use the Database Transporter to import the transport packages into the target database.
Tips for creating transport packages
-
To copy individual objects into a transport package, specify the export criteria in Database Transporter. For example, you can export all changes made by a system user, changes made starting from a defined date or change labels. We recommend that you limit the custom configuration package if you are transporting individual changes.
-
You should only create a transport for the full system configuration if you want to copy all the adjustments to the system configuration from a test database into an initial productive database.
-
To import transport packages with the Database Transporter, the user needs the program function Allows transport packages to be imported into the database (Transport_Import).
-
The export date, the export description, database revision and the name of the export file in the source database transport history are recorded when a transport package is created with the Database Transporter.
Tips for importing transport packages
-
You can display the contents of a transport package with the Database Transporter before you import.
-
Before importing a transport package, you can protect individual properties from being overwritten in the target database.
-
To import transport packages with Database Transporter, the user requires the Allows transport packages to be imported into the database (Transport_Import) program function.
-
Start Database Transporter on an administrative workstation.
-
Depending on the type of transport, the database is set to single-user mode for the duration of the import. Close as many existing connections to the database as possible before starting the import. It is not mandatory to close the One Identity Manager Service connections. However, ensure that there are no processes running when the import is going to start.
-
When you import a transport package with schema extensions, the database is set to maintenance mode. Objects cannot be processed in the database during this time.
-
When importing a transport of the system configuration into a target database, you must also follow the Tips for importing the system configuration.
-
When you import a transport package with the Database Transporter, the import date and description, the database version, and the transport package name are recorded in the transport history of the target database.
Related topics
Before importing a transport package, you can protect individual properties from being overwritten in the target database.
For example, you may want to block processing, as follows:
-
Configuration parameters and their values should not be overwritten when a test environment is transported to a productive system.
-
Server configurations should neither be overwritten in the test environment nor the productive system during a transport.
NOTE: To lock properties for editing, users require the Allow setting a change lock for specific properties of individual objects program function (Common_AllowPropertyLocks).
If certain users are allowed to lock properties for editing, you can assign the permissions to the users through permissions groups.
-
The QBM_PropertyLock permissions group is provided for non role-based login. This group owns the program function. Add the system users to the permissions groups. Administrative system users automatically obtain these permissions groups.
-
The QER_4_PropertyLock permissions group is provided for non role-based login. This group owns the program function. The permissions group is linked to the Base roles | Lock single properties application role. Add the employees to the application role.
To unlock and unlock a single property
-
Open the object in the Designer or the Manager.
-
Click the property name and select one of the following options from the context menu: