Chat now with support
Chat with Support

Identity Manager 9.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics
Overview of the One Identity Manager schema Table types and default columns in the One Identity Manager data model Notes on editing table definitions and column definitions Table definitions Column definitions Table relations Dynamic foreign key Supporting file groups
Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Database views of the Read-only type

Database views with the Read only table type may be subsets or unions of the underlying tables. Database view with the Read only type are predefined database views. Templates and formatting rules cannot be defined for columns in these views.

Database views of the Read only type are for display only and are mainly used for editing the user interface and creating reports.

The following information is used to define a database view of the Read only type.

Table 21: Properties for defining a database view of the Read-only type
Property Meaning

Table

Name of the table in the data model.

Type

Read only type of table.

Additional view definition

Database query as a SELECT statement for setting up the database view.

NOTE: Never select NULL as <Column>. Instead, convert this explicitly to the requested value type.

Example:

convert(nvarchar(max), NULL) as <column>

convert(varchar(38), NULL) as UID_<column>

convert(varchar(138), NULL) as ObjectKey<column>

Several extensions for the view definition can be defined. The extensions are linked to each other internally with the Union operator.

When you add a column to a custom table, an entry is created in the DialogColumn table. When you delete a column, the entry is removed from the DialogColumn table. Changes to the schema of default database views are not permitted.

Condition for view definition

Restricting condition for creating the database view as a WHERE clause for database queries. The condition is attached to the view definition generated from the extension.

Columns

Database view columns.

Related topics

Table scripts

Table scripts help you to define actions that are run before or after saving, loading, or discarding an object. In this way, substantial changes or value checks that cannot be easily done with formatting rules or templates, can be made to an object by running a table script before it is saved. After the object is saved, changes to other objects can be made or task and processes can be generated with table scripts, for example. The side effect and tasks defined in the Customizer are applied following the table scripts.

You can customize predefined default table scripts and create your own additional table scripts. Table scripts are stored in VB.Net syntax which allows use of all VB.Net script functions.

To add table scripts

  1. In the Designer, select the One Identity Manager schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. In the Table properties view, select the Table scripts tab and create the required scripts.

    Table 22: Table scripts
    script Description

    Script (OnDiscarded)

    The script is run after the object is discarded.

    Script (OnDiscarding)

    The script is run before the object is discarded.

    Script (OnLoaded)

    The script is run after the object is loaded.

    Script (OnSaved)

    The script is run after the object is saved.

    Script (OnSaving)

    The script is run before the object is saved.

  4. Select the Database > Commit to database and click Save.

IMPORTANT: Compile the database to bring the table scripts into effect.

Related topics

Working with a globally unique identifier module

To transport, for example, predefined reports, processes, workflows, or mail definitions with a complete system configuration transport, the objects require a primary key with a module GUID. These are objects are identified as part of the system configuration through the module GUID.

Syntax

The table primary key has the CCC-[0-9,a-f](32) format.

NOTE: Entries with a module GUID are transferred automatically to the transport package when a transport of the entire system configuration is created.

You can use the following table definition settings for generating a module GUID:

  • If the Module GUID permitted and Module GUID required options are enabled, the objects have to get a module GUID. The objects in this type of labeled tables are given the CCC module prefix.

  • If only the Module GUID permitted option is enabled, the objects can get a module GUID in the required format. By default, the objects obtain a default GUID in the [0-9,a-f](8-4-4-4-12) format. Create the objects with the CCC prefix if they should obtain a module GUID. You can do this using the Object Browser.

Example:
  • The Module GUID required and Module GUID permitted options are enabled on the DialogGroup table. When creating a new permissions group, the primary key is automatically generated in the format of a module GUID.

  • For the AERole table only the Module GUID permitted option is set. To ensure that your own application roles are added to the transport package, create the application roles in the Object Browser with a module GUID.

NOTE:

  • In the default case, the table's primary key is created with a default GUID. To subsequently change a default GUID to a module GUID, you use the Object Browser.

  • GUIDs in tables that are labeled with IsNoReload = 1 in the QBM_VHeavyLoadTables view cannot be changed.

IMPORTANT: Do not run the following steps for production databases. Only perform these steps within the maintenance window. Otherwise, this could lead to inconsistent data.

To change a default GUID to a module GUID

  1. In Object Browser select the object for which you want to change the default GUID.

  2. Display the Properties context menu.

  3. On the Methods tab select the SwitchToModuleGuid() method and click Run.

To change a module GUID to a default GUID

  1. In Object Browser select the object for which you want to change the module GUID.

  2. Display the Properties context menu.

  3. On the Methods tab select the SwitchToNormalGuid() method and click Run.

Related topics

Defining unique columns for tables

If there is a column or column combination for a table that needs to be unique, you define multicolumn uniqueness in the Designer. The columns are collected into a unique groups.

Example:
  • For the Hardware table, you must ensure that the name of the hardware is unique. For the Hardware table, a Hardware unique group with the Ident_Hardewarelist column is created.

  • For the ADSDomain table, the combination of the domain identifier and its defined name must provide unique values.  For the ADSDomain table, an ADSDomain unique group with the Ident_Domain and DistinguishedName columns are created.

To group together columns in a unique group

  1. In the Designer, select the One Identity Manager schema category.

  2. Select the table and start the Schema Editor with Show table definition.

  3. In the Table properties view, select the Multicolumn uniqueness tab and click .

  4. Enter the following information.

    Table 23: Properties of tables for unique groups

    Property

    Description

    Unique group

    Name of the unique group of columns.

    Columns

    Enable the columns that must be unique when combined.

    Error Message

    Text for an error message if the default error message is not to be used. Customized error messages are shown in the form:

    <table display name (Plural)>: <error message of the unique group>

    In the error you can include the following place holders:

    • {0}: Display value of the other object that already has the same value or has a value combination.

    • {1}: The conflicting value.

    The place holder syntax corresponds to a format place holder in Visual Basic .NET.

    Translate the given text using the button.

    Ignore empty values

    Specifies whether empty values are permitted in a unique group. This option can only be set if all columns in the group can be empty.

    • If the option is set, empty values are permitted in the relevant columns. If at least on of the relevant columns is not empty, uniqueness is tested. If all the group's columns are empty, uniqueness is not tested. This allows several data records to be inserted that all have empty group columns.

    • If this option is not set, empty values are permitted but only once for each column. Several data records whereby all the group's columns are empty, cannot be inserted.

  5. Select the Database > Commit to database and click Save.

TIP: To prevent empty values in a column, define a minimum length for the column in the column definition.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating