Chat now with support
Chat with Support

Identity Manager 9.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics
Overview of the One Identity Manager schema Table types and default columns in the One Identity Manager data model Notes on editing table definitions and column definitions Table definitions Column definitions Table relations Dynamic foreign key Supporting file groups
Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Preventing a change to a column

You can use value templates to prevent users from changing columns that are filled by a value template. To do this, add the name of this column in the value template in $-notation. The value template now references itself. Any change to the column is immediately overwritten by the value template. Value templates that overwrite themselves only take effect if they have been labeled as “Overwrites”.

Example:

The user should not be able to change an identity‘s central user account. This should be prevented by the value template.

  • Define a custom value template for the Person.CentralAccount column.

  • For the value templates, enable the Overwrites option.

  • Extend the default value template with the following entry: ’$CentralAccount$.

’$CentralAccount$

If Not CBool(Session.Variables.Get("FULLSYNC")) Then

Value=VI_AE_BuildCentralAccount(GetValue("UID_Person").String,$Lastname$, $Firstname$)

End If

Restricting performance of value templates

To limit the number of objects changed by a value template you can define thresholds.

To define thresholds for a value template

  1. In the Designer, select the One Identity Manager Schema category.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. Select the column and then the Column properties view.

  4. Select the Value calculation tab and edit the following properties.

    • Threshold (asynchron): Enter the maximum number of objects that can be changed directly by the value template. Once this limit has been reached, processing takes place synchronously with the One Identity Manager Service.

    • Threshold (stop): Enter the number of objects after which processing is stopped. Once this limit has been reached, processing is stopped with an error message.

    NOTE: If a stop threshold value is specified, it must be larger than the threshold for asynchronous processing.

  5. Select the Database > Commit to database and click Save.

Related topics

Example of local value templates within an object

The an identity's full name (Person.Internalname) will be derived from its surname (Person.Lastname) and first name (Person.Firstname). The value template for the Person.Internalname column looks like:

Value = $Lastname$ & ", " & $Firstname$

If the value template is labeled as "Overwrites" then each time Lastname changes a test is done to check for dependent columns that reference this value in a template. If this is the case, the value template is processed and the value is entered into the Internalname column. If the value template cannot overwrite, it only applies if there is no value in the Internalname column.

The Person.Lastname and Person.Firstname columns are the sender and the Person.Internalname column is the subscriber. The mapping for adding a database object in the DialogNotification table is:

person.lastname --> person.internalname

person.firstname --> person.internalname

Example of cross-object value templates

If a value template references a value from another object, it can be accessed using the foreign key (FK) relation.

Figure 9: Effect of cross-object value templates

If, for example, the surname of an Active Directory user account (ADSAccount.Surname) is derived from the surname of an identity (Person.Lastname), enter the template for the ADSAccount.Surname column as follows:

Value = $FK(UID_Person),Person.Lastname$

If the identity’s surname changes, the last name of the Active Directory user also changes. The Person.Lastname column is therefore the sender and the ADSAccount.Surname column is the receiver. The relation is mapped in the DialogNotification table as follows:

Person.Lastname --> ADSAccount.Surname

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating