Chat now with support
Chat with Support

Identity Manager 9.3 - Data Archiving Administration Guide

Permissions for the One Identity Manager History Database

Only minimal permissions are required to access the History Database. There is a sample script HDB_Create_Login_User_Role.sql on the One Identity Manager installation media in the HDB\dvd\AddOn\SDK directory.

The script allows you to set up a database user with minimal permissions for read access and a database user for write access. You can use these database users when setting up the connection to History Database in the TimeTrace.

Run the script with a suitable program for carrying out SQL queries on the History Database.

Related topics

Updating a One Identity Manager History Database

IMPORTANT: As of One Identity Manager version 9.0, History Database has been significantly simplified. On the one hand, this reduces the effort required to set up and operate the database and, on the other, enables the operation of Azure SQL Databases. The History Database only provides simplified data storage. The History Database includes neither One Identity Manager modules nor system configuration data. There are no active components anymore.

When updating a History Database with a version that is older than 9.0, note the following:

  • It is recommended to install the History Database first!

  • Existing databases are still supported for querying archived data in TimeTrace and reports. These databases do not need to be migrated.

  • If you still want to migrate an existing History Database, ensure that the all features, procedures, tables, and views that are not in the following list are deleted by the History Database migration:

    HistoryChain, HistoryJob, ProcessChain, ProcessGroup, ProcessInfo, ProcessStep, ProcessSubstitute, RawJobHistory, RawProcess, RawProcessChain, RawProcessGroup, RawProcessStep, RawProcessSubstitute, RawWatchOperation, RawWatchProperty, SourceColumn, SourceDatabase, SourceTable, WatchOperation, WatchProperty

    Save any custom extensions before migrating.

NOTE: Read the release notes for possible differing or additional steps for updating a History Database.

To update a History Database to a newer version

  1. Update the administrative workstation, on which the History Database database schema update will be started. For more information about updating an administrative database, see the One Identity Manager Installation Guide.

  2. Make a backup of the History Database.

  3. Run the History Database schema update.

    • Start the Configuration Wizard on the administrative workstation.

      Select a user who has at least administrative permissions for the History Database to update the schema with the Configuration Wizard.

      • Use the same user that you used to initially install the schema.

      • If you created an administrative user during schema installation, use that one.

      • If you selected a user with Windows authentication to install the schema, you must use the same one for updating.

  4. On the Configuration Wizard home page, select the Update database option and click Next.

  5. On the Select database page, select the database and installation directory.

    1. Select the database connection in the Select a database connection pane. Select a user who at least has administrative permissions for the History Database.

    2. In the Installation source pane, select the directory with the installation files.

  6. Other users with existing connections to the database are displayed on the Active sessions page.

    • Disconnect the connections on order to start database processing.

  7. The installation steps are shown on the Processing database page. Installation and configuration of the database are automatically carried out by the Configuration Wizard.

    TIP: Set Advanced to obtain detailed information about processing steps and the migration log. You can copy messages to the clipboard with CTRL + C.

  8. On the last page of the Configuration Wizard, click Finish.

Declaring a One Identity Manager History Database in the TimeTrace

Declare the History Database to be used for transferring data to the One Identity Manager in the TimeTrace. The One Identity Manager Service service ensures the data is transferred from the One Identity Manager database to the History Database.

NOTE: Any number of History Databases can be used for analyzing historical data in the TimeTrace and in reports. Not only are History Databases in the current format supported, but older formats in read-only mode also.

NOTE: Only one History Database can be used as a destination for data transfer at a time, all other databases are read-only.

There are different ways to establish a connection to a History Database:

Connecting a One Identity Manager History Database through an application server

Declare the History Database to be used for transferring data to the One Identity Manager in the TimeTrace. Use the Designer to set up access to the History Database.

Prerequisites for connecting a History Database through an application server

  • Declaring the History Database in the TimeTrace, requires an ID.

  • There is an ID for connecting to the History Database in the application server's appsettings.json configuration file.

    • Enter a unique ID for each History Database.

    • The ID must be entered in all application servers that can be used by users to log in to the Manager.

    • The ID must be entered for the application server that the One Identity Manager Service uses to connect.

  • The Manager and the Web Portal use the application server to log in. Otherwise the evaluation of the data changes in TimeTrace or in reports is not possible.

  • To generate and send report subscriptions and reports by email that show changes to data, there must be a Job server set up over an application server.

    For more information about setting up a Job server and about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

To link a History Database into a TimeTrace

  1. Use the Designer to log in to the One Identity Manager database.

  2. In the Designer, select the Base Data > General > TimeTrace databases category.

  3. Select the Object > New menu item.

  4. Ensure that the Use ID from application server option is set.

  5. In History database name, enter the name of the History Database.

  6. In the Connection parameter (read) field, enter the ID for connecting to the History Database.

    The ID must match the ID in the application server’s configuration file.

  7. On the History Database, where the data from the One Identity Manager database will be archived:

    1. Enable the Current transport target option.

    2. In the Connection parameter (transport) field, enter the connection parameters for connecting to the One Identity Manager History Database.

  8. Select the Database > Save to database and click Save.

NOTE: Set the Disabled option to disable the connection at a later time. If a History Database is disabled, it is not taken into account when determining change data in the TimeTrace.

To configure an ID in the application server for connecting to the History Database

  • During installation of the application server, enter the ID for connecting to the History Database.

  • To connect a History Database at a later date, enter the connection ID in the application server’s appsettings.json configuration file in the ConnectionStrings section.

    Example: Entry for the History Database ID in the appsettings.json configuration file of the application server

    "ConnectionStrings": {

    ...

    "<History Database ID>": "Data Source=<database server>;Initial Catalog=<database name>;User ID=<database user>;Password=<password>"

    ...

    }

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating