Customizing the One Identity Manager default configuration
You can customize large parts of the One Identity Manager default configuration. For example, you can specify your own display names for columns or menu items or define your own templates and formatting rule for column values.
If you customize a default configuration, the change is captured by a trigger and the default configuration is copied into a configuration buffer. You can retrieve changes from the configuration buffer and restore the default configuration in this way.
-
Changes to data are labeled with the icon in front of the modified value. As long as the changes have not been saved, you can restore them by clicking the icon.
-
Changes to the default configuration are labeled with the Designer icon in the . To restore the default configuration, click the icon.
If the default configuration is changed by a service pack, a complete version upgrade or by loading a hotfix package during a One Identity Manager version upgrade, a check is made to see if it has already been customized. In this case, the modified default configuration is copied to the configuration buffer. This ensures that customizations do not go missing.
Reloading changes dynamically
Cached system data can be dynamically reloaded if it has changed. The changes are reloaded automatically in background.
An exception to this are changes that effect the character of the user interface. These changes are only reloaded after requesting confirmation from the user. The user can decide when to accept these changes. In the status bar of the Manager, the icon indicates that the user interface was modified.
The semaphore is incremented when changes are made. The semaphore is calculated when the DBQueue Processor is run.
To configure the reloading of changes
-
In the Designer, check if the Common | CacheReload configuration parameter is set. Otherwise, set the configuration parameter and compile the database.
-
Use the Common | CacheReload | Type configuration parameter to specify the method for checking the validity of cached information. Permitted values are:
-
ALWAYS: The validity of the cached information is checked during every access.
-
NEVER: The validity of the cached information is never checked.
-
TIMER: The validity of the cached information is checked on expiry of the interval.
-
If you use the TIMER method, specify the time in seconds in the Common | CacheReload | Interval configuration parameter after which the values are to be checked when they are accessed.
Which columns are reloaded is defined in the data model. In the Designer, you can find an overview of the semaphore in the category Base data > Advanced > Semaphore.
-
To reload data after changes to a column, the column must be assigned to the semaphore.
-
To reload data after inserting or deleting in a table, the primary column key must be assigned to the semaphore.
Table 4: Changes to reload
Changes to the Web Portal configuration |
AEDS |
Changes to permissions for Web API methods |
AEDSGROUP |
Script assembly and Customizer |
Assembly |
Calculate column dependencies |
BulkdDependencies |
Names, such as column headings or display text |
Caption |
Configuration parameter |
Config |
Countries and time zones |
Country |
Statistical content |
DashBoardContent |
Statistic definitions |
DashBoardDef |
Configuring the Database Agent Service |
DatabaseAgentConfig |
Parts of user interface |
Dialog |
Changes to synchronization configuration |
DPRConfiguration |
Use of special program functions |
Feature |
Icons |
Image |
Changes to predefined SQL queries |
LimitedSQL |
Tables, columns, table relations, column relations, objects, tasks |
Model |
Module dependencies |
ModuleDepend |
Notification |
Notification |
Changes to password policies |
PasswordPolicy |
Permissions and permissions groups |
Right |
Software revisions status (for software update) |
SoftwareRevision |
User data stored in memory. |
UserDataResident |
Locking and unlocking individual properties for editing
You can prevent individual properties from being overwritten by transports or normal editing using a lock.
For example, you may want to block processing, as follows:
-
Configuration parameters and their values should not be overwritten when a test environment is transported to a production environment.
-
Server configurations should neither be overwritten in the test environment nor the production system during a transport.
NOTE: To stop properties from being edited, users require the Common_AllowPropertyLocks program function.
If certain users are allowed to lock properties for editing, you can assign the permissions to the users through permissions groups.
-
The QBM_PropertyLock permissions group is provided for non role-based login. This group owns the program function. Add the system users to the permissions groups. Administrative system users automatically obtain these permissions groups.
-
The QER_4_PropertyLock permissions group is provided for non role-based login. This group owns the program function. The permissions group is linked to the Base roles | Lock single properties application role. Add the identities to the application role.
To unlock and unlock a single property
-
Open the object in the Designer or the Manager.
-
Click the property name and select one of the following options from the context menu:
System configuration reports
In the Designer, different reports about the system configuration and customizations are available. When you select an entry in this category the corresponding report is generated. Generating the report may take some time depending on its size.
To display a report about the system configuration
Table 5: System configuration reports
System configuration |
This report contains the description and settings of enabled configuration parameters. |
Processes |
This report contains the description of all enabled default processes. The process steps and their parameters as well as the scripts used and configuration parameters for a process are listed. |
Process Components |
The report contains the description of all process components with their tasks and parameters. |
Templates |
This report contains the descriptions of all default templates including affected columns, scripts used and configuration parameters. |
Formatting rules |
This report contains the description of all default formatting rules including scripts used and configuration parameters. |
Scripts |
This report contains the description of all default scripts including configuration parameters used. The usage in processes, process steps, templates, formatting rules and scripts is listed for each script. |
TimeTrace |
The report shows the configuration of the TimeTrace. |
Full report |
Full report about system configuration. The report summarizes the information contained in the partial reports. |
Table 6: Reports available for customizing
System configuration |
This report contains the description and settings of enabled configuration parameters. |
Processes |
This report contains the description of all enabled default processes. The process steps and their parameters as well as the scripts used and configuration parameters for a process are listed. |
Templates |
This report contains the descriptions of all default templates including affected columns, scripts used and configuration parameters. |
Formatting rules |
This report contains the description of all default formatting rules including scripts used and configuration parameters. |
Scripts |
This report contains the description of all default scripts including the configuration parameters used. Process usage, process steps, templates, formatting rules and scripts are listed for each script. |
One Identity Manager schema |
This report contains the description of custom One Identity Manager schema extensions (tables and columns). In addition, information about customized database objects is also listed, such as database procedures, functions, triggers, or view definitions. |
Full report |
Full report about system configuration. The report summarizes the information contained in the partial reports. |