Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Basics of the Data Model

The following types of table are used in the One Identity Manager data model.

Table 82: Table Types

The type of the table.

Description

Simple table

Simple tables are the most common form for storing data.

The following columns are defined for simple tables:

  • Primary key
  • Object key (XObjectKey)

Many-to-many table

Many-to-many or M:N tables contain the relationships between two other tables.

The following columns are defined for many-to-many tables:

  • Twin column primary key as foreign key

    Both columns are defined as foreign key columns on the referenced table.

  • Object key (XObjectKey)

Many-to-many tables are also called assignment tables in this documentation.

Many-to-all table

Many-to-all or M:all tables are a particular type of assignment table, which was developed for One Identity Manager.

M:all tables are implemented if part of an assignment (all) can reference different tables, meaning dynamically determined. Valid tables can be limited in this way. For example, the owner of a group can be a user account or a group.

Furthermore M:all tables are used if additional information about an assignment is mapped, for example, an assignment's validity period.

The following columns are defined for M:all tables:

  • Primary key
  • Foreign key defined as NOT NULL that references the primary key of another table.
  • Dynamic foreign key defined as NOT NULL that reference the object key (XObjectKey) of the valid tables.
  • Object key (XObjectKey)

You can define more foreign keys and dynamic foreign keys. These columns must be defined as NULL.

Work tables

Worktables are used to store data for which objects cannot be created. No primary key is required for work tables. However, you can define up to two primary keys.

Table 83: Required Columns
Column Description
Primary key
  • If objects are generated from the table through the object layer, the table requires a primary key.
  • If a table represents a many-to-many mapping, a two column primary key is defined. Both primary key columns are defined as foreign key columns in the referenced tables.
  • No primary key is required for work tables.
  • Primary key columns must be defined in Globally Unique Identifier (GUID) format. Default GUID's are created in the format [0-9,a-f](8-4-4-4-12).
XObjectKey

If objects are generated from the table through the object layer, the table must have an object key column. The object key (XObjectKey) is a unique key, which is capable of referencing every object in the database.

XObjectKey syntax:

<Key><T>TableName</T><P>PrimaryKeyOfRow</P></Key>

with:

  • TableName: table name
  • PrimaryKeyOfRow: primary key column's GUID
  • An additional <P>SecondPrimaryKeyOfRow</P> is used for two column primary keys.

Foreign key
  • The name of the foreign key column corresponds, as far as possible, to the name of the references table's primary key.
  • Foreign key columns are defined in GUID format.
  • A table is reference through the referenced table's primary key.
  • If the foreign key column is part of a many-to-all table, the column in the One Identity Manager schema is labeled with the option Part of key of many-to-all table (DialogColumn.IsMAllKeyMember).
Dynamic foreign key
  • You can use dynamic foreign keys if a reference is able to point to different tables. For example, a user account's manager (table ADSAccount.ObjectKeyManager) can be another user account (table ADSAccount) or a group (ADSGroup).
  • Dynamic foreign keys reference object key (XObjectKey of the permitted tables.
  • Permitted tables can be limited. All tables are permitted, if there are no restrictions.
  • A dynamic foreign key is labeled in the One Identity Manager schema with the option Dynamic foreign key column (DialogColumn.IsDynamicFK).
  • If the dynamic foreign key is part if a many-to-all table, the column in the One Identity Manager schema is labeled with the option Part of key of many-to-all table (DialogColumn.IsMAllKeyMember).

XDateInserted

The columns contain information about which users made changes at what times. The columns must always exist together.

XDateUpdated

XUserInserted

XUserUpdated
XTouched

This column contains an element's processing status. The process state is used for creating custom configuration packages.

XMarkedForDeletion

This column defines whether the object is marked for deletion. The columns exists when:

  • The deferred deletion function can be applied to the table.
  • The table is synchronized again a target system and pending objects can be handled.
XOrigin

In order to determine the origin of an assignment, a column XOrigin is defined in a many-to-many or a many-to-all table. The individual bit positions provide the origin of a membership.

For more detailed information about calculation, see the One Identity Manager Identity Management Base Module Administration Guide.

XIsInEffect
  • To discover whether an assignment is in effect, a column XIsInEffect is defined on an assignment table.
  • The column only exists if the number of assignments differs from the number of effective assignments.

    For example, if an employee is disabled, marked for deletion or classified as a security risk, inheritance of company resources can be prohibited for this employee. The group assignment is maintained, this assignment, however, will not be put in effect.

  • If column XIsInEffect is used, a column XOrigin must exist.

For more detailed information about calculation, see the One Identity Manager Identity Management Base Module Administration Guide.

XDateSubItem

This column contains the change date for dependencies and is required in order to take membership changes in a target system into account during synchronization and provisioning.

For more detailed information about synchronizing and provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.

General Advice for Editing Table and Column Definitions

  • The application and system data model table definitions are stored in the table DialogTable. These predefined One Identity Manager data model table properties are maintained by the schema installation and cannot be edited apart from a few properties.
  • Column definitions for application and system data model tables are kept in the table DialogColumn. Predefined column properties of the One Identity Manager data model are maintained through schema installation and cannot be edited apart from a few exceptions.
  • Use the program One Identity Manager to customize Schema Extension database model extensions. Schema extensions are added to the database using "Schema Extension" and the necessary extensions are made in the One Identity Manager data model.
  • Custom tables are published in the table DialogTable by the program Schema Extension when the schema is extended. You must customize the properties to suit your requirements in the Designer.
  • Custom columns are published in the table DialogColumn by the program Schema Extension when the schema is extended. You must customize the properties to suit your requirements in the Designer.
  • Run the consistency checks after the custom schema extensions and after changes to table and column definitions and apply the repair methods.
  • Some table and column modifications require recompiling the database.
  • Reports about system configuration and customization of tables and column properties can be found in the category Documentation.

Working with the Schema Editor

Working with the Schema Editor

You get a complete overview of the One Identity Manager data model in the Schema Editor. The editor is started from the program "Designer" and opens in the document view. Only additional Schema Editor functions are described in the following.

Menu Items

The following items are added to the menu bar when the editor starts.

Table 84: Menu Items Added by the Editor
Menu Menu Item Meaning
Schema Find table... Opens the search dialog.
Export SPML schema information... Opens the dialog for exporting SPML schema data.
Check for circular references Table dependencies are tested for circular references. This menu item is enabled is dependencies are displayed in the schema overview (menu Options | Dependencies).
Reload schema Updates the schema overview.
Options Data model Displays the entire One Identity Manager schema in the schema overview.
Dependencies Only displays dependencies in the schema overview.
Animate movements Navigates to the selected database table by scrolling the display.
Hide table relations Hides the relationships between database tables that are displayed in the schema overview.
Show disabled columns Shows/hides disabled columns. This setting applies to the schema overview and the simple schema view.
Show all columns Shows all the columns in the schema overview.
Hide small tables Hides the columns of small database tables in the schema overview (up to 20 columns).
Hide all columns Hides all the columns in the schema overview.
Save table layout Saves changes made to the table layout.
View properties Shows/hides the object edit view.
Select columns... Opens a dialog window for selecting columns to display in the simple schema view.
Help Help for the One Identity Manager schema. Opens the help on this topic.
Schema Editor help Opens the editor help.
Table 85: Meaning of Toolbar Icons
Icon Meaning
Shows entire data model.
Shows dependencies.
Exports SPML schema data.
Tests circular references. This menu item is enabled is dependencies are displayed in the schema overview (menu Options | Dependencies).
Searches for text.
Zooms in on the view.
Zooms out on the view.
Shows all the columns in the schema view.
Hides the columns of small database tables in the schema view (up to 20 columns).
Hides all the columns in the schema view.
Show disabled columns.
Update the view.
Related Documents