Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Special Functions for Displaying the Data Model

To display the data model

  • Select Options | Data model.

In this mode, you obtain an overview of all the database tables with their columns and table relations. A single mouse click on the connector opens the table relation properties in the edit view.

A table entry's tooltip contains the name of the table and the table's preprocessor conditions. A column entry's tooltip contains the name of the column, description, data type and the minimum and maximum length of the column.

A connector's tooltip shows the table relations. This tooltip contains the name of the tables that are related to it and the table relation properties.

Column entries are marked in the control with icons representing special properties.

Table 87: Meaning of the Icons
Icon Meaning
The column is a foreign key column (FK).
The column is a primary key column (PK).
The column is of data type "string" or "text".
The column is of data type "binary".
The column is of data type "Bool".
The column is of data type "int", "short" or "byte".
The column is of data type "double" or "decimal".
The column is of data type "date".

Special Functions for Displaying Dependencies

To display dependencies

  • Select Options | Dependencies.

Only tables with columns that have dependencies due to value templates are displayed. Tables and columns without dependencies are not shown.

The tooltip for a table entry contains the name of the table. The tooltip for the column entries contains the name of the column. If a column has a value template it is shown in the tooltip. If the column does not have a value template itself but is referenced by value templates belong to other columns then those columns are named in the tooltip.

When you select a column, the connections to other columns are highlighted in color. A tooltip shows the sender and subscriber relationship of the column dependencies. The tooltip contains the names of tables that refer to each other. The sender, subscriber and the part of the value template that gives the reason for the dependency are also shown.

Table 88: Meaning of Colors for Sender Subscriber Relations
Color Meaning
Blue Column is sender.
Red Column is subscriber.

Figure 17: Labeling Dependencies

Mapping Table Definitions

NOTE: The default configuration is moved to a configuration buffer during handling. You can retrieve changes from the configuration buffer and restore the default configuration in this way.

To edit table properties

  1. Select the category One Identity Manager Schema in the Designer.
  2. Select the table and start the Schema Editor with the task Show table definition.
  3. Edit the table properties.
Detailed information about this topic
Related Topics

Table Properties

Table 89: Table Properties




Name of the table in the data model.

Usage type

The table's usage type provides the basis for reports and the selection of tasks for daily maintenance.

Permitted values are:

Work tables The table is a work table and contains reference data.
Historical transaction data The table contains reference data to create histories.
Configurations The table contains data for the system configuration.
Materialized data The table contains materialized data. This is recreated through DBQueue Processor calculations.
Read-only data The table contains read-only data.
User data The table contains user data.

Display name

The display name is used, for example, to identify the table in a database search or for error output. Translate the given text using the button.

Display Pattern

The display template is used to specify the form in which objects will be represented in the administration tool result list. Translate the given text using the button.

Display pattern (custom)

Additional display pattern for individual tables containing the object's full name.

Hierarchy path

Enter the foreign key column that should be used as a basis for displaying tables hierarchically, for example, on assignment forms.


An Active Directory user account (table ADSAccount) is typically displayed on an assignment form below its Active Directory container (UID_ADSContainer). The Active Directory container (table ADSContainer) is, on the other hand, displayed underneath its Active Directory domain (column UID_ADSDomain). The path for the hierarchy structure is entered as follows:

Table Hierarchy path
ADSAccount UID_ADSContainer,UID_ADSDomain
ADSContainer UID_ADSDomain

An alternative list for objects that do not have values in all foreign keys, can be given by a pipe (|).




Spare text box for additional explanation.

Cache information

Caching behavior for tables in the Designer. This data is only required for system tables. Cache information for a table is composed of the sort order and loading behavior.

Permitted values are:

Do not load The table is not loaded in the Designer.
Base table The table is loaded before the user interface.
User table The table is only filled for the current user.
Data table The table is loaded in background after loading the user interface.
Load BLOBS Columns with larger data sets (BLOB columns) are loaded.

Preprocessor condition

Tables can have preprocessor conditions added. The table is therefore only available when the preprocessor condition is fulfilled.

Disabled by preprocessor

If a table is disabled by a preprocessor condition, the option is set by the Database Compiler.

Deferred deletion [days]

Delete operations are deferred (0 = delete immediately, other: delete after given number of days).


Icon representing the table in the administration tool interface.

Background color

Color, with which the control for this table is displayed in the schema overview.

Proxy view

The various target system tables are joined in database layers of type "Proxy" in the Unified Namespace. The table which serves as the proxy view is entered here. Columns of the underlying proxy view are then entered in the column definition.


The proxy view UNSRoot is used for mapping the tables ADSDomain and LDAPDomain.

Extensions to proxy view

List of columns as SQL text. These are used in the view's SELECT statement. To use if columns are mapped twice, for example, or if additional columns of the proxy view need to be filled.


The view UNSRoot expects the target system type as input in the column UID_DPRNameSpace. This column is not in the tables ADSDomain and LDAPDomain.

The proxy view extension is defined as follows:

Table Extension to proxy view
ADSDomain 'ADS-DPRNameSpace-ADS' as UID_DPRNameSpace
LDPDomain 'LDP-DPRNameSpace-LDAP' as UID_DPRNameSpace

Scope hierarchy

Comma delimited list of all FK columns that are required for displaying objects in the scope hierarchy in the Synchronization Editor. List of all columns that lead to tables made available by the parent object.

Logical disk store

The table's logical disk store. Associated tables are grouped together in logical disk stores. In the default installation, logical disk stores are predefined for the table in each module of the One Identity Manager and the system tables. You cannot change the assignments. You can create your own logical disk storage for grouping custom tables.

Export for SPML schema

This option determines whether the table should be exported for the SPML schema.

Many-to-many table

Label for assignment tables (many-to-many tables). Assignment tables are tables are used to create relations between two other tables.

Many-to-ajj table

Marks assignment tables, which have a dynamic foreign key as partner.

No DB Transport

Tables labeled with this option cannot be excluded from a custom configuration package. These tables are excluded from data transport.

Assign by event

Specifies how assignments and deletions are handled in tables. This option only applies to assignment tables (many-to-many tables) in the application data model.

If the option is not set, assignments and deletions are dealt with directly by the DBQueue Processor.

If the option is set, tasks for the process component "HandleObjectComponent" are placed in the Job queue, which then deal with the appropriate operations. This makes it possible to link specific processes directly to the "Assign" and "Remove" events. This behavior has to be implemented on a custom basis.

Retain in memory

Specifies whether the table contents for the data connection can be buffered. The threshold is defined in the configuration parameter "Common\ResidentTableLimit".


Table type.

Table 90: Permitted Values
Table types Description
Table The table type is used for simple tables, many-to-many tables, many-to-all tables and work tables.
Base table This table type is used for simple tables, many-to-many tables and many-to-all tables, to derive database views of type "View".
View This table type is used for database views of tables with type "base table". Database views with the type "View" represent partial sections of the underlying tables.

This table type is used for database view of tables with type "table" or for database view of type "View". Database views with the table type "proxy" are unions of different table views. The column definition is used to map the columns between a "Proxy" type view and the underlying table.

Union This table type is used for database view of tables with type "table" or for database view of type "View" or "proxy". Database views with the table type "Union" are views of the union of different tables and supply a grouping of different object types with the same context.
Read Only This table type is used for database view of tables with type "table" or for database view of type "View" or "proxy" or "Union". Views with the table type "read only" can be parts but also unions of the underlying tables.

Module GUID permitted

For more information, see Working with Module Globally Unique Modifiers.

Module GUID required

For more information, see Working with Module Globally Unique Modifiers.

Base table

Base table that the view is based on.

Condition for view definition

WHERE clause as database query for setting the database view.

Insert values

Specify default settings for a column that is assigned when a new data set is added. The values are entered in VB.Net syntax.

Selection script

Selection script as a VB.Net term, to determine during runtime whether the object passed belongs to the view.

Additional view definition

Name of an extension to the view definition.


Specifies whether the view definition extension is generated by the DBQueue Processor.


Database query as a SELECT statement for setting up the database view.

Several extensions for the view definition can be defined. The extensions are linked with each other with the Union operator.

Table scripts

Define actions that are executed before or after saving, loading or discarding an object. The values are entered in VB.Net syntax.

Statistic information

This is information about table sizes, row counts and basic record lengths that are determined once a day by the maintenance tasks. The data material can help to plan capacities and maintenance work on the database.


The Customizer contains special methods and has side effects on the table columns. Several Customizers can be defined for one table. Customizers execute processing, logic which is normally implemented in the object code, such as mutual exclusion of properties.

There are various Customizers contained in the One Identity Manager default installation, which provide specific behavior. Do not modify Customizers as error-free behavior of One Identity Manager would no longer be guaranteed.

Multicolumn uniqueness

Specifies columns that must be collectively unique. The columns are collected into a unique groups.

Unique group

Name of the group of columns with a unique total value.

Ignore empty values

Specifies whether empty values are permitted. If all the columns in one group are empty, group uniqueness cannot be tested. If this option is not set, empty values are permitted but only once for each column.

To prevent empty values, define a minimum column length in the column definition.

Parent tables

Comma delimited list of all foreign key columns required for displaying objects in the scope hierarchy in the Synchronization Editor. List of all columns that lead to tables made available by the parent object.

Condition for transport

Condition for selecting transportable objects. An empty condition means that all object are transferred.

Related Topics
Related Documents