Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Database Views of Type "Proxy"

Database Views of Type “Proxy“

Database views with the table type "proxy" are unions of different table views. The column definition is used to map the columns between a "Proxy" type view and the underlying table. The DBQueue Processor calculates the actual view definition from the column mapping. This only takes into account tables that are not disabled by a preprocessor condition. Templates and formatting rules cannot be defined for columns in these views.

Views of type "Proxy" are primarily used for displaying the Unified Namespace. For example, the proxy view UNSRoot is used in the Unified Namespace to map the table ADSDomain or LDAPDomain.

The following information is displayed for a database view of type "Proxy".

Table 98: Properties for Defining a Database View of Type "Proxy"
Property Meaning
Table Name of the table in the data model.
Type Table type "Proxy".
Additional view definition

Database query generated as a SELECT statement for setting up the database view. View definition extensions are generated by the DBQueue Processor. The following are taken into account when generating:

  • Tables in which the database view is entered as the proxy view.
  • Columns that have a reference to a proxy view column.
  • Columns defined as extensions to the proxy view.

The extensions are linked with each other with the Union operator.

Condition for view definition Limiting condition as WHERE clause for setting up the database view.
Columns Database view columns.

Example

The following mappings are required to map ADSDomain in Unified Namespace to the database view USRoot.

  • The database view UNSRoot is entered as a proxy view in the table ADSDomain.
  • The columns of the table ADSDomain to be mapped in the Unified Namespace are given a reference to the corresponding columns in the proxy view.

    For example, the column Ident_Domain in the table ADSDomain is mapped to the column Ident_root of the proxy view UNSRoot.

  • Columns expected in the database view UNSRoot but do not exist in the table ADSDomain are entered as proxy view extensions in the table ADSDomain.

    For example, the view UNSRoot expects a target system type in the column UID_DPRNameSpace. This column is not in the tables ADSDomain. Thus 'ADS-DPRNameSpace-ADS' as UID_DPRNameSpace is entered as an extension to the proxy view in the table ADSDomain.

The DBQueue Processor generates the extended view definition from the data. The following statement is a excerpt from the generated extension.

select ... Ident_Domain as Ident_UNSRoot..., 'ADS-DPRNameSpace-ADS' as UID_DPRNameSpace from ADSDomain

Related Topics

Database Views of Type "Read-only"

Views with the table type "read only" can be parts but also unions of the underlying tables. Views with type "read only" are predefined. Templates and formatting rules cannot be defined for columns in these views.

Database views of type "read only" are mainly used to edit the user interface and for creating reports.

The following information is displayed for a database view of type "Read-only".

Table 99: Properties for Defining a Database View of Type "Read-only"
Property Meaning
Table Name of the table in the data model.
Type Table type "Read-only".
Additional view definition

Database query as a SELECT statement for setting up the database view.

Several extensions for the view definition can be defined. The extensions are linked with each other with the Union operator.

When you add a column, an entry is created in the table DialogColumn. When you delete a column, the entry is removed from the table DialogColumn.

Condition for view definition Limiting condition as WHERE clause for setting up the database view. The condition is attached to the view definition generated from the extension.
Columns Database view columns.
Related Topics

Mapping Column Definitions

NOTE: The default configuration is moved to a configuration buffer during handling. You can retrieve changes from the configuration buffer and restore the default configuration in this way.

To edit column properties

  1. Select the category One Identity Manager Schema in the Designer.
  2. Select the table and start the Schema Editor with the task Show table definition.

    NOTE: Select a table column in the Designer, then you can start the Schema Editor from the task Show column definition.

  3. Select the column in the Schema Editor and edit the column properties.
Detailed information about this topic
Related Topics

Column Properties

Table 100: Column Properties
Property Meaning
Table Name of the table to which the column belongs.
Column

Name of the table in the data model.

Display name

Language dependent column name for displaying in the administration tool’s user interface. Translate the given text using the button.

Comment Additional information about the column. The remarks are shown in the help function for each administration tool. Translate the given text using the button.
Disabled by preprocessor

If a column is disabled by a preprocessor condition, the option is set by the Database Compiler.

Preprocessor condition

You can add preprocessor conditions to columns. The column is therefore only available when the preprocessor condition is fulfilled.

NOTE: You can find an overview of existing preprocessor dependencies in the Designer in the category Database One Identity Manager Schema | Preprocessor dependencies.

Sort order

The sort order specifies the position for displaying the column on the generic form and the custom tabs of the default form. Columns with a value less than one are not displayed.

Group Group is used to display the column on general master data forms. A new tab is created for each group on the generic form.
Base column

If the table is of type "view" then the link to the base table is given here.

Example: The database view Department is a sunset of the base table Basetree. The columns of the table Basetree are entered as base columns.

Column Base column
Department.DepartmentName BaseTree.Ident_Org
Department.Description BaseTree.Description
Adjustment of permitted values list is not allowed Specifies whether permitted values can be customized for this column.
Defined list of values Marks whether the value in this column must correspond to the values in the List of permitted values, or are empty.
List of permitted values If a column is principally enabled for permitted values editing, that means the option Customizing permitted list not allowed is not set. If the option Defined list of value is set, then you can add to or extend a value list.
Defined bitmask Meaning of each bit position if the column contains a bitmask. The first bit in the definition start with the index 0.
Multilingual

Specifies whether this column can be given in multiple languages. Permitted values are:

Translation target The column content is displayed in translation.
Translation source The column supplies the translation.
#LD content The column has contents in #LD notation.

The combination of values determines the resulting translation.

Syntax

Syntax of Data in this column. The syntax type is used to give the One Identity Manager tools the appropriate syntax highlighting or input assistance. Permitted syntax types are:

HTML Input in HTML format
Picture Images
SQL.Query Full database queries
SQL.Special Special syntax for database queries
SQl.WhereClause WHERE clause for database queries
Text.Dollar Input in $ notation
UNC UNC paths
URL URL input
VB.Class Full class definitions
VB.Instruction "Value =" instructions
VB.Method Single methods or functions
XML Input in XML format
Number of decimal places This contains the number of decimal places used for displaying real and integer values. A value can be given to three decimal places, for example. Prices are given to two decimal places by default.

Date add-on

Additional information about displaying dates and times in the user interface.

Index weighting

Column weighting in indexing. This is used for the full text search index in the Web Portal. Increasing weighting results in a higher position in the search results.

If the value is less than or equal to "0", no indexing takes place. If the value is greater than "0", the data value is indexed. Columns to be index are given the weighting "1" in the default installation.

Table Lookup Support

Each value in these columns are prepared for fast table lookup support. The search is also supported by single values in MVP columns. The internal mapping of prepared data in done in the table QBMSplittedLookup.

Permitted values are:

  • Central user account (CentralAccount)
  • E-Mail Address (EMail)

You can extend the list of permitted values and customize the results.

The functionality can be used for finding a unique central user account, for example, or a unique default email address for an employee. Columns in the default installation, which are taken into account when mapping the central user account or an email address, are labeled with this property. The results are displayed in the views, QERCentralAccount and QERMailAddress.

Data type in database

Shows the .Net data type for the column. This is used internally and cannot be edited. The Net data types are mapped internally to SQL data types. If no value is given, the data type is taken from the database schema. Permitted syntax types are:

.Net Data Types Data type (SQL Server)

Data type (Oracle)

Binary image, binary, varbinary(max)

raw, blob

Bool bit

number (1, 0)

Byte Tinyint

 

Date datetime

date

Decimal decimal, numeric

number

Double float, real

number (38, 16)

Int Int

number (14, 0)

Long bigint

number (38, 0)

Short smallint

 

String nvarchar/varchar/nchar

varchar2

Text text

clob, nclob

Size in database Length of the column in the database
Primary key The primary key is given when the database is created.
UID column Specifies whether this is UID column. This option is only permitted for columns with the .Net data type "String" and length 38.
Default value Specifies whether a default value is defined for this column in the database schema.
BLOB value This option is used to label text columns whose data contents is so large that they cannot be kept internally in one line in the SQL sever and are therefore saved as a reference. This allows speedier access to the data.
Log changes Specifies whether changes to this column are logged.
Log changes when deleting Specifies whether the column is logged when an object is deleted.
Export for SPML schema This option determines whether the table should be exported for the SPML schema.
Not for export (XML export) This column is not exported in data transports. The property is taken into account when data is transported between database.
Not for import (XML import) This column is not imported in data transports. The property is taken into account when data is transported between database.
MVP column This is a MultiValuedProperty (MVP) whose individual values are separated by char(7) or chr(7).
Multiline

Specifies whether the column contents can consist of more than one line. Columns that are labeled with this option are displayed on a common form with multiline input fields.

Dynamic foreign key

Dynamic foreign keys reference object keys in another tables. The object key is made up of the table name and the value of the primary key of the actual object. Permitted tables can be limited. All tables are permitted, if there are no restrictions.

Column contains description One column with a description can be labeled with this option per table. The description is only displayed on user interface assignment controls.
Column contains hierarchy information

One column, which maps hierarchy information in readable form can be labeled with this option per table. The column is used for mapping the hierarchy to the mapping control elements in the user interface.

Part of primary key This column is part of the primary key
Part of alternative primary key Alternative primary keys are already specified in the default version, but the definition can be customized. Alternative primary keys are used for data transport amongst other things.
Part of the key of a many-to-many table (dynamic)

Labels the foreign key of an many-to-many table (dynamic). A (dynamic) many-to-many table's foreign key and dynamic key are identified with this option.

Display in Filter Designer The column is displayed in the Filter Designer or the Rule Editor for creating requests.
Recursive key This option specifies whether this column has a link to a parent object. This input is needed for displaying hierarchical tables. For example, the table ADSContainer contains a column UID_ParentADSContainer with a link to the parent Active Directory container. The column UID_ParentADSContainer is labeled with this option in order to display this hierarchical link on forms.
Encrypted

This option is used to specify whether the value in this column should be encrypted or not. When the database is encrypted the value in this column is encrypted.

NOTE: If you set this option on database columns, you must encrypt the database again. For more information, see the One Identity Manager Installation Guide.

Permissions not issued automatically Permissions for predefined permissions groups are not issued automatically for custom schema extension on a predefined table, even if the configuration parameter "Common\AutoExtendPermissions" is set.
Proxy view column If the column is used in a "Proxy" type view, the corresponding column in the view is entered here. For example, the column ADSDomain.DisplayName is mapped in the UNSRoot view to column RootObjectDisplay.
Remarks (custom) Spare text box for additional explanation.
Max. length Maximum length of the column. If the value is "0" the length is taken from the database schema.
Foreign key The column references an object in another table.
Min. length Minimum length of the column. The minimum length must be at least 1 or more for mandatory columns in the administration tools.
Column format Specify the format permitted for value in this column. You can control the permitted format for the column with formatting types and formatting scripts.
Overwrites Specifies whether the template can overwrite or not.
Template
  • Defines a value template for this column using other columns or a default value for the column. Write the script in VB.Net syntax which allows all VB.Net script functions to be used.

  • Threshold (abort)

    Limit for the number of objects changed by this template. Once this limit has been reached, processing is aborted with an error message.

    NOTE: If a ‘abort’ threshold value is given, it must be larger than the threshold for asynchronous processing.

    Threshold (asynchronous) Limit for the number of objects changed by this template. Once this limit has been reached, processing takes place synchronously with the One Identity Manager Service.
    No automatic truncation by template If the maximum length exceeded when applying a template, the value is not automatically truncated to the maximum column length if the option is set.
    Formatting script Formatting script for the column. Write the script in VB.Net syntax which allows all VB.Net script functions to be used.
    Custom template/formatting not permitted Specifies whether the default configuration can be changed by the user, for example, display name, templates and formatting rules.
    Average column length Information is determined once a day through the maintenance tasks. The data material can help to plan capacities and maintenance work on the database.
    Template changed (Only for internal use) indicates that the template was changed.
    No DB Transport Columns labeled with this option cannot be excluded from a custom configuration package. These columns are excluded from data transport.

    No log

    Specifies whether the column content is recorded in logs, for example, in the One Identity Manager Service log.

    Related Topics
    Related Documents