Templates
Value templates are implemented in the One Identity Manager for generating user data or for transforming values. You can use these templates to fill object properties with default values or to form property values from other properties. Value templates can take effect within an object as well as between objects. Value templates without dependencies take effect when the value is queried in the column and the column does not have a value assigned. Value templates that refer to other columns are affected when these columns change.
Value templates take effect without regard to the current rights situation.No explicit rights need to be assigned to the dependent columns. When value templates are in use, all the columns that are effected are therefore also loaded if they are not on the current form in the "Manager" program.
|
|
NOTE: You can get an overview of existing columns with value template in the category One Identity Manager Schema | Templates in Designer. |
Column dependencies due to value templates are mapped in the table DialogNotification. The connected properties are shown in the table as sender-subscriber pairs. The column that caused the change is the sender and the column that is changed because of it, is the subscriber. The object links are consolidated by the column relations. The entries are created when the value templates are compiled and updated.
You can see dependencies in the Schema Editor overview. To display dependencies you need to select the menu item Options | Dependencies. If a column contains a value template it is displayed in the tooltip. If the column does not have a value template itself but is referenced by value templates belong to other columns then those columns are named in the tooltip.
When you select a column, the connections to other columns are highlighted in color. A tooltip shows the sender and subscriber relationship of the column dependencies. The tooltip contains the names of tables that it refers to. The sender, subscriber and the part of the value template that gives the reason for the dependency are also shown.
| Color | Meaning |
|---|---|
| Blue | Column is sender. |
| Red | Column is subscriber. |
Figure 18: Sender Subscriber Relations Schema Editor
Detailed information about this topic
- Editing Value Templates
- Example of Local Value Templates within an Object
- Example of Value Templates across Objects
Related Topics
- Working with the Schema View
- Formats for Checking Values
- Permitted Column Values
- Column Dependencies for Setting Values
Editing Value Templates
You can customize predefined default value templates and create your own additional value templates. The default configuration is moved to a configuration buffer during handling. You can retrieve changes from the configuration buffer and restore the default configuration in this way.
|
|
NOTE: Remember to take performance into consideration when defining value templates. In certain circumstances, changes to a property could cause large numbers of dependent objects to be changed, saved and processes to be generated through a value template in overwrite mode. |
To create a value template
- Select the category One Identity Manager Schema in the Designer.
- Select the table and start the Schema Editor with the task Show table definition.
- Select the column and edit the following properties on the Value calculation tab:
Overwrites Specifies whether the template can overwrite or not. If this option is set, the value template is always applied. If the option is not set, the value template is only applied when the column is empty.
Template Template script. Write the script in VB.Net syntax which allows all VB.Net script functions to be used.
TIP: To display the column that trigger a template, click the link Triggers for this template. No automatic truncation by template Specifies whether the value is automatically truncated to the maximum column length if the maximum length is exceeded when applying a template. If this option is set, the value is not truncated to the maximum column length.
|
|
IMPORTANT: Compile the database to bring the value template into effect. |
Prevent change to column
You can use value templates to prevent users from changing columns that are filled by a value template. To do this, add the name of this column in the value template in $-notation. The value template now references itself. Any change to the column is immediately overwritten by the value template. Self-correcting value templates are only effective if the templates are labeled as "overwriteable".
Example:
The user should not be able to change an employee‘s central user account. This should be prevented by the value template.
- Define a custom value template for the column Person.CentralAccount.
- Set the option Overwrites.
- Extend the default value template with the following entry: ’$CentralAccount$.
’$CentralAccount$
If Not CBool(Session.Variables.Get("FULLSYNC")) Then
Value=VI_AE_BuildCentralAccount(GetValue("UID_Person").String,$Lastname$, $Firstname$)
End If
Limit template execution
To limit the number of objects changed by a value template you can define thresholds.
| Property | Meaning | ||
|---|---|---|---|
| Threshold (asynchronous) |
Maximum number of objects that can be changed by the value template. Once this limit has been reached, processing takes place synchronously with the One Identity Manager Service. | ||
| Threshold (abort) |
Once this limit has been reached, processing is aborted with an error message.
|
Related Topics
- Example of Value Templates across Objects
- Preprocessor Conditions in VB.Net Expressions
- Using Scripts
- Compiling a One Identity Manager Database
Example of Local Value Templates within an Object
The an employee's full name (Person.Internalname) will be derived from its surname (Person.Lastname) and first name (Person.Firstname). The value template for the column Person.Internalname looks like:
Value = $Lastname$ & ", " & $Firstname$
If the value template is labeled as "Overwrites" then each time Lastname changes a test is done to check for dependent columns that reference this value in a template. If this is the case, the value template is processed and the value is entered into the column Internalname. If the value template cannot overwrite, it only applies if there is no value in the column Internalname.
The columns Person.Lastname and Person.Firstname are the sender and the column Person.Internalname is the subscriber. The mapping for adding a database object in the table DialogNotification is:
person.lastname --> person.internalname
person.firstname --> person.internalname
Example of Value Templates across Objects
If a value template references a value from another object, it can be accessed using the FK relation.
Figure 19: Effect of Cross Object Value Templates
If, for example, the surname of a Active Directory user account (ADSAccount.Surname) is derived from the surname of an employee (Person.Lastname), enter the template for the column ADSAccount.Surname as follows:
Value = $FK(UID_Person),Person.Lastname$
If the employee’s surname changes, the last name of the Active Directory user changes, too. The column Person.Lastname is therefore the sender and the column ADSAccount.Surname is the receiver. The relation is mapped in the table DialogNotification as follows:
Person.Lastname --> ADSAccount.Surname