Properties of Process Components, Process Tasks and Parameter Templates
| Property | Meaning | ||
|---|---|---|---|
| Display name | Name of component for displaying. | ||
| Component class | Component class. | ||
| Assembly name | Name of the component. | ||
| Description | Description of component functionality. | ||
|
Remarks |
Additional remarks about the process component. | ||
| Max. instances |
This value specifies the maximum number of instances in which this process component is allowed to run in a queue in the Job server. Permitted values:
| ||
| Configuration | Definition of possible additional options for the component in XML syntax. |
| Property | Meaning |
|---|---|
| Name | Name of the process task. |
| Operating system class | Specifies the operating system on which the process task can be run. Permitted values are "Win32", "Linux" and "ALL" where the value "ALL" specifies that this process function can be run on any operating system. |
| Execution type |
The execution type specifies whether the process components for the process task should be executed in by One Identity Manager Service (internal) or in its own process (external). |
| Description | Description of the process task. |
| Max. instances |
This value specifies the maximum number of instances that can be run by One Identity Manager Service in parallel per process task. Permitted values:
|
| Last step in the partial process tree | Specifies whether a process task is principally marks the end of a partial process tree. |
| Component | Process component to which the process function belongs. |
|
Direct database connection required |
Specifies whether a process task requires a direct database connection. |
|
Exclusive per object |
Specifies whether execution of the process task is done exclusively per object. If this option is set, only one specific object is ever executed for a process step with this process function. There is no parallel processing. |
| Property | Meaning |
|---|---|
| Name | Name of the parameter. |
| Value template | Default template for finding values. When a parameter is added to a process step, the value template is taken from the parameter template. Define value templates in VB.Net syntax. |
| Value template (example) | Example of the value template. |
| Description | Description of the parameter. |
| Type |
The values IN, OUT and INOUT are permitted. Parameters of type OUT and INOUT are parameters which a process component can use to output a value. This value is then available to subsequent process steps in the process and can be used as a value for IN parameters. |
| Optional | Labels parameter as a mandatory or optional parameter. |
| Hidden |
This option specifies whether the parameter is shown in the One Identity Manager Service log file and in the program "Job Queue Info". Values for hidden parameters are shown as <HIDDEN>. Only "viadmin" system users have access permission to see these parameters in Job Queue Info. |
| Encrypted | This option specifies whether the parameter is encrypted when it is passed. |
| Contains encrypted components | Specifies whether encrypted sequences are contained in this value. |
| Process task | Process task to which the parameter belongs. |
Tracking Changes with Process Monitoring
With the One Identity Manager it is possible to create a change history for objects and their properties.This can be used to fulfil reporting duties for internal committees and legal obligations for providing documentary evidence. Different methods can be used to track changes within the One Identity Manager. With this combination of methods, all changes that are made in the One Identity Manager system can be traced.
- Recording changes to data
Data changes can be recorded for add or delete operations on objects and up to and including changes to individual object properties.
- Recording process information
Recording process information allows all processes and process steps to be tracked while being processed by One Identity Manager Service.
- Recording Messages in the Process History
In the process history, success and error messages from handling each process step in the Job queues are recorded by the One Identity Manager Service.
All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25%. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived. For more information about archiving data, see the One Identity Manager Data Archiving Administration Guide.
Detailed information about this topic
- Basics for Process Monitoring
- Logging Data Changes
- Logging Process Information during Process Handling
- Recording Messages in the Process History
- Archiving and Deleting Recordings
Basics for Process Monitoring
| Configuration parameter | Effect |
|---|---|
| Common\ProcessState | Process monitoring can be configured if the configuration parameter is set. The data is displayed in the Manager process view. |
To use process monitoring in One Identity Manager.
- Set the configuration parameter "Common\ProcessState".
- You can control the extent of the logging using the configuration settings for each method.
The methods implemented by the One Identity Manager allows all modifications to the system that are triggered by a user action to be monitored. Each action in One Identity Manager is labeled with a unique ID number. This ID number is called a GenProcID. All changes that can be traced back to the same cause are given the same GenProcID and are grouped in this way. If a previously stored action does not pass a GenProcID to the current action, a new ID is automatically created.
If an action is triggered from the One Identity Manager’s object layer the GenProcID is written to the context data of the database connection. The logged in user is also noted in the context data and is made available in this way.
A new GenProcID is generated by the trigger if an action takes place directly in the database or through an application that works without the One Identity Manager object layer. This GenProcID is valid for the duration of the database connect, which means that all changes belong to the same action and link to the same GenProcID. The user data is made up of the database user’s name, the MAC address and the workstation name as well as the application name.
All actions (process triggers) that cause changes to the system, and their actual status information are logged internally in the status table DialogProcess. Logging takes place independent of the chosen change history method. This log writing therefore provides a starting point for monitoring and allows the changes based on one action to be grouped together.
The following information is recorded for one action:
- ID number (GenprocID)
- Display name for the action
- Base object that the action is triggered for
- User that triggered the action
- Time of action
- Object key for selecting the process trigger
- Comment on the action
- Current process status
|
|
NOTE: The information is displayed in the Manager’s process view. For more information, see the One Identity Manager User Guide for One Identity Manager Tools User Interface and Default Functions. |
Detailed information about this topic
Logging Data Changes
| Configuration parameter | Effect |
|---|---|
| Common\ProcessState | Process monitoring can be configured if the configuration parameter is set. The data is displayed in the Manager process view. |
| Common\ProcessState\PropertyLog | When this configuration parameter is set, changes to individual values are logged and shown in the process view. |
|
Common\ProcessState\PropertyLog\ |
If this configuration parameter is set, the most important columns of the One Identity Manager schema to monitor are labeled for logging. |
| Common\ProcessState\PropertyLog\ AutoTrackAlternatePK |
If the configuration parameter is set, properties are logged even if parts of an alternative key change. This only applies for tables that are transportable and where at least one property is labeled for logging. This configuration parameter only affects system components. |
| Common\ProcessState\PropertyLog\ AutoTrackAlternatePK\PayLoad |
If the configuration parameter is set, properties are still logged even if parts of an alternative key change. This only applies for tables that are transportable and where at least one property is labeled for logging. This configuration parameter only has an effect on user components. |
Add, change and delete operations can be recorded for objects. The trigger GenProcID is passed as well, so that the changes to one object can be grouped together.
|
|
NOTE: Displaying an object's change history is done in the Manager process view. For more information, see theOne Identity Manager User Guide for One Identity Manager Tools User Interface and Default Functions. |
The following prerequisites are required to log data changes:
- Set the configuration parameter "Common\ProcessState" in the Designer.
- Set the configuration parameter "Common\ProcessState\PropertyLog" in the Designer.
- Label columns for which changes will be logged.
- Label columns to be logged when an object is deleted.
|
|
TIP: If the configuration parameter "Common\ProcessState\PropertyLog\AllDefaultPropertiesForModel" is set, One Identity Manager schema columns labeled for logging changes and deletions. Define which columns are affected in the table QBMVDefaultHistoryColumns. |
To log a column
- Select the category One Identity Manager Schema in the Designer.
- Select the table and start the Schema Editor with the task Show table definition.
- Select the column and select the tab More.
- To log changes to data in the column, set the option Log changes.
-
To log the deleting data in the column, set the option Log changes when deleting.
The data changes are stored in the tables DialogWatchOperation and DialogWatchProperty. An entry is also created in the status table DialogProcess for the triggering action.
The following information is collected for these operations:
- Adding an object
When a new object is added, the object key, object display name, date of insertion and user are logged.
- Changing an object
When a column is changed the old value, change date and user are logged. Changes to properties that belong to the alternative foreign key are recorded depending on the configuration parameters "Common\ProcessState\PropertyLog\AutoTrackAlternatePK" and "Common\ProcessState\PropertyLog\AutoTrackAlternatePK\PayLoad".
- Deleting an object
When an object is deleted, the columns to be logged an all primary key columns are logged. The value, deletion date and user are logged.