Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Data Retrieval using Multiple Object History

Use data queries with the query module "Multiple object history" to create reports about multiple objects with historical data that have additional restricting criterion, for example all employees with the last name "Miller".

Table 299: Properties of Data Source Multiple Object History
Property Meaning
Name Name of the data source.
Description Description of data source.
Query module Select the query module "Multiple object history".
Table Select the table to find the object in.
Min. date or time period

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all the effected entries in the history database are found. Add these parameters subsequently to the report by entering them on the tab Parameters.

Criteria column Column in the table for limiting the numbers of objects even more.
Criteria value

The value of the criteria column can be queried directly or by parameter. Add these parameters subsequently to the report by entering them on the tab Parameters.

The data query returns the following columns.

Table 300: Columns from a Data Query using Single Object History
Column Meaning
ChangeID Unique identifier (UID) for the record.
ObjectKey Object key or the record.
ObjectUID Unique identifier (UID) for the modified objects.
User Name of user that caused the change.
ChangeTime Time of change
ChangeType Type of change (Insert, Update, Delete).
Columnname Name of column whose value has changed.
ColumnDisplay Display name of column whose value has changed
OldValue Old column value.
OldValueDisplay Old column display value. Only if the option Resolve foreign key is set.
NewValue New column value.
NewValueDisplay New value display value. Only if the option Resolve foreign key is set.
Example

A history of all employees with the last name "Miller" should be created. The report data can be defined in the following way:

Table: Employee
Min. Date: MinDate
Criteria column: Lastname
Criteria value: Miller
Related Topics

Data Retrieval using Historical Assignments

Use data queries with the type "historical assignments" to create reports with historical data from object assignments, for example, employee role memberships. This type is used for queries using foreign key relations as well as though assignment tables (many-to-many tables).

Table 301: Properties of Data Source Historical Assignments
Property Meaning
Name Name of the data source.
Description Description of data source.
Query module Select the query module "Historical assignments".
Parent query In a parent query, restrictions are applied to the data record that are passed on to subsequent queries, all members of a department, for example. Parameters that are defined in the parent query are also available in subsequent queries.
Table Table for the assignment.
Min. date or time period

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all the effected entries in the history database are found. Add these parameters subsequently to the report by entering them on the tab Parameters.

Criteria column Column in the table for linking to the base object.
Criteria value

The value of the criteria column can be queried directly or by parameter. Add these parameters subsequently to the report by entering them on the tab Parameters. Columns in a parent query are formatted with the following syntax:

<parent query name>.<parent query column>

Disabling columns

Certain tables contain columns that can disable an object, for example, the column AccountDisable in the table ADSAccount. Enter these column if an assignment should be labeled as "deleted" when disabled and "Added" if enabled.

Additional object columns Enter the columns from the table that should also be available in the report.

The data query returns the following columns.

Table 302: Columns from a Data Query using Historical Assignments
Column Meaning
BaseKey Object key for assignment base object.
BaseUID Base object unique identifier.
ObjectKey Assignment object key.
DestinationKey Object key for assignment target object.
DestinationUID Target object unique identifier.
Display Target object display value.
CreationUser User that created the assignment.
CreationTime Time of assignment.
DeletionUser User that deleted the assignment.
DeletionTime Time of deletion.
Type More detailed specification of the assignment, for example, assignment table name or target system type.
Related Topics

Data Query for Simulation Data

To select simulation data generated during simulation in the Manager or Manager in a report, use the following query modules:

  • Front-end simulation result

    You can apply this query module to all parts of a simulation excluding rule violation analysis.

  • Front-end simulation result for compliance

    You can apply this query module to publish the rule violation analysis in the report.

Table 303: Data Source Front-End Simulation Result Properties
Property Meaning
Name Name of the data source.
Description Description of data source.
Query module Select the query module "Front-end simulation result".
Parent query Not used.
Simulation analysis Defines which part of the simulation analysis is shown in the report. For more information, see Table 304.
Table 304: Simulation Analysis Type
Type Description
Overview Shows which actions were triggered through changes made during the simulation in an overview.
Changed object Shows objects and their properties affected by the changes made during simulation.
DBQueue Shows the calculation tasks for the rDBQueue Processoresulting from changes made during simulation.
Trigger changes Shows all changes made to objects during simulations due to triggering.
Generated process Shows processes and process steps generated during simulation due to the changes.
Table 305: Data Source Front-End Simulation Result for Compliance Properties
Property Meaning
Name Name of the data source.
Description Description of data source.
Query module Select the query module "Front-end simulation result".
Parent query Not used.

Editing Report Parameters

A report can contain several parameters that are determined when the report is created or when an email notification is generated and passed to the report. The generated report is then displayed or send by email to the subscriber corresponding to the report subscription set up. The user can query the report parameters before the report is displayed. This means, you can, for example, limit the time period or pass specific departments for displaying the report.

Report parameters are grouped internally into parameter sets. A separate parameter set is automatically created for very report, every subscribable report and every report subscription. The parameters and their settings are passed down in the sequence report->subscribable report->report subscriptions.

Figure 50: Report Parameter Inheritance

You can configure report parameters at several places.

Parameters for Reports

Define the report parameters to use when you create the report in the Report Editor. This is where you specify which report parameters are viewable or writable and which are already predefined in a subscribable report.

Parameters for Subscribable Reports

When you add a subscribable report viewable parameters are displayed in the Manager. You can make further changes to these report parameters assuming they can be overwritten. That means, you specify which report parameters can be viewed or overwritten by Web Portal users and define parameter values.

Parameters for Report Subscriptions

Report parameters labeled as viewable and editable in subscribable reports, are shown to Web Portal users when they are setting up their personal report subscriptions. If the report parameters are editable, Web Portal users can modify the values in them.

NOTE: You must define all report parameters in the report that are to be available to users, for example, when the report is displayed, when subscribable reports are generated in the Manager or in Web Portal report subscriptions.

To edit report parameters

  1. Select the Parameters tab in the properties dialog box.
  2. Select the report parameter from Defined queries.

    - OR -

    Click Add.

    Creates a new report parameter.

  3. Edit the report parameter properties.

To delete a report parameter

  1. Select the Parameters tab in the properties dialog box.
  2. Select the report parameter from Defined queries.
  3. Click Delete.
Detailed information about this topic
Related Documents