Chat now with support
Chat with Support

Identity Manager 8.0 - User Guide for the User Interface and Default Functions

About this Guide Logging into One Identity Manager Tools User Interface of the One Identity Manager Tools
The User Interface Layout Status Bar Information Menu Items in the Manager Views in the Manager Current User Customizing Program Settings Using Help Detailed Information about the User Interface Limiting List Entries Searching for List Entries Using Custom Filters for the Database Search Displaying Advanced Properties of an Object Editing Multiple Objects Displaying Reports Configuring the Infosystem Committing Data on Change Conflicts
Analyzing Data from the Process Monitoring System Analyzing Historical Data with TimeTrace Scheduling Operations Activation Times Working in Simulation Mode Exporting Data Checking Data Consistency Working with Change Labels Error Search How To? - Quick guides

Displaying Logged Data Changes

Individual data changes to the process view are displayed in the document view in the form of a log.

To show recorded data changes:

  • To show all data changes that were run within a process, select the process in the process data form and click Show logs for this process in the context menu.
  • To show all data changes carried out by the current user, click in the process data form.
  • To show all of an object's data changes, select the object in the result list and click in the process data form.

The data changes log shows the following information.

Table 52: Information on data changes
Information Meaning
Change history This shows the affected object and the changed properties. To give a better overview, objects are grouped according to the table to which the dataset belongs.
Change date Time of action.
Changed by User who made the changes.
Old value Column value before the change.
New value Column value after the change.
Table 53: Meaning of icons in the log
Icon Meaning
Column
Table
Foreign key
Object

Use the following functions to further track data changes

  • Show a specific object from the change history

    Select the entry for the object in the log and click . Loads the object and opens the overview form.

  • Show a referenced object from the change history
    • Select the entry for the object in the log and click . The display switches to the originally referenced (old) object and the overview form is opened.
    • Select the entry for the object in the log and click . The display switches to the newly referenced object and the overview form is opened.
Related Topics

Analyzing Historical Data with TimeTrace

Use the TimeTrace function to track changes to an object that were made up to any point in the past. In its analysis, the TimeTrace function includes the data changes saved to the One Identity Manager database as well as the records stored in a One Identity Manager History Database. You can use this to find out who had which permissions at which point in time. You can apply historical data to the current object and restore the object to the status prior to the change.

Figure 40: Analyzing historical data

 

The prerequisite for using the TimeTrace is that data changes are logged within the process monitoring system. Data changes that are saved in the One Identity Manager database can be analyzed immediately. The One Identity Manager History Database must be declared in the One Identity Manager database if archived data is to be included in the TimeTrace function. Historical data is displayed in the TimeTrace view in the Manager.

Prerequisite for displaying the TimeTrace view:
  • The TimeTrace view is available only if the configuration parameter "Common\ProcessState" is enabled and the process for logging data changes is configured.
  • The current user must be able to access the program function "Option to show TimeTrace" (Common_TimeTrace) via their system user.

To link a History Database into a TimeTrace

  1. Select the category Base Data | General | TimeTrace databases in the Designer.
  2. Select the menu item Object | New.
  3. Enter the One Identity Manager History Database's name.
  4. Declare the Connection parameter .
    1. Open the connection data dialog box using the [...] button next to the text box.
    2. Enter the database connection data for the One Identity Manager History Database.
      Table 54: SQL Server Database Connection Data
      Data Description

      Server

      Database server.

      Windows authentication

      Specifies whether Windows authentication is used.

      This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      User

      Database user.

      Password

      Database user password.

      Database

      Database.

      Table 55: Oracle Database Connection Data
      Data Description
      Direct access (without Oracle client) Set this option for direct access.

      Deactivate this option for access via Oracle Clients.

      Which connection data is required, depends on how this option is set.

      Server Database server.
      Port Oracle instance port.
      Service name Service name.
      User Oracle database user.
      Password Database user password.
      Data source TNS alias name from TNSNames.ora.
    3. Click OK.
  5. Save the changes.

NOTE: Set the option Disabled to disable the connection at a later time. If a One Identity Manager History Database is disabled, it is not taken into account when determining change data in the TimeTrace.

Related Topics

Displaying Change Data

To display an object's change data:

  1. In the Manager, open the TimeTrace view by clicking View | TimeTrace on the menu.
  2. In the Manager, select the object.
  3. In the TimeTrace view, click to enable the change history for this object.
  4. Use the filter (time range) in the toolbar of the TimeTrace view to set the period for which you want to load the change data. The changes are identified from the One Identity Manager database and the related history databases.

    All change time stamps in the time frame that has been loaded are now shown in the overview below the timeline.

NOTE: To show changes to assignments for an object, such as a person's assignment to a department, or a resource's assignment to an organization, select the relevant assignment form from the task view.

In the TimeTrace view you can then also select a source for which you wish to show changes. There is an additional selection list Source in which you can select the relevant assignment or base object.

To select a change time stamp on the timeline:

  • Click a label below the timeline to show a part of the timeline in more detail.
  • Each change time stamp has a label showing the date and time. There is a tooltip for each change, showing which items of data were changed and by whom.
  • Select a change time stamp on the timeline or on the label.
  • If there are multiple change time stamps which are very close together, when you select a time stamp a context menu appears from which you can choose the specific change time stamp.
  • Click the timeline or use Ctrl + Mouse Wheel to zoom in/out of multiple change time stamps that are situated close together.

When you select a change time stamp in TimeTrace, the program's document view opens the object's master data form or the assignment form. Use the timeline or quick edit a label to choose if you want the object settings or assignments to be displayed in the master data form before or after the changes have been made.

If an object property has a historical value, this is indicated by an icon. A tooltip shows the current value of the property. Click Show this property's change history... from the context menu to display the recorded data for this property.

You can apply historical data to the current object and restore the object to the status prior to the change.

To apply the historic values:

  1. Click the icon in front of the changed property. The following information is displayed.
    Table 56: Properties for applying historical data
    Data Meaning
    Property These properties are changed when you apply the historical value. The changes are made immediately or through templates.
    New value Value of the property; the historical value will then be saved
    Old value Shows the current value of the property. This value is overwritten if the historical value is saved.
  2. Click Save.

Scheduling Operations Activation Times

Table 57: Configuration parameters for deferring operations
Configuration Parameter Meaning
Common\DeferredOperation Preprocessor-relevant configuration parameters to record deferred operations. If this parameter is enabled, you can defer running an operation. Changes to the parameter require recompiling the database.

To run operations later rather than immediately, you can set a run time for individual operations in the Manager. A run time can be scheduled for various operations. As well as the standard operations such as creating, changing and deleting an object, you can arrange for customized methods and events to be run. The DBQueue Processor checks for scheduled operations and triggers the operation to run when the set time is reached.

To schedule an activation time

  • Set the configuration parameter "Common\DeferredOperation" in the Designer and compile the database.
Detailed information about this topic
Related Documents