Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Permitted values for a column

To permit only certain values for a column, you must define a list with the permitted values. Once the column display name has been created, the list of permitted values is no longer valid. For some columns of the One Identity Manager schema, already permitted values are supplied when the schema is installed.

NOTE: You can only enter or extend a list of permitted values for a column if the option Customizing permitted values list is not allowed is not set.

To create a list of permitted values

  1. In the One Identity Manager, select Designer Schema.
  2. Select the table and start the Schema Editor with Show table definition.
  3. Select the column and then the Column properties view.
  4. Select the Column tab and enable Defined list of values.
  5. Click the [...] button next to the List of permitted values input field to open the input dialog.

  6. Click and enter the value and display name.

    NOTE: To edit a value, select the value and click . To delete a value, select the value and click .

  7. (Optional) Use or to specify the display order.
  8. (Optional) Translate the given text using the button.
  9. Click Save.

IMPORTANT: Compile the database to bring the list of permitted values into effect.

Example

The values internal and external should be permitted in the Spare field no. 01 input field for an employee. The list of permitted values is defined as followed:

1=internal 2=external

For an employee with the value 1, the display value internal is shown on the forms in Manager.

Display columns with permitted values in the Manager

A special control element is used in the Manager to display columns for which a list of permitted values has been defined. The control element is displayed as a simple input field if no list is defined. If a list is defined the control element is shown as a menu.

Figure 12: Input Field for List of Defined Values (with and without defined entries)

The control element is only available for columns on default predefined forms as well as custom columns (usually CustomProperty01-CustomProperty10).

Related Topics

Configuring columns for full-text search

Full-text searching uses an external search index, which returns an object key as result. The object key is used to run a search query in the database. This database search query takes the permissions of the logged in user into account during the search. A maximum of 1000 objects can be returned by through the search index.

The One Identity Manager full text search can be used in the Web Portal and in the Manager. For detailed information, see the One Identity Manager Web Portal User Guide and the One Identity Manager User Guide for One Identity Manager Tools User Interface.

  • Prerequisites for using full text search is an application server installed with the search service.
  • If you run the Web Portal directly over an application server installed with the search service, you can use the full text search immediately.
  • If you are working with the Web Portal and an application server without a search service installed or with a direct database connection, you will need to enter an application server with a search service in the Web Portal configuration file. Full text search is available in the Web Portal once this has been done.
  • To use full text search in the Manager, you must run the Manager over an application server with an installed search service.

For detailed information about installing an application server and configuring the Web Portal for full-text search, see the One Identity Manager Installation Guide.

The following applies for the configuration of the full text search:

  • If you want to index a table or a database view for the full text search, the XDateInserted, XDateUpdated and XObjectKey columns must be available.

  • Columns for full text searching must be weighted. A higher weighting yields a higher position in the search result. The default installation provides columns for the full-text search with a weighting of 1.
    Example

    The column Person.CentralAccount is weighted with the value 1. The column ADSAccount.SAMAccountName is weighted with the value 0.5. This results in the employee being listed before the user account in the full text search.

  • Only columns with the data types string or text can be included in the full-text search.

    Exception: Columns that contain a list of permitted values, can always be added to the full text search.

  • Columns from tables with the usage type Work tables or Historical transaction data cannot be included in the full-text search.

The search service indexes the following:

  • Column content
  • Foreign key column display value
  • Display values for lists of permitted values
  • Translation for every active language
  • Object display value, if the table's primary key column is configured for full text search

    The object's display value comes from the display pattern defined for the table. The display value's weighting comes from the table's primary key column weighting

    Example

    The column Person.UID_Person is configured for the full-text search. The display pattern of the table Person is defined as %InternalName% (%CentralAccount%).

    For the person Clara Harris, the disply value Clara Harris (CLARAH) is thus indexed.

The searched index is updates when changes are made to a table with indexed columns, to referenced tables or translations.

Certain important columns are already indexed for full text search in the default installation. You configure more columns for full text searching if you require.

To configure a column for full text search

  1. In the One Identity Manager, select Designer Schema.
  2. Select the table and start the Schema Editor with the task Show table definition.
  3. Select the column and then the Column properties view.
  4. Select the Column tab and edit the Index weighting property.
    • No indexing takes place if the value is less than or equal to 0.
    • The data value is indexed if the value is greater than 0.
Related Topics

Mapping dynamic foreign keys

Dynamic foreign keys are used if a reference can point to different tables. For example, the manager of a user account (<MMM>Account.ObjectKeyManagertable) can be another user account (<MMM>Account table) or a group (<MMM>Group table).

Dynamic foreign keys reference the object key (XObjectKey) of the permitted tables. Permitted tables can be limited. All tables are permitted, if there are no restrictions. Restrictions are stored in the table, DialogValidDynamicRef.

If you are defining custom dynamic foreign keys, at least one of the participating partners (dynamic foreign key column or referenced table) must be a custom object. It is not possible to extend predefined dynamic foreign keys by adding references to predefined tables.

To edit dynamic foreign keys

  1. In the One Identity Manager, select Designer Schema.
  2. Select the table and start the Schema Editor with the task Show table definition.
  3. Select the column and then the Column properties view.
  4. On the Miscellaneous tab, enter the following information.
    1. Set the option Dynamic foreign key.
    2. If the dynamic key is part of a many-to-all table, enable Part of key of many-to-all table.
  5. Enter the following information on the Valid reference tables by clicking next to Dynamic referenced tables and enter the following information:
    Table 29: Properties of dynamic foreign keys
    Property Description
    Table Table from which the object key is to be determined
    Only transport as group During data transports, the contents of the column are always transferred together with the contents of the referenced column.
    Parent relation constraint Constraint on the relation, for example, IR - Insert Restrict.
    Parent relation test instance

    This referential integrity should be checked by D - DLL, T - Trigger or N - Nothing.

    Triggers and constraints are implemented to monitor the database. The triggers and constraints are created automatically and modified as necessary taking the preset restrictions of the DBQueue Processor into account.

    Child relation constraint Constraint on the relation, for example, IR - Insert Restrict.
    Child relation test instance

    The referential integrity check should be carried out by a DLL (D), trigger (T) or nothing (N).

    Triggers and constraints are implemented to monitor the database. The triggers and constraints are created automatically and modified as necessary taking the preset restrictions of the DBQueue Processor into account.

Table 30: Permitted Restrictions for Testing Referential Integrity
Restriction Description
DeleteNotRestricted (D) Dependencies are not taken into account on deletion.
DeleteRestrict (DR) The object can only be deleted when no more references to other objects exist.
DeleteCascade (DC) All dependent objects are deleted when this object is deleted.
DeleteSetNULL (DS) When deleting the object, references to the object being deleted are removed from all dependent object (SetNULL).
InsertNotRestricted (I) Dependencies are not taken into account on insertion.
InsertRestrict (IR) Checks for the referenced object when the object is added.
Related Topics

Supporting file groups

One Identity Manager supports file groups to group tables together to help with administration, data assigning and data distribution. A distinction is made between logical disk stores and physical disk stores.

In the default installation, logical disk stores are predefined for the table in each module of the One Identity Manager and the system tables. You cannot change the assignments. You can create your own logical disk storage for grouping custom tables.

To define logical storage for custom tables

  1. In Designer, select One Identity Manager Schema | Logical disk stores.
  2. Select Object | New in the menu.
  3. Enter a name and description for the logical storage.
  4. Assign custom tables to the logical disk store.

  5. Select the View | Select table relations menu item and enable the DialogTable table. This shows the tab Tables for assigning tables.

You can link logical storage with physical storage - the file groups - in the One Identity Manager schema. If file groups are created on different data medium, you can use parallel accessing to enhance the performance of tables with high change rates. An example of this is tables for processing DBQueue Processor tasks or table for process handling.

NOTE: You cannot move the following groups into other file groups. If you do so, proper functioning of the One Identity Manager database cannot be guaranteed.

  • DialogColumn
  • DialogTable
  • DialogValidDynamicRef
  • QBMDBQueueTask
  • QBMDBQueueTaskDepend
  • QBMModuleDef
  • QBMModuleDepend
  • QBMRelation
  • QBMViewAddOn
  • QBMDiskStoreLogical
  • QBMDiskStorePhysical

The One Identity Manager supports the distribution of tables to file groups with a variety of database procedures that you execute in a suitable program for executing SQL queries in the database.

WARNING: Only carry out the following steps for implementing file groups, together with an experienced database administrator.

Ensure that the database cannot be access while file groups are being set up, for example, by the Job server, application server, web server, user interfaces, Web Portal. After restarting the DBQueue Processor, wait for all DBQueue tasks to be processed before reconnecting the database.

IMPORTANT: Select a user that you use for migrating the database to execute the SQL queries.

To distribute tables to file groups under SQL Server

  1. Create your file groups. For detailed information about this, see the documents for your currently installed version of SQL Server.
  2. Synchronize the file groups to the One Identity Manager database. Run the query below using a suitable program for executing SQL queries in the database.

    exec QBM_PDiskStorePhysicalSync

  3. Assign physical storage to logical storage in the Designer.
    1. In Designer, select One Identity Manager Schema | Logical disk stores.
    2. Select the logical disk store and in the Properties view, select the file group under Physical disk store.

    3. Select Database | Save to database and click Save.

  4. Disable processing of DBQueue Processor tasks and process handling. Run the queries below using a suitable program for executing SQL queries in the database.

    exec QBM_PWatchDogPrepare 1

    exec QBM_PDBQueuePrepare 1

  5. Move the tables into the configured file groups. Run the query below using a suitable program for executing SQL queries in the database.

    exec QBM_PTableMove

  6. Reactivate the DBQueue Processor. Run the queries below using a suitable program for executing SQL queries in the database.

    exec QBM_PDBQueuePrepare 0,1

    exec QBM_PWatchDogPrepare

Related Documents