Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Table properties

Table 31: Table Properties

Property

Description

Table

Name of the table in the data model.

Usage type

The table's usage type provides the basis for reports and the selection of tasks for daily maintenance.

Permitted values are:

Work tables The table is a work table and contains transaction data.
Historical transaction data The table contains transaction data to create histories.
Configuration The table contains data for the system configuration.
Materialized data The table contains materialized data. This is recreated through DBQueue Processor calculations.
Read-only data The table contains read-only data.
User data The table contains user data.

Display name (plural)

Displays table name. The display name is used, for example, to identify the table in a database search or error output. Translate the given text using the button.

Display name (singular)

Display name for a single record in the table. Translate the given text using the button.

Display template

The display template is used to specify the form in which objects will be represented, for example in the administration tool result list or in reports. Translate the given text using the button.

NOTE: You do not need to enter a display template for many-to-many tables. For these tables, the viDB.DLL forms the display template from the foreign keys.

Display template (long)

Additional display template for individual tables containing the object's full name.

Hierarchy path

Enter the foreign key columns here that should be used as a basis for displaying tables hierarchically, for example, on assignment forms.

Example:

An Active Directory user account (table ADSAccount) is typically displayed on an assignment form below its Active Directory container (UID_ADSContainer). The Active Directory container (table ADSContainer) is, on the other hand, displayed underneath its Active Directory domain (column UID_ADSDomain). The path for the hierarchy structure is entered as follows:

Table Hierarchy path
ADSAccount UID_ADSContainer,UID_ADSDomain
ADSContainer UID_ADSDomain

An alternative list for objects that do not have values in all foreign key columns can be given after a pipe (|).

Example:

(UID_ADSContainer,UID_ADSDomain|UID_ADSDomain)

Remarks

Spare text box for additional explanation.

Cache information

Loading behavior for tables in the Designer. This data is only required for system tables. Cache information for a table is composed of the sort order and loading behavior.

Permitted values are:

Do not load The table is not loaded in the Designer.
Base table The table is loaded before the user interface.
User table The table is only filled for the current user.
Data table The table is loaded in the background after the user interface is loaded.
Load BLOBS Columns with larger data sets (BLOB columns) are loaded.

Preprocessor condition

You can add preprocessor conditions to tables. The table is therefore only available together with its columns when the preprocessor condition is fulfilled.

Disabled by preprocessor

If a table is disabled by a preprocessor condition, the option is set by the Database Compiler.

Deferred deletion [days]

Delete operations are deferred (0 = delete immediately, other: delete after given number of days).

Icon

Icon representing the table in the administration tool interface.

Background color

Color used to display the control for this table in the schema overview.

Proxy view

The various target system tables are joined together in Proxy type database views in theUnified Namespace. The table used as the proxy view is entered here. Columns of the underlying proxy view are then entered in the column definition.

Example:

The proxy view UNSRoot is used to map the tables ADSDomain and LDAPDomain.

Extensions to proxy view

List of columns as SQL text. These are used in the view's SELECT statement. To be used if columns are mapped twice, for example, or if additional columns of the proxy view need to be filled.

Example:

The view UNSRoot expects the target system type as input in the column UID_DPRNameSpace. This column is not in the tables ADSDomain and LDAPDomain.

The proxy view extension is defined as follows:

Table Extension to proxy view
ADSDomain 'ADS-DPRNameSpace-ADS' as UID_DPRNameSpace
LDPDomain 'LDP-DPRNameSpace-LDAP' as UID_DPRNameSpace

Scope hierarchy

Comma delimited list of all foreign key columns required for displaying objects in the scope hierarchy in the Synchronization Editor. List of all columns that lead to tables made available by the parent object.

Logical disk store

The table's logical disk store. Associated tables are grouped together in logical disk stores. In the default installation, logical disk stores are predefined for the table in each module of the One Identity Manager and the system tables. You cannot change the assignments. You can create your own logical disk storage for grouping custom tables.

Export for SPML schema

This option determines whether the table should be exported for the SPML schema.

Many-to-many table

Label for assignment tables (many-to-many tables). Assignment tables are tables used to create relations between two other tables.

Many-to-all table

Marks assignment tables, which have a dynamic foreign key as partner.

No DB Transport

Tables labeled with this option cannot be excluded from a custom configuration package. These tables are excluded from data transport.

Assign by event

Specifies how assignments and deletions are handled in tables. This option only applies to assignment tables (many-to-many tables) in the application data model.

If the option is not set, assignments and deletions are dealt with directly by the DBQueue Processor.

If the option is set, tasks for the process component HandleObjectComponent are set up in the Job queue. These tasks then carry out the relevant operations. This makes it possible to link specific processes directly to the Assign and Remove events. You must implement this behavior on a custom basis.

Retain in memory

Specifies whether the table contents for the data connection can be buffered. The threshold is defined in the configuration parameter Common | ResidentTableLimit.

Type

Table type. For more information, see Table types in One Identity Manager.

Module GUID permitted

For more information, see Working with a Globally Unique Identifier module.

Module GUID required

For more information, see Working with a Globally Unique Identifier module.

Base table

Base table that the view is based on.

Condition for view definition

WHERE clause as database query for setting the database view.

Insert values

Specify default settings for a column that is assigned when a new data set is added. The values are entered in VB.Net syntax.

Selection script

Selection script as a VB.Net term, to determine during runtime whether the object passed belongs to the view.

Additional view definition

Name of an extension to the view definition.

Generated

Specifies whether the view definition extension is generated by the DBQueue Processor.

Query

Database query as a SELECT statement for setting up the database view.

Several extensions for the view definition can be defined. The extensions are linked to each other internally with the Union operator.

Table scripts

Define actions that are executed before or after saving, loading or discarding an object. The values are entered in VB.Net syntax.

Statistics information

This is information about table sizes, row counts and basic record lengths that are determined once a day by the maintenance tasks. The data material can help to plan capacities and maintenance work on the database.

Customizer

The Customizer contains special methods and has side effects on the table columns. Several Customizers can be defined for one table. Customizers execute processing logic which would normally be implemented in the object code, such as mutual exclusion of properties.

The One Identity Manager default installation contains various customizers which provide specific behaviors.

Multicolumn uniqueness

If there is a column combination for a table that needs to be unique, you define multi-column uniqueness in Designer. The columns are collected into a unique groups.

Unique group

Name of the unique group of columns.

Ignore empty values

Specifies whether empty values are permitted in a unique group. If all the columns in one group are empty, group uniqueness cannot be tested. If this option is not set, empty values are permitted but only once for each column.

NOTE: To prevent empty values, define a minimum column length in the column definition.

Condition for transport

Condition for selecting transportable objects. An empty condition means that all object are transferred.

Related Topics

Column properties

Table 32: Column Properties
Property Description
Table Name of the table to which the column belongs.
Column

Name of the column in the data model.

Display name

Language-dependent column name for displaying in the administration tools user interface. Translate the given text using the button.

Comment Additional information about the column. The comment is displayed under the help function for a column in the individual administration tools. Translate the given text using the button.
Disabled by preprocessor

If a column is disabled by a preprocessor condition, the option is set by the Database Compiler.

Preprocessor condition

You can add preprocessor conditions to columns. The column is therefore only available when the preprocessor condition is fulfilled.

NOTE: You can find an overview of existing preprocessor dependencies in Designer in One Identity Manager Schema | Preprocessor dependencies.

Sort order

The sort order specifies the position for displaying the column on the generic form and the custom tabs of the default form. Columns with a value less than 1 are not displayed on the forms.

Group Group is used to display the column on general master data forms. A new tab is created for each group on the generic form.
Base column

If a database view has the View table type, the reference to the column in the base table is entered here.

Example:

The Department database view is part of the Basetree base table. The columns of the Basetree table are entered as base columns.

Column Base column
Department.DepartmentName BaseTree.Ident_Org
Department.Description BaseTree.Description
Adjustment of permitted values list is not allowed Specifies whether permitted values can be customized for this column.
Defined list of values Marks whether the value in this column must correspond to the values in the List of permitted values, or are empty.
List of permitted values If a column is enabled for editing the permitted values (that is, the Customizing permitted values list is not allowed option is not set and the Defined list of values option is set), you can add to or extend a value list.
Defined bitmask Meaning of each bit position if the column contains a bitmask. The first bit in the definition start with the index 0.
Multilingual

Specifies whether this column can be given in multiple languages.

Permitted values are:

Translation target The column content is displayed in translation.
Translation source The column supplies the translation.
#LD content The column has contents in #LD notation. The contents are extracted for translation.

Without fallback translation source

The text store is not used as fallback for the column.

The combination of values determines the resulting translation.

Syntax

Syntax type of data in this column. The syntax type is used to give the One Identity Manager tools the appropriate syntax highlighting or input assistance.

Permitted syntax types are:

HTML Input in HTML format
Picture Images
SQL.Query Full database queries
SQL.Special Special syntax for database queries
SQl.WhereClause WHERE clause for database queries
Text.Dollar Input in $ notation
UNC UNC paths
URL URL input
VB.Class Full class definitions
VB.Instruction Value = Instructions
VB.Method Single methods or functions
XML Input in XML format
Number of decimal places

Number of decimal places used to display values.For more information, see Defining decimal places for displaying values.

Date add-on

Additional information about displaying dates and times in the user interface.

Index weighting

Column weighting in indexing. Used for indexing the full-text search. Increasing weighting results in a higher position in the search results.

If the value is less than or equal to 0, no indexing takes place. If the value is greater than 0, the data value is indexed. Columns to be indexed are assigned a weighting of 1 in the standard installation.

Table Lookup Support

Each value in these columns is prepared for fast table lookup support. The search is also supported by single values in MVP columns. The internal mapping of prepared data in done in the table QBMSplittedLookup.

Permitted values are:

  • Central user account (CentralAccount)
  • E-Mail Address (EMail)

You can extend the list of permitted values and customize the results.

The functionality can be used for finding a unique central user account, for example, or a unique default email address for an employee. In the default installation, columns that are taken into account when the central user account or an email address are mapped are labeled with this property. The results are shown in the QERCentralAccount and QERMailAddress database views.

Data type in database

Shows the .Net data type for the column. This is used internally and cannot be edited. The Net data types are mapped internally to SQL data types. If no value is given, the data type is taken from the database schema.

Permitted syntax types are:

.Net Data Types Data type (SQL Server)
Binary image, binary, varbinary(max)
Bool bit
Byte Tinyint
Date datetime
Decimal decimal, numeric
Double float, real
Int Int
Long bigint
Short smallint
String nvarchar/varchar/nchar
Text text
Size in database Length of the column in the database.
Primary key The primary key is given when the database is created.
UID column Specifies whether this is UID column. This information is only permitted for columns with the .Net data typestring and a length of 38 characters.
Default value Specifies whether a default value is defined for this column in the database schema.
BLOB value This option is used to label text columns whose data contents is so large that they cannot be kept internally in one line in the SQL sever and are therefore saved as a reference. This allows speedier access to the data.
Log changes Specifies whether changes to this column are logged.
Log changes when deleting Specifies whether the column is to be logged when an object is deleted.
Export for SPML schema Specifies whether the table is to be exported for the SPML schema.
Not for export (XML export) This column is not exported in data transports. The property is taken into account when data is transported between databases.
Not for import (XML import) This column is not imported in data transports. The property is taken into account when data is transported between databases.
MVP column This column is a multi-valued-property (MVP) containing individual value entries that are separated by char(7) or chr(7).
Multiline

Specifies whether the column contents can consist of more than one line. Columns that are labeled with this option are displayed on a generic form with multiline input fields.

Dynamic foreign key

Dynamic foreign keys refer to the object key in other tables. The object key comprises the table name and the values of the primary key of the actual object. Permitted tables can be limited. All tables are permitted, if there are no restrictions.

Column contains description One column with a description can be labeled with this option per table. The description is only displayed on user interface assignment controls.
Column contains hierarchy information

One column which maps hierarchy information in readable form can be labeled with this option per table. The column is used to map the hierarchy to the user interface assignment controls.

Part of primary key This column is part of the primary key.
Part of alternative primary key Alternative primary keys are already specified in the default version, but the definition can be customized. Alternative primary keys are used for data transport amongst other things.
Part of the key of a many-to-all table

Identifier of the foreign key of a many-to-all table The foreign key and the dynamic foreign key of a many-to-all table are identified with this option.

Show in wizards Indicates whether the column in Rule Editor for compliance rules for creating queries and in tabular overviews in Web Portal is available for display.
Recursive key

This option specifies whether this column has a link to a parent object. This input is needed for displaying hierarchical tables.

Example:

In the ADSContainer table, the UID_ParentADSContainer column contains the reference to the parentActive Directory container. The UID_ParentADSContainer column is labeled with this option in order to display this hierarchical link on forms.

Encrypted

This option is used to specify whether the value in this column should be encrypted or not. When the database is encrypted the value in this column is encrypted.

NOTE: If you set this option on database columns, you must encrypt the database again. For more information, see the One Identity Manager Installation Guide.

Permissions not issued automatically For custom columns in a predefined table, permissions are not automatically assigned to predefined permissions groups, even though the Common | AutoExtendPermissions configuration parameter is set.
Proxy view column If the column is used in a database view of the Proxy type, the corresponding column is entered in the view. For example, the column ADSDomain.DisplayName is mapped in the UNSRoot view to column RootObjectDisplay.
Remarks (custom) Spare text box for additional explanation.
Max. length Maximum length of the column. If the value is equal to 0, the length from the database schema is used.
Foreign key The column references an object in another table.
Max. length Minimum length of the column. For columns that are displayed as required input fields in the administration tools user interface, set the minimum length to 1 or higher.
Column format Specify the format permitted for value in this column. You can control the permitted format for the column with formatting types and formatting scripts.
Overwrites Specifies whether the template can overwrite or not.
Template
  • Definie a column template from other columns or a default value for the column. Write the script in VB.Net syntax which allows all VB.Net script functions to be used.

  • Threshold (abort)

    Limit for the number of objects changed directly by a template. Once this limit has been reached, processing is aborted with an error message.

    NOTE: If an abort threshold value is specified, it must be larger than the threshold for asynchronous processing.

    Threshold (asynchronous) Limit for the number of objects changed directly by a template. Once this limit has been reached, processing takes place synchronously with the One Identity Manager Service.
    No automatic truncation by template If the maximum length is exceeded when a template is processed, the value is not automatically truncated to the maximum column length if this option is set.
    Formatting script Formatting script for the column. Write the script in VB.Net syntax which allows all VB.Net script functions to be used.
    Custom template/formatting not permitted Specifies whether the default configuration can be changed by the user, for example, display name, templates and formatting rules.
    Average column length Information is determined once a day through the maintenance tasks. The data material can help to plan capacities and maintenance work on the database.
    Template changed (Only for internal use) This indicates that the template was changed.
    No DB Transport Columns labeled with this option cannot be excluded from a custom configuration package. These columns are excluded from data transport.

    No log

    Specifies whether the column content is recorded in logs, for example, in the One Identity Manager Service log.

    Contains name properties for password check

    Specifies whether the column contains name properties. Depending on the password policy configuration, columns with name properties may be included in the password check. For detailed information on password policies, see One Identity Manager Operational Guide.

    Related Topics

    Editing the user interface

    Certain components of the One Identity Manager’s graphical user interface are stored in the One Identity Manager schema and can be tailored to suit customer requirements. Menu items in the navigation structure, interface forms, and task definitions can be configured in this way.

    Menu items, interface forms and task definitions are assigned to permissions groups. The user's effective components of the user interface depend on the authentication module used for logging in to the One Identity Manager tools. If a user logs in to a One Identity Manager tool, a system user is found and the available menu items, interface forms, task definitions, and individual program functions are identified depending on the permission groups to which this system user belongs and the adapted user interface is loaded.

    Data is displayed as objects in the user interface. User interface objects are meta-objects. You provide a selection of configurable elements, which describes how the data stored in the database is perceived. These objects enable data to be distinguished by specific properties. They provide an additional control function for configuring the user interface. Hence, interface forms and tasks are linked to object definitions which means that different forms and tasks are displayed in the user interface depending on which object is selected.

    You can only modify the supplied user interface components to a certain extent and they are overwritten by schema installation. You can integrate components of the default user interface into your own user defined user interface. If necessary you can disable individual components of the default user interface to stop them from being displayed. The system users provided are not effected by this limitation. Components labeled as disabled remain so after by schema installation.

    Captions are used in the user interface to create user friendly names for different components of the user interface such as menu items, tasks and column names. You can maintain multi-language display text in the One Identity Manager which enables you to display captions in different languages.

    The default One Identity Manager installation is supplied in the languages English - United States [en-US] and German - Germany [de-DE]. You can add other languages to the user interface and display text if required. In this instance, you must translate the text before One Identity Manager goes live. There is a Language Editor in the Designer to help you do this. A special control is provided in the One Identity Manager tools that aids multi-language input.

    A user interface is always set up for one application. The standard version of the One Identity Manager includes the applications and predefined navigation for the Manager, Designer and Launchpad tools.

    Detailed information about this topic

    Object definitions for the user interface

    The data in the user interface is represented by objects. Objects in the user interface map the data stored in the database. These objects can be configured and enable data to be distinguished by specific properties.

    User interface forms and task definitions are linked to object definitions and displayed depending on the selected object definition. Object definitions provide an additional control function for configuring the user interface.

    You can assign several objects to each table in the One Identity Manager schema. Basically, each database table should have at least one object definition that is generally valid, that means, without limited selection criterion. Other object definitions then relate to the respective special case limited by the general case.

    TIP: To create object definitions for new tables, run the Missing DialogObject consistency check in Designer and use the repair method. You must edit object definitions created like this afterward.
    Table 33: Example Relationship between Tables and User Interface Object Definitions
    Table Object definition Limitation according to Object Definition
    Employee Employee general None
    Employee Employee dummy Employees flagged with the Dummy employee property
    Detailed information about this topic
    Related Documents