Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Specifying data retention periods

Once the retention period has ended, the recorded data is either exported or deleted from the One Identity Manager database depending on which archiving method has been chosen. A longer retention period should be selected for subsections whose records will be exported than for those that will be deleted.

NOTE: If you do not specify a retention period, the records for this subsection will be deleted daily from the One Identity Manager database within the DBQueue Processor daily maintenance tasks.

The recordings are not exported until the retention period for all subsections has expired and no other active processes for the process group (GenProcID) exist in the DBQueue, process history or as planned operation.

You use configuration parameters to define the data retention periods for the individual sections.

Table 144: Configuration Parameter for Handling Change Data
Configuration parameter Meaning

Common | ProcessState | PropertyLog | IsToExport

Exports the data changes. If this configuration parameter is not set the information is deleted once the retention period has expired.

Common | ProcessState | PropertyLog | LifeTime

This configuration parameter specifies the maximum retention period in the database for log entries from change tracking.

Table 145: Configuration Parameter for Handling Process Information
Configuration parameter Meaning

Common | ProcessState | ProgressView | IsToExport

Exports the data in the process information. If this configuration parameter is not set the information is deleted once the retention period has expired.

Common | ProcessState | ProgressView | LifeTime

This configuration parameter specifies the maximum length of time that log data from process information can be kept in the database.

Table 146: Configuration Parameter for Handling Process History
Configuration parameter Meaning

Common | ProcessState | JobHistory | IsToExport

Exports the information in the process history. If this configuration parameter is not set the information is deleted once the retention period has expired.

Common | ProcessState | JobHistory | LifeTime

This configuration parameter specifies the maximum retention period in the database for log entries from process history.

Conditional compilation using preprocessor conditions

Conditional compiling of program code is integrated into One Identity Manager. Conditional compilation allows parts of the program code to be parsed whereas other parts remain untouched.

Conditional compiling has the following advantages:

  • Assemblies are reduced in size
  • System configuration organization
  • Improves clarity for the model and rights
  • Speeds up processing
  • Hides unnecessary data in all VB.Net expressions
  • Hides unnecessary model components

Conditional compiling in One Identity Manager is controlled using preprocessor conditions. Preprocessor conditions can be used in:

  • Objects with the property Preprocessor condition.
  • VB.Net expressions

Configuration parameters and their options define the possible preprocessor conditions.

In order to become effective on a system-wide basis, every modification to preprocessor relevant configuration parameters as well as modifications to preprocessor conditions on objects and VB.Net expressions requires the One Identity Manager database to be recompiled.

Detailed information about this topic

Preprocessor-relevant configuration parameters

IMPORTANT: The One Identity Manager database needs to be recompiled every time a preprocessor-relevant configuration parameter and its options are changed.

The option Preprocessor relevant parameter is used to label a configuration parameter as preprocessor relevant. A preprocessor expression is entered in the associated configuration parameter option.

When a preprocessor relevant configuration parameter is set it is valid globally across the system. The preprocessor condition does not come into effect until the database has been compiled.

NOTE: Predefined preprocessor configuration parameters are overwritten during schema installation. Define company-specific, preprocessor-relevant configuration parameters and options in Designer under the Custom configuration parameter.

To display preprocessor relevant configuration parameters

  1. In Designer, select Base data | General | Configuration parameters.
  2. In the Configuration Parameter Editor, select the menu item View | Preprocessor definitions.

    The Preprocessor definitions view shows all preprocessor conditions. Double-click an entry to display the configuration parameter.

NOTE: You can find an overview of existing preprocessor dependencies in Designer in One Identity Manager Schema | Preprocessor dependencies.

Related Topics

Preprocessor conditions in objects

IMPORTANT: Each modification to preprocessor objects requires recompiling the One Identity Manager database.

You can enter a preprocessor condition directly for certain objects.

To enter a preprocessor condition

  • In the Preprocessor condition property, enter the preprocessor expressions of the configuration parameters. You can link preprocessor expressions together with AND, OR, NOT, ().
Example

The column Person.RiskIndexCalculated should only be shown in the interface if the risk function is set.

The following preprocessor conditions are entered in the column definition (DialogColumn table).

Table 147: Example for Preprocessor Conditions
Table Column Preprocessor condition
Person RiskIndexCalculated COMPLIANCE

If a preprocessor-relevant configuration parameter is enabled or disabled, tasks are created for the DBQueue Processor to calculate all preprocessor and calculation tasks for the affected objects. The option Disabled by preprocessor is updated for each object. If the re-interpretation of the preprocessor conditions leads to a change in the option, the preprocessor interpretation tasks that follow are generated for the dependent objects. User rights can also be affected. After DBQueue Processor has processed the tasks, the database needs to be recompiled.

The interpretation of preprocessor conditions has the following effects:

  • If a table is disabled by a preprocessor condition then all the columns and object definitions that relate to the table and the user interface forms and the associated navigation are disabled.
  • If a primary key column is disabled, all foreign key columns that refer to this primary key are also disabled.
  • If a primary key member is disabled according to the preceding rule (for example, in the case of many-to-many tables), then this primary key’s table and all further columns belonging to this table are also disabled. This method has the advantage that, for example, when a table such as ADSGroup is disabled then all assignments are automatically disabled, such as the table, DepartmentHasADSGroup.

NOTE: You can find an overview of existing preprocessor dependencies in Designer in One Identity Manager Schema | Preprocessor dependencies.

Related Topics
Related Documents