Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Table types and default columns in the One Identity Manager data model

Different types of tables can be used at database level inOne Identity Manager.

Table 14: Table types

The type of the table.

Description

Simple table

Simple tables are the most common form for storing data.

The following columns are defined for simple tables:

  • Primary key
  • Object key (XObjectKey)

Many-to-many table

Many-to-many or M:N tables contain the relationships between two other tables.

The following columns are defined for many-to-many tables:

  • a two-column primary key

    Both columns are defined as foreign key columns on the referenced table.

  • Object key (XObjectKey)

Many-to-many tables are also called assignment tables in this documentation.

Many-to-all table

Many-to-all or M:all tables are a special type of assignment tables, which were developed for One Identity Manager.

M:all tables are implemented if part of an assignment (all) can reference different tables, meaning dynamically determined. Valid tables can be limited in this way. For example, the owner of a group can be a user account or a group.

Furthermore M:all tables are used if additional information about an assignment is mapped, for example, an assignment's validity period.

The following columns are defined for M:all tables:

  • Primary key
  • Foreign key defined as NOT NULL that references the primary key of another table.
  • Dynamic foreign key defined as NOT NULL that reference the object key (XObjectKey) of the valid tables.
  • Object key (XObjectKey)

You can define more foreign keys and dynamic foreign keys. These columns must be defined as NULL.

Work tables

Worktables are used to store data for which objects cannot be created. No primary key is required for work tables. However, you can define up to two primary keys.

Table 15: Default columns
Column Description
Primary key
  • If objects are generated from the table through the object layer, the table requires a primary key.
  • If a table represents a many-to-many mapping, a two column primary key is defined. Both primary key columns are defined as foreign key columns in the referenced tables.
  • No primary key is required for work tables.
  • Primary key columns must be defined in Globally Unique Identifier (GUID) format. Default GUID's are created in the format [0-9,a-f](8-4-4-4-12).
XObjectKey

If objects are generated from the table through the object layer, the table must have an object key column. The object key (XObjectKey) is a unique key, which is capable of referencing every object in the database.

XObjectKey syntax:

<Key><T>TableName</T><P>PrimaryKeyOfRow</P></Key>

with:

  • TableName: table name
  • PrimaryKeyOfRow: primary key column's GUID
  • An additional <P>SecondPrimaryKeyOfRow</P> is used for two column primary keys.

Foreign key
  • The name of the foreign key column corresponds, as far as possible, to the name of the references table's primary key.
  • Foreign key columns are defined in GUID format.
  • A table is reference through the referenced table's primary key.
  • If the foreign key column is part of a many-to-all table, the column in the One Identity Manager schema is labeled with the option Part of key of many-to-all table (DialogColumn.IsMAllKeyMember).
Dynamic foreign key
  • Dynamic foreign keys are used if a reference can point to different tables. For example, the manager of a user account (<MMM>Account.ObjectKeyManagertable) can be another user account (<MMM>Account table) or a group (<MMM>Group table).
  • Dynamic foreign keys reference the object key (XObjectKey) of the permitted tables.
  • Permitted tables can be limited. All tables are permitted, if there are no restrictions.
  • A dynamic foreign key is flagged in the One Identity Manager schema with the Dynamic foreign key option (DialogColumn.IsDynamicFK).
  • If the dynamic foreign key is part if a many-to-all table, the column in the One Identity Manager schema is labeled with the option Part of key of many-to-all table (DialogColumn.IsMAllKeyMember).

XDateInserted

The columns contain information about which users made changes at what times. The columns must always exist together.

XDateUpdated

XUserInserted

XUserUpdated
XTouched

This column contains an element's processing status. The processing status is used for creating custom configuration packages.

XMarkedForDeletion

This column defines whether the object is marked for deletion. The columns exists when:

  • The deferred deletion function can be applied to the table.
  • The table is synchronized again a target system and pending objects can be handled.
XOrigin

In order to determine the origin of an assignment, a column XOrigin is defined in a many-to-many or a many-to-all table. The individual bit positions provide the origin of a membership.

For more detailed information about calculation, see the One Identity Manager Identity Management Base Module Administration Guide.

XIsInEffect
  • To discover whether an assignment is in effect, a column XIsInEffect is defined on an assignment table.
  • The column only exists if the number of assignments differs from the number of effective assignments.

    For example, if an employee is deactivated, marked for deletion, or classified as a security risk, inheritance of company resources can be prohibited for this employee. The group assignment is maintained but the assignment has no effect.

  • If column XIsInEffect is used, a column XOrigin must exist.

For detailed information about calculation of assignments, see the One Identity Manager Identity Management Base Module Administration Guide.

XDateSubItem

This column contains the change date for dependencies and is required in order to take membership changes in a target system into account during synchronization and provisioning.

For detailed information about synchronizing and provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.

Notes on editing table definitions and column definitions

  • You can largely customize the tables and schemas from the One Identity Manager to your own requirements. Edit the tables and columns in Designer in the Schema Editor.

  • The default configuration is moved to a configuration buffer during handling. You can retrieve changes from the configuration buffer and restore the default configuration in this way.

    • Changes to data are labeled with the icon in front of the modified value. As long as the changes have not been saved, you can restore them by clicking on the icon.
    • Changes to the default configuration are labeled with the icon in the Designer. To restore the default configuration, click on the icon.
  • Customized default tables and columns are displayed in the Designer in One Identity Manager Schema | Customized tables. The table definitions and column definitions are labeled with an asterisk (*) in the Schema Editor schema. More information about the customizations is shown in a tooltip.
  • The database must be compiled for some changes to tables and columns.
  • Use the Schema Extension program to add custom tables or columns to the One Identity Manager schema. The Schema Extension program creates the schema extensions in the database and ensures that the necessary extensions are made in the One Identity Manager schema.

    You can then make further adjustments to the table definitions and column definitions in Designer.

  • Customized tables are displayed in Designer One Identity Manager Schema | Customized tables.
  • Reports on system configuration and customizations of tables and columns are provided in Designer under Documentation.
Related Topics

Editing table definitions and column definitions

The application and system data model table definitions are stored in the table DialogTable. Column definitions for application and system data model tables are kept in the table DialogColumn. The predefined table properties and column properties of the One Identity Manager schema are maintained by the schema installation and cannot be edited apart from a few properties. You can edit the table definitions and column definitions of the Designer schema in the Schema Editor.

To edit table properties

  1. Select the One Identity Manager schema in Designer.
  2. Select the table and start the Schema Editor with the task Show table definition.
  3. In the Table properties view, edit the table properties.

To edit column properties

  1. Select the One Identity Manager schema in Designer.
  2. Select the table and start the Schema Editor with Show table definition.
  3. In the Schema Editor, select the column and edit the column properties in the Column properties view.
Related Topics

Table types in One Identity Manager

For access via the object layer, the tables in the One Identity Manager schema are labeled with a particular table type. Additional properties are required for the table definition, depending on the table type.

Table 16: Table types in the One Identity Manager schema
Table types Meaning

Table

The Table table type is used for simple tables, many-to-many tables, M:all tables, and work tables.

Base table

The Base table table type is used for simple tables, many-to-many tables, M:all tables, and work tables in order to define database views with the View type. Examples of base tables include the BaseTree table for mapping roles and organizations, and the BasetreeHas* assignment tables for assigning company resources to organizations and roles.

View

The View table type is used for database views on tables with the Base table type. Database views with the View type represent subsets of the underlying tables. Database views with the View type are mainly used to map roles. For example, the database views Department, Locality and Profitcenter are subsets of the Basetree base table.

Proxy

The Proxy table type is used for database views on tables with the Table type or on database views with the View type. Database views with the Proxy type are union views of different tables. Columns are mapped between a database view with the Proxy type and the underlying tables by means of the column definitions. Database views with the Proxy type are mainly used for mapping in the Unified Namespace.

Union

The Union table type is used for database views on tables with the Table type or on database views with the View or Proxy type. Database views with the Union type are union views of different tables and are used to group together different object types with the same context. For example, the QERAccProductUsage database view identifies which service items are used in which IT Shop products. Database views with the Union type are mainly used for editing the user interface and creating reports.

Read only

The Read only table type is used for database views on tables with the Table type or on database views with the View, Proxy or Union type. Database views with the Read only table type may be subsets or unions of the underlying tables. Database views with the Read only type are for display only and are mainly used for editing the user interface and creating reports.

Related Topics
Related Documents