Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Data retrieval using single object history

Use data queries with the Single object history query module when you want to create reports about a single object, for example, one employee, with its history data.

Table 170: Properties of data source single object history
Property Meaning
Name Name of the data source.
Description Description of data source.

Max. lines

Maximum number of result lines for this query. If this number is exceeded, report creation is terminated.

Parent query In a parent query, restrictions are applied to the data record that are passed on to subsequent queries, all members of a department, for example. Parameters that are defined in the parent query are also available in subsequent queries.
Query module Select the Single object history query module.
Object key

The object key can be queried directly or using a parameter. Add these parameters subsequently to the report by entering them on the tab Parameters. Columns in a parent query are formatted with the following syntax:

<parent query name>.<parent query column>

Min date or range

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected History Database databases is determined. Add these parameters subsequently to the report by entering them on the tab Parameters.

Columns

Columns for which the changes are determined.

Resolve foreign key Set this option if the display value of the referenced object should be returned rather than the UID.

The data query returns the following columns.

Table 171: Columns from a data query using single object history
Column Meaning
ChangeID Unique identifier (UID) for the record.
ObjectKey Object key or the record.
ObjectUID Unique identifier (UID) for the modified objects.
User Name of user that caused the change.
ChangeTime Time of change
ChangeType Type of change (Insert, Update, Delete)
Columnname Name of column whose value has changed.
ColumnDisplay Display name of column whose value has changed.
OldValue Old column value.
OldValueDisplay Old column display value. Only if the option Resolve foreign key is set.
NewValue New column value.
NewValueDisplay New value display value. Only if the option Resolve foreign key is set.
Related Topics

Data retrieval using multiple object history

Use data queries with the Multiple object history query module to create reports about multiple objects with historical data that can be further restricted by a particular criterion, for example all employees with the last name "Miller".

Table 172: Properties of data source multiple object history
Property Meaning
Name Name of the data source.
Description Description of data source.

Max. lines

Maximum number of result lines for this query. If this number is exceeded, report creation is terminated.

Parent query Not used.
Query module Select the Multiple object history query module.
Table Select the table to find the object in.
Min date or range

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected History Database databases is determined. Add these parameters subsequently to the report by entering them on the tab Parameters.

Columns Columns for which the changes are determined.
Criteria

Column, table and value used for further narrowing down the objects found. The value can be queried directly or as a parameter. Add these parameters subsequently to the report by entering them on the tab Parameters.

The data query returns the following columns.

Table 173: Columns from a data query using single object history
Column Meaning
ChangeID Unique identifier (UID) for the record.
ObjectKey Object key or the record.
ObjectUID Unique identifier (UID) for the modified objects.
User Name of user that caused the change.
ChangeTime Time of change
ChangeType Type of change (Insert, Update, Delete)
Columnname Name of column whose value has changed.
ColumnDisplay Display name of column whose value has changed.
OldValue Old column value.
OldValueDisplay Old column display value. Only if the option Resolve foreign key is set.
NewValue New column value.
NewValueDisplay New value display value. Only if the option Resolve foreign key is set.
Example

A history of all employees with the last name "Miller" should be created. The report data can be defined in the following way:

Table: Employee
Minimum Date MinDate
Criteria: column Lastname
Criteria: value Miller
Related Topics

Data retrieval using historical assignments

Use data queries with the Historical assignments query module to create reports with historical data from object assignments, for example, employee role memberships. This type is used for queries using foreign key relations as well as though assignment tables (many-to-many tables).

Table 174: Properties of data source historical assignments
Property Meaning
Name Name of the data source.
Description Description of data source.

Max. lines

Maximum number of result lines for this query. If this number is exceeded, report creation is terminated.

Parent query In a parent query, restrictions are applied to the data record that are passed on to subsequent queries, all members of a department, for example. Parameters that are defined in the parent query are also available in subsequent queries.
Query module Select the Historical assignments query module.
Table Table for the assignment.
Min date or range

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected History Database databases is determined. Add these parameters subsequently to the report by entering them on the tab Parameters.

Criteria column Column in the table for linking to the base object.
Criteria value

The value of the criteria column can be queried directly or using parameters. Add these parameters subsequently to the report by entering them on the tab Parameters. Columns in a parent query are formatted with the following syntax:

<parent query name>.<parent query column>

Disabling columns

Certain tables contain columns that can disable an object, for example, the column AccountDisable in the table ADSAccount. Enter these columns if an assignment should be labeled as "Deleted" when disabled and "Added" if enabled.

Additional object columns Enter the columns from the table that should also be available in the report.

Additional criteria

Column of the table and value for further restriction of the base object.

The data query returns the following columns.

Table 175: Columns from a data query using historical assignments
Column Meaning
BaseKey Object key for assignment base object.
BaseUID Base object unique identifier.
ObjectKey Assignment object key.
DestinationKey Object key for assignment target object.
DestinationUID Target object unique identifier.
Display Target object display value.
CreationUser User that created the assignment.
CreationTime Time of assignment.
DeletionUser User that deleted the assignment.
DeletionTime Time of deletion.
Type More detailed specification of the assignment, for example, assignment table name or target system type.

Origin

Bit mask for mapping the type of assignment.

OriginDisplay

Display name of the bit mask for mapping the type of assignment.

Related Topics

Data query for simulation data

To select the simulation data generated during simulation in the Manager in a report, use the following query modules:

  • Front-end simulation result

    You can apply this query module to all parts of a simulation excluding rule violation analysis.

  • Front-end simulation result for compliance

    You can apply this query module to publish the rule violation analysis in the report.

Table 176: Data source front-end simulation result properties
Property Meaning
Name Name of the data source.
Description Description of data source.
Query module Select the query module Front-end simulation result.
Parent query Not used.
Simulation analysis Defines which part of the simulation analysis is shown in the report. For more information, see Table 177.
Table 177: Simulation analysis type
Type Description
Overview Shows which actions were triggered through changes made during the simulation in an overview.
Changed object Shows objects and their properties affected by the changes made during simulation.
DBQueue Shows the calculation tasks for the DBQueue Processor resulting from changes made during simulation.
Trigger changes Shows all changes made to objects during simulations due to triggering.
Generated process Shows processes and process steps generated during simulation due to the changes.
Table 178: Data source front-end simulation result for compliance properties
Property Meaning
Name Name of the data source.
Description Description of data source.
Query module Select the query module Frontend Simulation Result for Compliance.
Parent query Not used.
Related Topics
Related Documents