Chat now with support
Chat with Support

Identity Manager 9.2 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Displaying the column dependencies based on templates

This mode only displays those tables that have columns with dependencies due to value templates. Tables and columns without dependencies are not shown.

To display the column dependencies

  1. In the Designer, select the One Identity Manager Schema category.

  2. Open the schema overview with the One Identity Manager Schema task.

  3. Select the Options > Dependencies menu item.

The tooltip for a table entry contains the name of the table. The tooltip for the column entries contains the name of the column. If a column has a value template it is shown in the tooltip. If the column does not have a value template itself but is referenced by value templates belong to other columns then those columns are named in the tooltip.

When you select a column, the connections to other columns are highlighted in color. A tooltip shows the sender and subscriber relationship of the column dependencies. The tooltip contains the names of tables that refer to each other. The sender, subscriber, and the part of the value template that gives the reason for the dependency are also shown.

Table 12: Meaning of colors for sender subscriber relations
Color Meaning

Green

Column is sender.

Red

Column is subscriber.

Related topics

Table types and default columns in the One Identity Manager data model

Different types of tables can be used at database level in One Identity Manager.

Table 13: Table types

Table type

Description

Simple table

Simple tables are the most common form for storing data.

The following columns are defined for simple tables:

  • Primary key, consisting of one column

  • Object key (XObjectKey)

Many-to-many table

Many-to-many or M:N tables contain the relationships between two other tables.

The following columns are defined for many-to-many tables:

  • A two column primary key

    Both columns are defined as foreign key columns on the referenced table.

  • Object key (XObjectKey)

Many-to-many tables are also called assignment tables in this documentation.

Many-to-all table

Many-to-all or M:all tables are a special type of assignment tables that were developed for One Identity Manager.

M:all tables are implemented if part of an assignment (all) can reference different tables, meaning dynamically determined. Valid tables can be limited in this way. For example, the owner of a group can be a user account or a group.

Furthermore M:all tables are used if additional information about an assignment is mapped, for example, an assignment's validity period.

The following columns are defined for M:all tables:

  • Primary key

  • Foreign key defined as NOT NULL that references the primary key of another table.

  • Dynamic foreign key defined as NOT NULL that reference the object key (XObjectKey) of the valid tables.

  • Object key (XObjectKey)

You can define more foreign keys and dynamic foreign keys. These columns must be defined as NULL.

Work tables

Work tables are used to store data for which objects cannot be created. No primary key is required for work tables. However, you can define up to two primary keys.

Table 14: Default columns
Column Description
Primary key
  • If objects are generated from the table through the object layer, the table requires a primary key.

  • If a table represents a many-to-many mapping, a two column primary key is defined. Both primary key columns are defined as foreign key columns in the referenced tables.

  • No primary key is required for work tables.

  • Primary key columns must be defined in Globally Unique Identifier (GUID) format.

    Default GUID's are created in the [0-9,a-f](8-4-4-4-12) format.

    Predefined module GUID's are mapped in the <MMM>-[0-9,a-f](32) format, where <MMM> corresponds to the module prefix. Custom module GUID's are created in the <CCC>-[0-9,a-f](32) format. For more information, see Working with a globally unique identifier module.

XObjectKey

If objects are generated from the table through the object layer, the table must have an object key column. The object key (XObjectKey) is a unique key, which is capable of referencing every object in the database.

XObjectKey syntax:

<Key><T>TableName</T><P>PrimaryKeyOfRow</P></Key>

with:

  • TableName: table name

  • PrimaryKeyOfRow: primary key column's GUID

An additional <P>SecondPrimaryKeyOfRow</P> is used for two column primary keys. The order in which columns used in the XObjectKey are sorted depends on the foreign key columns identifiers (alphabetical order).

Example:

PersonInProfitcenter table

<Key><T>PersonInProfitCenter</T><P><UID_Person></P><P><>UID_Profitcenter</P></Key>

PersonInDepartment table

<Key><T>PersonInDepartment</T><P><UID_Department></P><P><>UID_Person</P></Key>

Foreign key
  • The name of the foreign key column corresponds, as far as possible, to the name of the references table's primary key.

  • Foreign key columns are defined in GUID format.

  • A table is reference through the referenced table's primary key.

  • If the foreign key column is part of a many-to-all table, the column in the One Identity Manager schema is labeled with the Part of key of many-to-all table option (DialogColumn.IsMAllKeyMember).

Dynamic foreign key
  • Dynamic foreign keys are used if a reference can point to different tables. For example, the manager of a user account (<MMM>Account.ObjectKeyManagertable) can be another user account (<MMM>Account table) or a group (<MMM>Group table).

  • Dynamic foreign keys reference the (XObjectKey) object key of the permitted tables.

  • Permitted tables can be limited. All tables are permitted, if there are no restrictions.

  • A dynamic foreign key is flagged in the One Identity Manager schema with the Dynamic foreign key option (DialogColumn.IsDynamicFK).

  • If the dynamic foreign key is part if a many-to-all table, the column in the One Identity Manager schema is labeled with the Part of key of many-to-all table option (DialogColumn.IsMAllKeyMember).

XDateInserted

The columns contain information about which users made changes at what times. The columns must always exist together.

XDateUpdated

XUserInserted

XUserUpdated
XTouched

This column contains an element's processing status. The processing status is used for creating custom configuration packages.

XMarkedForDeletion

This column defines whether the object is marked for deletion. The columns exists when:

  • The deferred deletion function can be applied to the table.

  • The table is synchronized again a target system and outstanding objects can be handled.

XOrigin

In order to determine the origin of an assignment, a XOrigin column is defined in a many-to-many or a many-to-all table. The individual bit positions provide the origin of a membership.

For more information about calculation of assignments, see the One Identity Manager Identity Management Base Module Administration Guide.

XIsInEffect
  • To discover whether an assignment is in effect, a XIsInEffect column is defined on an assignment table.

  • The column only exists if the number of assignments differs from the number of effective assignments.

    For example, if an identity is deactivated, marked for deletion, or classified as a security risk, inheritance of company resources can be prohibited for this identity. The group assignment is maintained but the assignment has no effect.

  • If the XIsInEffect column is used, a XOrigin column must exist.

For more information about calculation of assignments, see the One Identity Manager Identity Management Base Module Administration Guide.

XDateSubItem

This column contains the change date for dependencies and is required in order to take membership changes in a target system into account during synchronization and provisioning.

For more information about synchronizing and provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.

Notes on editing table definitions and column definitions

  • You can largely customize the tables and schemas from One Identity Manager to your own requirements. In the Designer, edit the tables and columns in the Schema Editor.

  • The default configuration is moved to a configuration buffer during handling. You can retrieve changes from the configuration buffer and restore the default configuration in this way.

    • Changes to data are labeled with the icon in front of the modified value. As long as the changes have not been saved, you can restore them by clicking the icon.

    • Changes to the default configuration are labeled with the Designer icon in the . To restore the default configuration, click the icon.

  • In the Designer, customized default tables and columns are displayed in the One Identity Manager Schema > Customized tables category. The table definitions and column definitions are labeled with an asterisk (*) in the Schema Editor schema. More information about the customizations is shown in a tooltip.

  • The database must be compiled for some changes to tables and columns.

  • Use the One Identity Manager program to add custom tables or columns to the Schema Extension schema. The Schema Extension program creates the schema extensions in the database and ensures that the necessary extensions are made in the One Identity Manager schema.

    You can then make further adjustments to the table definitions and column definitions in the Designer.

  • In the Designer, customized tables are displayed in the One Identity Manager Schema > Customized tables category.

  • In the Designer, you can get an overview of existing columns with value templates in the One Identity Manager Schema > Templates category. Column dependencies due to value templates are mapped in the schema overview in the Schema Editor.

  • In the Designer, you can get an overview of the existing columns in the system with predefined formatting types or formatting scripts in the One Identity Manager Schema > Formatting rules category.

  • In the Designer, reports on system configuration and customizations of tables and columns are provided in the Documentation category.

Related topics

Table definitions

The One Identity Manager module table definitions are stored in the DialogTable table. Predefined One Identity Manager schema table definitions are maintained through schema installation and only a few properties can be modified.

Use the Designer's Schema Editor to edit One Identity Manager schema table definitions.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating