Chat now with support
Chat with Support

Identity Manager 9.3 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics The full-text search in One Identity Manager Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Displaying messages in the user interface Referencing packages and files in scripts Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Committing and compiling script changes Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue Processor tasks Structure of the Jobservice.cfg configuration file

Creating events for processes

If the object event is assigned a program function, users that own this program function by permissions group, can trigger the object event and therefore the process, irrespective of their permissions. Detailed information about managing permissions and running processes with program functions can be found in the One Identity Manager Authorization and Authentication Guide.

To create an event

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Click on the element for the process in the process document.

  4. Select the Events view and click .

  5. Enter the following information.

    Table 45: Event properties

    Property

    Description

    Object event

    Name of the object event.

    The Object event drop-down displays the object events of the table specified in the process.

    1. Select an existing object event.

      - OR -

    2. Click and enter the name of the new object event.

    Sort order

    Specifies the sort order in which the processes are generated if multiple processes refer to the same event of the base object.

    Processes with a lower sort order are generated before processes with a higher sort order.

    Event process information

    VB.Net expression for displaying the display name in the process view.

  6. (Optional) Assign a program function to the object event.

    1. In the Designer, select the event in the Process Orchestration > Object events.

    2. Select the View > Select table relations menu item and enable the QBMEventHasFeature table.

    3. In the edit view, select the Program function view and select the program function.

Related topics

Permissions for triggering processes

The basic permissions for triggering processes are granted to the logged in user by the Common_TriggerEvents program function.

In One Identity Manager, triggering of events on stored processes is linked to the permissions concept. Users can only trigger events on objects like this if they own edit permissions for them. This can lead to table users who only have viewing permissions not being able to trigger additional events for processes.

In this case, it is possible to connect the object events (QBMEvent table) with a program function (QBMFeature table). An event (JobEventGen table), which is defined for a process, is linked with an object event (JobEventGen.UID_QBMEvent column). The object events are linked to a program function (QBMEventHasFeature table). Users with this program function can trigger the object event and therefore the process too independent of their permissions.

The Common_TriggerSpecificEvents program function allows you to trigger specific events from the front-end. You can assign this program function to custom object events that any user can trigger. The program function is allocated to the QBM_BaseRigt permissions group.

Detailed information about managing permissions and running processes with program functions can be found in the One Identity Manager Authorization and Authentication Guide.

Related topics

Simulating process generation

You can use simulation to test whether a selected process can be generated successfully or whether the syntax for passing parameters is correct. This makes it easier to alter processes if necessary.

NOTE:

  • The Do not generate option is taken into account when you simulate a process. Disable this option for process simulation.

  • The assemblies generated are saved locally on the workstation on which the simulation is run. A simulation does not, therefore, have any effect on other users.

To generate a process for testing

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Start the simulation wizard with the Process > View > Simulation view menu item.

  4. On the start page of the wizard, click Next.

  5. On the Select event page, select the event for which the process is to be generated and specify the database connection for the simulation. Select Designer Database or Main database.

  6. On the Select object page, select the object for which the event is to be simulated.

  7. (Optional) On the Change object properties page, change the object properties.

  8. (Optional) On the Define parameter list page, enter the parameters for the parameter collection. You can run the following actions:

    • Load process steps: For the selected process, all elements of the parameter collections for all process steps are loaded.

    • Insert: Insert individual parameters for the simulation. Enter the parameter name and parameter value.

    • Delete: Delete individual parameters for the simulation.

    NOTE: For processes generated with parameter collections, you must specify the parameters and the values to be passed (for example, the SourceDir parameter for copies of profiles or the ConfigName parameter for loading a target system). No parameter collection is used for processes generated for the default events (insert, update, delete).

  9. (Optional) On the Define connection variables page, specify the session object global variables to use for the simulation. Click Insert and enter the variable name and the value.

  10. (Optional) On the Define preprocessor directives page, select the preprocessor conditions to be taken into account when the process is generated.

  11. To start the simulation, click Finish on the last page of the wizard.

    The simulation process can take some time. After the simulation is complete the generated process is shown in the Process Editor. The process steps are shown in color depending on the generation result.

    Table 46: Simulation color code
    Color Meaning

    Light gray

    Process step not generated.

    Blue

    Process step successfully generated.

    NOTE:

    Double-click on a successfully generated process step in the edit window to display properties and parameters with their specific values.

    You can copy parameters values to the clipboard with Ctrl + C.

TIP:

  • You can swap between the edit view and the simulation view using the Process > View menu to post-process the processes.

  • For every simulation, an entry is created in the toolbar of the Process Editor, which you can use to rerun the simulation without having to specify the simulation data again.

  • To display the process generation protocol, select the Process > View > Process generator log menu item.

Checking the validity of a process

NOTE: Before you compile a process, you should carry out a validity check of the process and process steps.

To check a process

  1. In the Designer, select the process in the Process Orchestration category.

  2. Start the Process Editor with the Edit process task.

  3. Select the Process > Error checking menu item.

    The result of the check is displayed in the Validity check view and is retained until the next check.

    Table 47: Icons used in the validity check
    Icon Meaning

    No errors found.

    Errors.

    Warning, Information.

TIP:

  • Process or process step controls are highlighted in yellow to indicate a warning or information. If errors occur, the process or process step controls are highlighted in red.

  • Double-click an error message in the Validity check view to jump to the corresponding entry in the process.

Table 48: Possible reasons for process failure
Error Category Possible cause

Errors

The process does not have a name.

No base object given.

The given generating condition does not correspond to required notation (value =).

Warning

The process does not have a base process step.

The process has no event.

Information

The option Do not generate is set.

Table 49: Possible reasons for process step failure
Error Category Possible cause

Errors

The process step does not have a name.

No process task assigned.

The given generating condition does not correspond to required notation (value =).

No executing server specified (server selection script or server mask).

Process step name not unique.

Process step has no parameters.

The given parameter value does not correspond to required notation (value =).

The two process step properties Ignore errors and Wait mode on error are set. The process step is never repeated because all errors are ignored.

The two process step properties Ignore errors and Stop on error are set. The process step never goes into a FROZEN state because all errors are ignored.

The two process step properties Ignore errors and Split processing are set. The split error is never processed.

Warning

Process step not linked into the process.

The two process step properties Split processing and Wait mode on error are set and no retries are defined. If errors occur, the process step is stopped immediately and therefore processing does not split off.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating