Chat now with support
Chat with Support

Identity Manager 9.3 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics The full-text search in One Identity Manager Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Displaying messages in the user interface Referencing packages and files in scripts Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Committing and compiling script changes Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue Processor tasks Structure of the Jobservice.cfg configuration file

Data retrieval using database views

You can use the View query module to create data queries using predefined database views and thus control user access permissions.

Table 137: Data source view properties
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Max. lines

Maximum number of result lines for this query. If this number is exceeded, the report stops generating.

Parent query

Not used.

Query module

Select the View query module.

View name

Name of the database view.

Condition

Condition for limiting the data set returned from the database table. You formulate the condition as a valid WHERE clause for database queries. You may use SQL parameters in the condition. Add these parameters subsequently to the report by entering them on the Parameters tab.

Syntax for parameters:

@<Parametername>

Sort order

The data queries are sorted by these database view columns.

Related topics

Data retrieval using an object

Data queries with the Object query module are created using the object layer and therefore take user access permissions fully into account.

Table 138: Data source object properties
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Max. lines

Maximum number of result lines for this query.

NOTE: The report only displays results up to this maximum even if the number of results exceeds it. In the default, no error messages or tips are displayed. Any possible messages must be customized in the report.

Parent query

In a parent query, restrictions are applied to the data record that are passed on to subsequent queries, all members of a department, for example. Parameters that are defined in the parent query are also available in subsequent queries.

Query module

Select the Object query module.

Table

Select the table to find the object in.

Columns

Columns to use in the report.

Some columns are always added to the report definition and must not be explicitly entered here. These include:

  • The table's primary key column.
  • All columns used in the table display template.
  • Pseudo columns (_Display and _DisplayLong) supplied by the table's display template.
  • An additional column (<column>_Display) is also created for the display value for foreign key columns and columns with a list of defined values or multi-language entries.

Resolve foreign key

Set this option if the display value of the referenced object should be returned in <column>_Display rather than the UID.

Condition

Condition for limiting the data set returned from the table. You formulate the condition as a valid WHERE clause for database queries. You may use SQL parameters in the condition. Add these parameters subsequently to the report by entering them on the Parameters tab.

Syntax for parameters:

@<Parametername>

Syntax for columns of a parent query:

@<name of parent query>.<column of the parent query>

Sort order

The data queries are sorted by these table columns.

Related topics

Data retrieval using single object history

Use data queries with the Single object history query module when you want to create reports about a single object, for example, one identity, with its history data.

Table 139: Properties of data source single object history
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Max. lines

Maximum number of result lines for this query.

NOTE: The report only displays results up to this maximum even if the number of results exceeds it. In the default, no error messages or tips are displayed. Any possible messages must be customized in the report.

Parent query

In a parent query, restrictions are applied to the data record that are passed on to subsequent queries, all members of a department, for example. Parameters that are defined in the parent query are also available in subsequent queries.

Query module

Select the Single object history query module.

Object key

The object key can be queried directly or using a parameter. Add these parameters subsequently to the report by entering them on the Parameters tab. Columns in a parent query are formatted with the following syntax:

<parent query name>.<parent query column>

Min date or range

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected One Identity Manager History Database databases is determined. Add these parameters subsequently to the report by entering them on the tab Parameters.

Columns

Columns for which the changes are determined.

Resolve foreign key

Set this option if the display value of the referenced object should be returned rather than the UID.

The data query returns the following columns.

Table 140: Columns from a data query using single object history
Column Meaning

ChangeID

Unique identifier (UID) for the record.

ObjectKey

Object key or the record.

ObjectUID

Unique identifier (UID) for the modified objects.

User

Name of user that caused the change.

ChangeTime

Time of change

ChangeType

Type of change (Insert, Update, Delete)

Columnname

Name of column whose value has changed.

ColumnDisplay

Display name of column whose value has changed.

OldValue

Old column value.

OldValueDisplay

Old column display value.

NewValue

New column value.

NewValueDisplay

New value display value.

Related topics

Data retrieval using multiple object history

Use data queries with the Multiple object history query module to create reports about multiple objects with historical data that can be further restricted by a particular criterion. This could be all identities with a certain last name.

Table 141: Properties of data source multiple object history
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Max. lines

Maximum number of result lines for this query.

NOTE: The report only displays results up to this maximum even if the number of results exceeds it. In the default, no error messages or tips are displayed. Any possible messages must be customized in the report.

Parent query

Not used.

Query module

Select the Multiple object history query module.

Table

Select the table to find the object in.

Minimum date or range

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected One Identity Manager History Database databases is determined. Add these parameters subsequently to the report by entering them on the Parameters tab.

Columns

Columns for which the changes are determined.

Criteria

Column, table, and value used for further narrowing down the objects found. The value can be queried directly or as a parameter. Add these parameters subsequently to the report by entering them on the tab Parameters.

The data query returns the following columns.

Table 142: Columns from a data query using single object history
Column Meaning

ChangeID

Unique identifier (UID) for the record.

ObjectKey

Object key or the record.

ObjectUID

Unique identifier (UID) for the modified objects.

User

Name of user that caused the change.

ChangeTime

Time of change

ChangeType

Type of change (Insert, Update, Delete)

Columnname

Name of column whose value has changed.

ColumnDisplay

Display name of column whose value has changed.

OldValue

Old column value.

OldValueDisplay

Old column display value.

NewValue

New column value.

NewValueDisplay

New value display value.

Example: Determining the history of identities

A history of all identities with the last name "Name1" should be created. The report data can be defined in the following way:

Table:

Person

Min. Date:

MinDate

Criteria: column

Lastname

Criteria: value

Name1

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating