立即与支持人员聊天
与支持团队交流

Identity Manager 8.1.4 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Using scripts Notes on message output Notes on using date values Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing of scripts in Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for executing scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks One Identity Manager Service configuration files

Editing value templates

You can customize predefined default value templates and create your own additional value templates.

IMPORTANT: You must take performance factors into consideration when defining value templates. In certain circumstances, changes to a property could cause large numbers of dependent objects to be changed, saved, and processes to be generated through a value template in overwrite mode.

To limit the number of objects changed by a value template you can define thresholds for executing value templates. For more information, see Restricting the execution of value templates.

To create a value template

  1. In the Designer, select One Identity Manager Schema.

  2. Select the table and start the Schema Editor with the Show table definition task.

  3. Select the column and then the Column properties view.

  4. Select the Value calculation tab and edit the following properties.

    Table 26: Properties for calculating values of a column

    Property

    Description

    Overwrites

    Specifies whether the template can overwrite or not. If this option is set, the value template is always applied. If the option is not set, the value template is only applied when the column is empty.

    Template

    Template script. Write the script in VB.Net syntax which allows all VB.Net script functions to be used.

    TIP: To display the columns that trigger a template, click Triggers for this template.
    No automatic truncation by template

    Specifies whether the value is automatically truncated to the maximum column length if the maximum length is exceeded when applying a template. If this option is enabled, the value is not automatically truncated to the maximum column length.

IMPORTANT: Compile the database to bring the value template into effect.

TIP: Test compile using the Schema | Test compile menu item.

Related topics

Preventing a change to a column

You can use value templates to prevent users from changing columns that are filled by a value template. To do this, add the name of this column in the value template in $-notation. The value template now references itself. Any change to the column is immediately overwritten by the value template. Value templates that overwrite themselves only take effect if they have been labeled as “Overwrites”.

Example

The user should not be able to change an employee‘s central user account. This should be prevented by the value template.

  • Define a custom value template for the Person.CentralAccount column.
  • For the value templates, enable the Overwrites option.
  • Extend the default value template with the following entry: ’$CentralAccount$.

’$CentralAccount$

If Not CBool(Session.Variables.Get("FULLSYNC")) Then

Value=VI_AE_BuildCentralAccount(GetValue("UID_Person").String,$Lastname$, $Firstname$)

End If

Restricting the execution of value templates

To limit the number of objects changed by a value template you can define thresholds.

To define thresholds for a value template

  1. In the Designer, select the One Identity Manager Schema category.
  2. Select the table and start the Schema Editor with the Show table definition task.
  3. Select the column and then the Column properties view.
  4. Select the Value calculation tab and edit the following properties.

    • Threshold (asynchron): Enter the maximum number of objects that can be changed directly by the value template. Once this limit has been reached, processing takes place synchronously with the One Identity Manager Service.
    • Threshold (Abort): Enter the number of objects at which an abort should be carried out. Once this limit has been reached, processing is aborted with an error message.

    NOTE: If an abort threshold value is specified, it must be larger than the threshold for asynchronous processing.

Related topics

Example of local value templates within an object

The an employee's full name (Person.Internalname) will be derived from its surname (Person.Lastname) and first name (Person.Firstname). The value template for the Person.Internalname column looks like:

Value = $Lastname$ & ", " & $Firstname$

If the value template is labeled as "Overwrites" then each time Lastname changes a test is done to check for dependent columns that reference this value in a template. If this is the case, the value template is processed and the value is entered into the Internalname column. If the value template cannot overwrite, it only applies if there is no value in the Internalname column.

The Person.Lastname and Person.Firstname columns are the sender and the Person.Internalname column is the subscriber. The mapping for adding a database object in the DialogNotification table is:

person.lastname --> person.internalname

person.firstname --> person.internalname

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级