立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics
Overview of the One Identity Manager schema Table types and default columns in the One Identity Manager data model Notes on editing table definitions and column definitions Table definitions Column definitions Table relations Dynamic foreign key Supporting file groups
Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Data retrieval using multiple object history

Use data queries with the Multiple object history query module to create reports about multiple objects with historical data that can be further restricted by a particular criterion. This could be all identities with a certain last name.

Table 156: Properties of data source multiple object history
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Max. lines

Maximum number of result lines for this query.

NOTE: The report only displays results up to this maximum even if the number of results exceeds it. In the default, no error messages or tips are displayed. Any possible messages must be customized in the report.

Parent query

Not used.

Query module

Select the Multiple object history query module.

Table

Select the table to find the object in.

Minimum date or range

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected One Identity Manager History Database databases is determined. Add these parameters subsequently to the report by entering them on the Parameters tab.

Columns

Columns for which the changes are determined.

Criteria

Column, table, and value used for further narrowing down the objects found. The value can be queried directly or as a parameter. Add these parameters subsequently to the report by entering them on the tab Parameters.

The data query returns the following columns.

Table 157: Columns from a data query using single object history
Column Meaning

ChangeID

Unique identifier (UID) for the record.

ObjectKey

Object key or the record.

ObjectUID

Unique identifier (UID) for the modified objects.

User

Name of user that caused the change.

ChangeTime

Time of change

ChangeType

Type of change (Insert, Update, Delete)

Columnname

Name of column whose value has changed.

ColumnDisplay

Display name of column whose value has changed.

OldValue

Old column value.

OldValueDisplay

Old column display value.

NewValue

New column value.

NewValueDisplay

New value display value.

Example:

A history of all identities with the last name "Name1" should be created. The report data can be defined in the following way:

Table:

Person

Min. Date

MinDate

Criteria: column

Lastname

Criteria: value

Name1

Related topics

Data retrieval using historical assignments

Use data queries with the Historical assignments query module to create reports with historical data from object assignments, for example, identity role memberships. This type is used for queries through foreign key relations as well as through assignment tables (many-to-many tables) and child relations.

Table 158: Properties of data source historical assignments
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Max. lines

Maximum number of result lines for this query.

NOTE: The report only displays results up to this maximum even if the number of results exceeds it. In the default, no error messages or tips are displayed. Any possible messages must be customized in the report.

Parent query

In a parent query, restrictions are applied to the data record that are passed on to subsequent queries, all members of a department, for example. Parameters that are defined in the parent query are also available in subsequent queries.

Query module

Select the Historical assignments query module.

Assignment direction

Assignment to be used in the report. Permitted values are Assignments (CR & MN) and Referenced objects (FK).

Table

Table for the assignment.

Minimum date or range

Use the minimum date to specify the point in time that the history data should start from. You can define the date directly or using a parameter. In the case of a parameter, the minimum date of all affected entries in the connected One Identity Manager History Database databases is determined. Add these parameters subsequently to the report by entering them on the Parameters tab.

Criteria column

Column in the table for linking to the base object.

Criteria value

The value of the criteria column can be queried directly or using parameters. Add these parameters subsequently to the report by entering them on the Parameters tab. Columns in a parent query are formatted with the following syntax:

<parent query name>.<parent query column>

Foreign key to query

Foreign key to retain historical assignments.

Disabling columns

Certain tables contain columns that can disable an object, for example, the AccountDisable column in the ADSAccount table. Enter these columns if an assignment should be labeled as "Deleted" when disabled and "Added" if enabled.

Additional object columns

Enter the columns from the table that should also be available in the report.

Additional criteria

Column of the table and value for further restriction of the base object.

The data query returns the following columns. In addition, columns are supplied that are edited like object columns.

Table 159: Columns from a data query using historical assignments
Column Meaning

BaseKey

Object key for assignment base object.

BaseUID

Base object unique identifier.

ObjectKey

Assignment object key.

DestinationKey

Object key for assignment target object.

DestinationUID

Target object unique identifier.

Display

Target object display value.

CreationUser

User that created the assignment.

CreationTime

Time of assignment.

DeletionUser

User that deleted the assignment.

DeletionTime

Time of deletion.

Type

More detailed specification of the assignment, for example, assignment table name or target system type.

Origin

Bitmask for mapping the type of assignment.

OriginDisplay

Display name of the bitmask for mapping the type of assignment.

Related topics

Data query for simulation data

To select the simulation data generated during simulation in the Manager in a report, use the following query modules:

  • You can apply the Front-end simulation result query module to all parts of a simulation apart from rule violation analysis.

  • You can use the Front-end Simulation Result for Compliance query module to publish the rule violation analysis in the report.

Table 160: Data source front-end simulation result properties
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Query module

Select the Front-end simulation result query module.

Parent query

Not used.

Simulation analysis

Defines which part of the simulation analysis is shown in the report.

Permitted values are:

  • Überblick: Shows which actions were triggered through changes made during the simulation in an overview.

  • Changed properties: Shows objects and their properties affected by the changes made during simulation.

  • DBQueue: Shows the calculation tasks for the DBQueue Processor resulting from changes made during simulation.

  • Trigger changes: Shows all changes made to objects during simulations due to triggering.

  • Generated processes: Shows processes and process steps generated during simulation due to the changes.

Table 161: Data source front-end simulation result for compliance properties
Property Meaning

Name

Name of the data source.

Description

Description of data source.

Query module

Select the query module Frontend Simulation Result for Compliance.

Parent query

Not used.

Related topics

Report parameters

A report can contain several parameters that are determined when the report is created or when an email notification is generated and passed to the report. The generated report is then displayed or send by email to the subscriber corresponding to the report subscription set up. The user can query the report parameters before the report is displayed. This means, you can, for example, limit the time period or pass specific departments for displaying the report.

Report parameters are grouped internally into parameter sets. A separate parameter set is automatically created for very report, every subscribable report, and every report subscription. The parameters and their settings are passed down in the sequence report->subscribable report->report subscriptions.

Figure 32: Report parameter inheritance

You can configure report parameters at several places.

Parameters for reports

Define the report parameters to use when you create the report in the Report Editor. This is where you specify which report parameters are viewable or writable and which are already predefined in a subscribable report.

Parameters for subscribable reports

When you add a subscribable report viewable parameters are displayed in the Manager. You can make further changes to these report parameters assuming they can be overwritten. That means, you specify which report parameters can be viewed or overwritten by Web Portal users and define parameter values.

Parameters for report subscriptions

Report parameters labeled as viewable and editable in subscribable reports, are shown to Web Portal users when they are setting up their personal report subscriptions. If the report parameters are editable, Web Portal users can modify the values in them.

NOTE: In the report, you must define all the report parameters that users can apply. For example, when the report is displayed, when subscribable reports are generated in the Manager, or in Web Portal report subscriptions.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级