Sun Identity Manager Deployment Reference

Extending Views

Some views that set specific resource account attributes such as the password or the enable flag allow you to set additional account attributes. For security, however, these extended attributes must be registered.

Attribute Registration

Attributes can be registered in one of two locations:

Table 3–80 Locations for Attribute Registration

Location  

Register attributes here if...  

AccountAttributeType definition in the resource

... the attributes you want to update are specific to a particular resource, rather than to all resources of that type. 

System Configuration Object 

...you want to make global registrations for all resources of a particular type. These registrations must be done in XML format. 

You can register different attributes for different views. For example, you can register the lock attribute for the Password view and the firstname attribute for the Rename view.

Global Registration

To make global registrations (that is, registrations that apply to all resources), add an attribute in the System Configuration object with this path:

updatableAttributes.ViewName.ResourceTypeName

where ViewName is one of Password, Reset, Enable, Disable, Rename, or Delete, and ResourceTypeName is the name of the resource type. The type name all is reserved for registrations that apply to all resources.

The value of this attribute must be a List of Strings. The strings are names of the attributes you want to update.

The following example registers the attribute named delete before action in the Deprovision view for all resources.


<Attribute name=’updatableAttributes’>
   <Object>
      <Attribute name=’Delete’>
         <Object>
            <Attribute name=’all’>
               <List>
                  <String>delete before action</String>
               </List>
            </Attribute>
         </Object>
      </Attribute>
      <Attribute name=’Enable’>
         <Object>
            <Attribute name=’all’>
               <List>
                  <String>enable before action</String>
               </List>
            </Attribute>
         </Object>
      </Attribute>
   </Object>
</Attribute>

Resource-Specific Registration

To make resource-specific registrations, modify the resource object from the Identity Manager Debug page and insert a <Views> subelement in the AccountAttributeType element. <Views> must contain a list of strings whose values are the names of the views in which this attribute can be updated.


<AccountAttributeType name=’lastname’ mapName=’sn’mapType=’string’>
   <Views>
      <String>Rename</String>
   </Views>
</AccountAttributeType>

In the view, attributes you want to modify are placed within this object:

resourceAccounts.currentResourceAccounts[ResourceTypeName].attributes

<Field name= ’resourceAccounts.currentResourceAccounts[OS400ResourceName].
                     attributes.delete before action’ hidden=’true’>
   <Expansion>
      <s>os400BeforeDeleteAction</s>
   </Expansion>
</Field>