Sun Identity Manager 8.1 Business Administrator's Guide

The extendedTypes Attribute

Each new Type that you add to the com.waveset.object.Type class can be audited. A new Type must be assigned a unique two-character database key, which is stored in the database. All new Types are added to the various audit reporting interfaces. Each new Type to be logged to the database without being filtered must be added to an audit event groups enabledEvents attribute (as described with the enabledEvents attribute).

There may be situations in which you want to audit something that does not have an associated com.waveset.object.Type, or where you want to represent an existing type with more granularity.

For example, the WSUser object stores all of the user’s account information in the repository. Instead of marking each event as a USER type, the auditing process splits the WSUser object into two different audit types (Resource Account and Identity Manager Account). Splitting the object in this way makes it easier to find specific account information in the audit log.

Add extended audit types by adding to the extendedObjects attribute. Each extended object must have the attributes listed in the following table.

Table 10–15 Extended Object Attributes






The name of the type, which is used when constructing AuditEvents and during event filtering. 



A message catalog key that represents the name of the type. 



Two-character database key to use when storing this object in the Log table. See Audit Log Database Mappings for reserved values.



Actions supported by the object type. This attribute will be used when creating audit queries from the user interface. If this value is null, all actions will be displayed as possible values to be queried for this object type. 



(Optional) The name of the com.waveset.object.Type that maps to this type, if applicable. This attribute is used when attempting to resolve an object organizational membership if not already specified on the event.



(Optional) A default list of organization IDs where events of this type should be placed, if they do not already have assigned organizational membership. 

All customer-specific keys should start with the # symbol to prevent duplicate keys when new internal keys are added.

Example 10–6 illustrates the extended-type Identity Manager Account.

Example 10–6 Extended Type Identity Manager Account

<Object name=’LighthouseAccount’> <Attribute name=’displayName’ value=’LG_LIGHTHOUSE_ACCOUNT’/> 
<Attribute name=’logDbKey’ value=’LA’/> <Attribute name=’mapsToType’ value=’User’/> 
<Attribute name=’supportedActions’> <List> <String>Disable</String> <String>Enable</String> 
<String>Create</String> <String>Modify</String> <String>Delete</String> <String>Rename</String> 
</List> </Attribute> </Object>