Configuring Warehouse Models (Sun Identity Manager 8.1 Business Administrator's Guide)

Sun Identity Manager 8.1 Business Administrator's Guide

Configuring Warehouse Models

Each exportable data type has a set of options that are used to control if, how and when the type is exported. Exporting data increases the load on the Identity Manager servers, so exporting should only be enabled for data types that are of business interest.

The following table describes each of the data types that can be exported.

Table 16–1 Supported Data Types


Data Type	Description
`Account`	A record containing the linkage between a User and a ResourceAccount
`AdminGroup`	A group of Identity Manager permissions available on all ObjectGroups
`AdminRole`	The permissions assigned to one or more ObjectGroups
AuditPolicy	A collection of rules evaluated against an Identity Manager object to determine complicance to a business policy.
`ComplianceViolation`	A record containing a user's non-compliance with an AuditPolicy
`Entitlement`	A record containing the list of attestations for a specific User
`LogRecord`	A record containing a single audit record
`ObjectGroup`	A security container that is modeled as an organization
`Resource`	A system/application on which accounts are provisioned
`ResourceAccount`	A set of attributes that comprise an account on a specific Resource
`Role`	A logical container for access
`Rule`	A block of logic that can be executed by Identity Manager
`TaskInstance`	A record indicating an executing or completed process
`User`	A logical user that includes zero or more accounts.
`WorkflowActivity`	A single activity of an Identity Manager workflow
`WorkItem`	A manual action from an Identity Manager workflow

To Configure Warehouse Models

From the Data Exporter Configuration page, click on a data type link.

In the Export tab, specify whether to export the data type. If you do not want to export this data type, deselect the Export check box and click Save. Otherwise, select the remaining options on this Export tab as needed.
- Allow Query. Controls whether the model can be queried.
- Queue All. Captures all changes to objects of this type. Checking this option may add significant processing costs to the Exporter. Use this option sparingly.
- Capture Deletes. Records all deleted objects of this type. Checking this option may add significant processing costs to the Exporter. Use this option sparingly.

The Attributes tab allows you to select which attributes may be specified as part of a forensic query, and which attributes can be displayed in the query results. You cannot delete the default attributes from the Administrator interface. See Chapter 2, Working with Attributes, in Sun Identity Manager Deployment Guide for information about changing the default attributes.

New attribute names have the following characteristics:
- attrName — The attribute is a top-level and scalar.
- attrName[] — The attribute is a list-valued top-level attribute, and the elements in the list are scalar.
- attrName[’key’] — The attribute contains a map value, and the value of the map with the specified key is desired.
- attrName[].name2 — The attribute is a list-valued top-level attribute, where the elements in the list are structures. name2 is the attribute in the structure to be accessed.
Note –
If you want to export attributes to the EXT_RESOURCEACCOUNT_ACCTATTR table, you must check the Audit box for each attribute to be exported.

Specify how often to export the information associated with the data type on the Schedule tab. Cycles are relative to midnight on the server. A cycle of every 20 minutes would occur on the hour, then 20 minutes and 40 minutes past the hour. If an export attempt takes longer than a scheduled cycle, the next cycle will be skipped. For example, if a cycle is defined as 20 minutes and starts at midnight, and it takes 25 minutes to complete the export, the next export will start at 12:40. The export originally scheduled for 12:20 will not occur.