Oracle® Identity Manager Connector Guide for Database Access Release 9.0.1 Part Number B31114-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for database access is used to integrate Oracle Identity Manager with various databases.
Note:
Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.This chapter contains the following sections:
This section discusses the functionality supported by the connector.
Function | Type | Description |
---|---|---|
Provisioning process 1: Database Access (Login) | ||
Create Login | Provisioning | Creates a login in the database |
Delete Login | Provisioning | Deletes a provisioned login |
Enable Login | Provisioning | Enables a disabled login |
Disable Login | Provisioning | Disables a login |
Default DB Updated | Provisioning | Updates the configuration of a login in the database according to a change in the Default DB Updated attribute
This function is available only on:
You must add appropriate lookup codes (corresponding to valid database names) in the following lookup definitions:
|
Full Name Updated | Provisioning | Updates the configuration of a login in the database according to a change in the Full Name attribute
This function is available only on:
|
Default Role Updated | Provisioning | Updates the configuration of a login in the database according to a change in the Default Role attribute
This function is available only on Sybase. This function works if the relevant role is already assigned to the Sybase login. You must add appropriate lookup codes (corresponding to valid roles) in the following lookup definition: Lookup.DB Role: For example, if a role named
|
Default Language Updated | Provisioning | Updates the configuration of a login in the database according to a change in the Default Language attribute
This function is available only on:
You must add appropriate lookup codes (corresponding to valid roles) in the following lookup definition: UD_Lookup.Def_Lang: For example, if a language named
|
Password Updated | Provisioning | Updates the configuration of a login in the database according to a change in the Password Updated attribute
This function is run when the password in a process form is changed. For Sybase:
|
Add Role | Provisioning | Adds a role to an existing login in the database
This function is available only on:
The required role must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid role names) in the following lookup definitions:
|
Revoke Role | Provisioning | Revokes a role from an existing login in the database
This function is available only on:
|
Add Tablespace | Provisioning | Adds a tablespace to an existing login in the database
This function is available only on IBM DB2 UDB. The required tablespace must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid tablespaces) in the following lookup definition: UD_Lookup.DB_Tablespacenames: For example, if a tablespace named Code Key: Decode: Lang: Country: |
Delete Tablespace | Provisioning | Revokes a tablespace from an existing login in the database
This function is available only on IBM DB2 UDB. |
Add Schema | Provisioning | Adds a schema to an existing login in the database
This function is available only on IBM DB2 UDB. The required schema must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid schema names) in the following lookup definition: UD_Lookup.DB_Schemas: For example, if a schema named Code Key: Decode: Lang: Country: |
Delete Schema | Provisioning | Revokes a schema from an existing login in the database
This function is available only on IBM DB2 UDB. |
Trusted Reconciliation for Login | Reconciliation | Creates Xellerate Login accounts with respect to the reconciled logins from the database |
Create Login | Reconciliation | Reconciles logins from the database
This function is available only on:
|
Update Login | Reconciliation | Reconciles attributes of logins existing in Xellerate, from the database
This function is available only on:
|
Default DB Updated | Reconciliation | This function is available only on:
|
Full Name Updated | Reconciliation | This function is available only on:
|
Default Role Updated | Reconciliation | This function is available only on:
|
Default Language Updated | Reconciliation | This function is available only on:
|
Add Role | Reconciliation | Reconciles newly added roles of logins existing in Xellerate, from the database
This function is available only on:
|
Add Tablespace | Reconciliation | Reconciles newly added tablespaces of existing logins in Xellerate, from the database
This function is available only on IBM DB2 UDB. |
Add Schema | Reconciliation | Reconciles newly added schemas of existing logins in Xellerate, from the database
This function is available only on IBM DB2 UDB. |
Provisioning process 2 : Database Access (User) | ||
Create User | Provisioning | Creates a user with respect to an existing login in the database
This function is available only on:
While running this function, you must provide the required entry in the DB Name field. The required schema must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid schema names) in the following lookup definitions:
|
Delete User | Provisioning | Deletes a provisioned user with respect to an existing login in the database
This function is available only on:
This function can be run by running the Revoke Request function using the Request form in Oracle Identity Manager. |
Disable User | Provisioning | Disables an existing user in the database
This function is available only on Sybase. This function revokes access to all tables for the specified user. |
Enable User | Provisioning | Enables a disabled existing user in the database
This function is available only on Sybase. The provisioned account has default access to only a particular set of tables. This function grants all types of access privileges to the account for all system- and user-defined tables that are there in the specified database. |
DB Group Updated | Provisioning | Updates the configuration of a user in the database according to a change in the DB Group attribute
This function is available only on Sybase. If no input is provided in the User Group field of the process form, then the provisioned user is added to the default group, The required group must be defined and valid in the Sybase database. You must add appropriate lookup codes (corresponding to valid group names) in the following lookup definition: UD_Lookup.DB_Group: For example, if a group named
|
Add Role | Provisioning | Adds a role to an existing user in the database
This function is available only on Microsoft SQL Server. The required role must be defined and valid on the target Microsoft SQL Server database. You must add appropriate lookup codes (corresponding to valid role names) in the following lookup definition: Lookup.DB Role-MSSQL: For example, if a role named
|
Revoke Role | Provisioning | Revokes a role from an existing user in the database
This function is available only on Microsoft SQL Server. |
Create User | Reconciliation | Reconciles users for a login, from the database
This function is available only on:
|
DB Group Updated | Reconciliation | Reconciles updated DB Group attribute of existing user in Xellerate from the database
This function is available only on Sybase. |
Add Role | Reconciliation | Reconciles newly added roles of existing logins in Xellerate, from the database
This function is available only on Microsoft SQL Server. |
The elements that the reconciliation module extracts from the target system in order to construct reconciliation event records are given in the following table.
Attribute Name | Oracle Database | IBM DB2 UDB | Sybase | Microsoft SQL Server |
---|---|---|---|---|
Login |
Yes | Yes | Yes | Yes |
userType |
No | Yes | No | No |
Full Name |
No | No | Yes | No |
DefaultTablespace |
Yes | No | No | No |
dbName |
No | Yes | No | No |
Roles |
Yes | No | Yes | Yes |
schemaName |
No | Yes | No | No |
tableSpaceName |
No | Yes | No | No |
User |
No | No | Yes | Yes |
Group |
No | No | Yes | No |
Database |
No | No | Yes | Yes |
The provisioning module can be divided into the following types:
The following fields are provisioned:
Login
Password
Default DB (Sybase)
Default Language
Full Name
Authentication Type
Tablespace
Datafile size (MB)
Default Role (Sybase)
DB2 Database
DB2 User Type
Default DB (SQL Server)
Role (Sybase)
Role (Oracle)
Tablespace Name
Schema Name
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Database Servers\Database User Management\Database Rev 3.1.0.zip
These files and directories are listed in the following table.
File in the Installation Media Directory | Description |
---|---|
xml\xliDBAccessLogin_DM.xml |
This XML file contains the Oracle Identity Manager components of the connector related to Database Access (Login) provisioning. These components include:
|
xml\xliDBAccessUser_DM.xml |
This XML file contains the Oracle Identity Manager components of the connector related to Database Access (User) provisioning. These components include:
|
xml\xliDBAccessScheduleTask_DM.xml |
This XML file contains the Oracle Identity Manager components of the connector related to Database Access reconciliation. These components include:
|
lib\xliDatabaseAccess.jar |
This file contains the class files required for performing provisioning and reconciliation. |
scripts\procGrantAllToUser.sql |
This file contains the code for the stored procedure that implements the Enable User function. |
scripts\procRevokeAllFromUser.sql |
This file contains the code for the stored procedure that implements the Disable User function. |
docs\B31114_01.pdf docs\html |
These are PDF and HTML versions of this guide, which provides instructions to deploy the connector. |
The "Step 4: Copying the Connector Files" section provides instructions to copy these files into the required directories.