1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for database access is used to integrate Oracle Identity Manager with various databases.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality
Reconciliation Module
Provisioning Module
Files and Directories That Comprise the Connector

Supported Functionality

This section discusses the functionality supported by the connector.

Function	Type	Description
Provisioning process 1: Database Access (Login)
Create Login	Provisioning	Creates a login in the database
Delete Login	Provisioning	Deletes a provisioned login
Enable Login	Provisioning	Enables a disabled login
Disable Login	Provisioning	Disables a login
Default DB Updated	Provisioning	Updates the configuration of a login in the database according to a change in the Default DB Updated attribute This function is available only on: Sybase Microsoft SQL Server You must add appropriate lookup codes (corresponding to valid database names) in the following lookup definitions: UD_Lookup.DB_Dbnames: For example, if a database named `master` exists on the target Sybase server, then the following entry must be added as the lookup code: Code Key: `master` Decode: `master` Lang: `en` Country: `US` UD_Lookup.DB_Dbnames-sql: For example, if a database named `model` exists on the target Microsoft SQL Server, then the following entry must be added as the lookup code: Code Key: `model` Decode: `model` Lang: `en` Country: `US`
Full Name Updated	Provisioning	Updates the configuration of a login in the database according to a change in the Full Name attribute This function is available only on: Sybase Microsoft SQL Server
Default Role Updated	Provisioning	Updates the configuration of a login in the database according to a change in the Default Role attribute This function is available only on Sybase. This function works if the relevant role is already assigned to the Sybase login. You must add appropriate lookup codes (corresponding to valid roles) in the following lookup definition: Lookup.DB Role: For example, if a role named `oper_role` exists on the target Sybase database, then the following entry must be added as the lookup code: Code Key: `oper_role` Decode: `oper_role` Lang: `en` Country: `US`
Default Language Updated	Provisioning	Updates the configuration of a login in the database according to a change in the Default Language attribute This function is available only on: Sybase Microsoft SQL Server You must add appropriate lookup codes (corresponding to valid roles) in the following lookup definition: UD_Lookup.Def_Lang: For example, if a language named `us_English` exists on the target Sybase or Microsoft SQL Server database, then the following entry must be added as the lookup code: Code Key: `us_english` Decode: `us_english` Lang: `en` Country: `US`
Password Updated	Provisioning	Updates the configuration of a login in the database according to a change in the Password Updated attribute This function is run when the password in a process form is changed. For Sybase: The password must contain at least 6 characters. If no input is provided in the Password field of the process form, then the provisioned user is assigned a password with the same value as the user login.
Add Role	Provisioning	Adds a role to an existing login in the database This function is available only on: Sybase Oracle Database The required role must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid role names) in the following lookup definitions: Lookup.DB Role: For example, if a role named `oper_role` exists on the target Sybase database, then the following entry must be added as the lookup code: Code Key: `oper_role` Decode: `oper_role` Lang: `en` Country: `US` Lookup.DB Role-Oracle: For example, if a role named `DBA` exists on the target Oracle Database, then the following entry must be added as the lookup code: Code Key: `DBA` Decode: `DBA` Lang: `en` Country: `US`
Revoke Role	Provisioning	Revokes a role from an existing login in the database This function is available only on: Sybase Oracle
Add Tablespace	Provisioning	Adds a tablespace to an existing login in the database This function is available only on IBM DB2 UDB. The required tablespace must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid tablespaces) in the following lookup definition: UD_Lookup.DB_Tablespacenames: For example, if a tablespace named `tb_xel` exists on the target IBM DB2 UDB database, then the following entry must be added as the lookup code: Code Key: `tb_xel` Decode: `tb_xel` Lang: `en` Country: `US`
Delete Tablespace	Provisioning	Revokes a tablespace from an existing login in the database This function is available only on IBM DB2 UDB.
Add Schema	Provisioning	Adds a schema to an existing login in the database This function is available only on IBM DB2 UDB. The required schema must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid schema names) in the following lookup definition: UD_Lookup.DB_Schemas: For example, if a schema named `xeltest` exists on the target IBM DB2 UDB database, then the following entry must be added as the lookup code: Code Key: `xeltest` Decode: `xeltest` Lang: `en` Country: `US`
Delete Schema	Provisioning	Revokes a schema from an existing login in the database This function is available only on IBM DB2 UDB.
Trusted Reconciliation for Login	Reconciliation	Creates Xellerate Login accounts with respect to the reconciled logins from the database
Create Login	Reconciliation	Reconciles logins from the database This function is available only on: Sybase Microsoft SQL Server
Update Login	Reconciliation	Reconciles attributes of logins existing in Xellerate, from the database This function is available only on: Sybase Microsoft SQL Server
Default DB Updated	Reconciliation	This function is available only on: Sybase Microsoft SQL Server
Full Name Updated	Reconciliation	This function is available only on: Sybase Microsoft SQL Server
Default Role Updated	Reconciliation	This function is available only on: Sybase Microsoft SQL Server
Default Language Updated	Reconciliation	This function is available only on: Sybase Microsoft SQL Server
Add Role	Reconciliation	Reconciles newly added roles of logins existing in Xellerate, from the database This function is available only on: Sybase Oracle
Add Tablespace	Reconciliation	Reconciles newly added tablespaces of existing logins in Xellerate, from the database This function is available only on IBM DB2 UDB.
Add Schema	Reconciliation	Reconciles newly added schemas of existing logins in Xellerate, from the database This function is available only on IBM DB2 UDB.
Provisioning process 2 : Database Access (User)
Create User	Provisioning	Creates a user with respect to an existing login in the database This function is available only on: Sybase Microsoft SQL Server While running this function, you must provide the required entry in the DB Name field. The required schema must be defined and valid on the target system. You must add appropriate lookup codes (corresponding to valid schema names) in the following lookup definitions: UD_Lookup.DB_Dbnames: For example, if a database named `master` exists on the target Sybase server, then the following entry must be added as the lookup code: Code Key: `master` Decode: `master` Lang: `en` Country: `US` UD_Lookup.DB_Dbnames-sql: For example, if a database named `model` exists on the target Microsoft SQL Server, then the following entry must be added as the lookup code: Code Key: `model` Decode: `model` Lang: `en` Country: `US`
Delete User	Provisioning	Deletes a provisioned user with respect to an existing login in the database This function is available only on: Sybase Microsoft SQL Server This function can be run by running the Revoke Request function using the Request form in Oracle Identity Manager.
Disable User	Provisioning	Disables an existing user in the database This function is available only on Sybase. This function revokes access to all tables for the specified user.
Enable User	Provisioning	Enables a disabled existing user in the database This function is available only on Sybase. The provisioned account has default access to only a particular set of tables. This function grants all types of access privileges to the account for all system- and user-defined tables that are there in the specified database.
DB Group Updated	Provisioning	Updates the configuration of a user in the database according to a change in the DB Group attribute This function is available only on Sybase. If no input is provided in the User Group field of the process form, then the provisioned user is added to the default group, `public,` in the Sybase database. The required group must be defined and valid in the Sybase database. You must add appropriate lookup codes (corresponding to valid group names) in the following lookup definition: UD_Lookup.DB_Group: For example, if a group named `Managers` exists on the target Sybase database, then the following entry must be added as the lookup code: Code Key: `Managers` Decode: `Managers` Lang: `en` Country: `US`
Add Role	Provisioning	Adds a role to an existing user in the database This function is available only on Microsoft SQL Server. The required role must be defined and valid on the target Microsoft SQL Server database. You must add appropriate lookup codes (corresponding to valid role names) in the following lookup definition: Lookup.DB Role-MSSQL: For example, if a role named `db_datawriter` exists on the target Sybase database, then the following entry must be added as the lookup code: Code Key: `db_datawriter` Decode: `db_datawriter` Lang: `en` Country: `US`
Revoke Role	Provisioning	Revokes a role from an existing user in the database This function is available only on Microsoft SQL Server.
Create User	Reconciliation	Reconciles users for a login, from the database This function is available only on: Sybase Microsoft SQL Server
DB Group Updated	Reconciliation	Reconciles updated DB Group attribute of existing user in Xellerate from the database This function is available only on Sybase.
Add Role	Reconciliation	Reconciles newly added roles of existing logins in Xellerate, from the database This function is available only on Microsoft SQL Server.

Reconciliation Module

The elements that the reconciliation module extracts from the target system in order to construct reconciliation event records are given in the following table.

Attribute Name	Oracle Database	IBM DB2 UDB	Sybase	Microsoft SQL Server
`Login`	Yes	Yes	Yes	Yes
`userType`	No	Yes	No	No
`Full Name`	No	No	Yes	No
`DefaultTablespace`	Yes	No	No	No
`dbName`	No	Yes	No	No
`Roles`	Yes	No	Yes	Yes
`schemaName`	No	Yes	No	No
`tableSpaceName`	No	Yes	No	No
`User`	No	No	Yes	Yes
`Group`	No	No	Yes	No
`Database`	No	No	Yes	Yes

Provisioning Module

The provisioning module can be divided into the following types:

DB Login Provisioning

The following fields are provisioned:

Login
Password
Default DB (Sybase)
Default Language
Full Name
Authentication Type
Tablespace
Datafile size (MB)
Default Role (Sybase)
DB2 Database
DB2 User Type
Default DB (SQL Server)
Role (Sybase)
Role (Oracle)
Tablespace Name
Schema Name

DB User Provisioning

The following fields are provisioned:

DB User
DB Name (Sybase)
DB Group
DB Parent Login
Authentication Type
DB Name (SQL Server)
Role (SQL Server)

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Database Servers\Database User Management\Database Rev 3.1.0.zip

These files and directories are listed in the following table.

File in the Installation Media Directory	Description
xml\xliDBAccessLogin_DM.xml	This XML file contains the Oracle Identity Manager components of the connector related to Database Access (Login) provisioning. These components include: Database Access (Login) IT resource type Custom Process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules
xml\xliDBAccessUser_DM.xml	This XML file contains the Oracle Identity Manager components of the connector related to Database Access (User) provisioning. These components include: Database Access (User) IT resource type Custom process form Process task and adapters (along with their mappings) User resource object Provisioning process Pre-populate rules
xml\xliDBAccessScheduleTask_DM.xml	This XML file contains the Oracle Identity Manager components of the connector related to Database Access reconciliation. These components include: Reconciliation task Reconciliation task attributes
lib\xliDatabaseAccess.jar	This file contains the class files required for performing provisioning and reconciliation.
scripts\procGrantAllToUser.sql	This file contains the code for the stored procedure that implements the Enable User function.
scripts\procRevokeAllFromUser.sql	This file contains the code for the stored procedure that implements the Disable User function.
docs\B31114_01.pdf docs\html	These are PDF and HTML versions of this guide, which provides instructions to deploy the connector.

The "Step 4: Copying the Connector Files" section provides instructions to copy these files into the required directories.