Oracle® Identity Manager Connector Guide for Database Tables Release 9.0.1 Part Number B31115-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for database tables is used to integrate Oracle Identity Manager with database tables.
Note:
Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.This chapter contains the following sections:
The following table lists the functions that are available with this connector.
Function | Type | Description |
---|---|---|
Create User | Provisioning | Creates a user |
Delete User | Provisioning | Deletes a user |
Enable User
or Disable User |
Provisioning | Enables or disables a user |
Reset User's Password | Provisioning | Resets a user's password |
Update User's First Name | Provisioning | Updates a user's first name |
Update User's Last Name | Provisioning | Updates a user's last name |
Update User's Group | Provisioning | Updates a user's group |
Update User's Title | Provisioning | Updates a user's title |
Update User's Department | Provisioning | Updates a user's department |
Update User's Communication Language | Provisioning | Updates a user's communication language |
Update User's Logon Language | Provisioning | Updates a user's logon language |
Update User's Email Address | Provisioning | Updates a user's e-mail address |
Update User's Telephone Number | Provisioning | Updates a user's telephone number |
Update User's Time Zone | Provisioning | Updates a user's time zone |
Update User's Date Format | Provisioning | Updates a user's date format |
Update User's Role | Provisioning | Updates a user's role |
Create User (Account Discovery) | Reconciliation | Reconciles new user accounts created |
Delete User | Reconciliation | Reconciles user accounts that are deleted from the target system |
Enable User
or Disable User |
Reconciliation | Reconciles user accounts that are enabled or disabled |
Reset User's Password | Reconciliation | Reconciles user accounts with modified password |
Update User's First name | Reconciliation | Reconciles user accounts with modified first name |
Update User's Last Name | Reconciliation | Reconciles user accounts with modified last name |
Update User's Group | Reconciliation | Reconciles user accounts with modified group |
Update User's Title | Reconciliation | Reconciles user accounts with modified title |
Update User's Department | Reconciliation | Reconciles user accounts with modified department |
Update User's Communication Language | Reconciliation | Reconciles user accounts with modified communication language |
Update User's Logon Language | Reconciliation | Reconciles user accounts with modified logon language |
Update User's Email Address | Reconciliation | Reconciles user accounts found with modified e-mail address |
Update User's Telephone Number | Reconciliation | Reconciles user accounts found with modified telephone number |
Update User's Time Zone | Reconciliation | Reconciles user accounts found with modified time zone |
Update User's Date Format | Reconciliation | Reconciles user accounts with modified date format |
Update User's Decimal Notation | Reconciliation | Reconciles user accounts with modified decimal notation |
Update User's Role | Reconciliation | Reconciles user accounts found with modified role |
The reconciliation module handles the reconciliation of new, updated, and deleted profiles in the target database application. It creates a reconciliation event for each user profile to be reconciled.
The default data fields of each reconciliation event record must be taken from the configuration XML file. For reconciliation of new or updated user profiles, the default data fields are declared in the reconcileCreateUpdate
section of the XML file. For reconciliation of deleted user profiles, the default data elements are declared in the reconcileDelete
section. The reconciliation configuration XML code for reconciliation provides the flexibility for enabling or disabling the reconciliation of created, updated, and deleted users.
The following sections describe the configuration XML file content for the following reconciliation types:
The following is sample code from the configuration XML file for reconciliation of new and updated user profiles:
<operation name = "reconcileCreateUpdate" enabled="true">
<task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
<column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="primary"
required="true"
col_type="xellerate" xel_data_source="xel_usr_id" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
required="true" col_type="xellerate" xel_data_source="xel_usr_id" />
<look_up_group logic_operator="NA">
<record_lookup_key table_name="XELUSER1.MDL2_USER_PROF"
logic_operator="NA" comparison_operator=">="
col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
<record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET"
logic_operator="AND" comparison_operator=">="
col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
</look_up_group>
<look_up_group logic_operator="AND">
<record_lookup_key logic_operator="NA" comparison_operator="="
table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="primary"
required="true" col_type="join" xel_data_source="xel_usr_id" />
<record_lookup_key logic_operator="AND" comparison_operator="="
table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
required="true" col_type="join" xel_data_source="xel_usr_id" />
</look_up_group>
</task>
<task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
<column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="primary"
required="true" col_type="xellerate" xel_data_source="xel_usr_id" />
<column table_name="XELUSER1.MDL2_USER_PROF
col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60"
required="true" col_type="xellerate" xel_data_source="xel_usr_first_
name" />
<column table_name="XELUSER1.MDL2_USER_PROF"
col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60"
required="true" col_type="xellerate" xel_data_source="xel_usr_first_
name" />
<column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_LAST_NAME"
data_type="VARCHAR2" data_typ_size="60" required="true" col_
type="xellerate" xel_data_source="xel_usr_last_name" />
<column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_PASSWORD"
data_type="VARCHAR2" data_typ_size="40" required="true" col_
type="xellerate" xel_data_source="xel_usr_password" encrypt="false"
reconcile="true" encryption_impl=
"com.thortech.xl.integration.dbadapter.security.EncryptionSupportImpl
"/>
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_GROUP" data_type="VARCHAR2" data_typ_size="50"
required="true" col_type="xellerate" xel_data_source="xel_usr_group"
/>
<column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ROLE"
data_type="VARCHAR2" data_typ_size="50" required="false" col_
type="xellerate" xel_data_source="xel_usr_role" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TITLE"
data_type="VARCHAR2" data_typ_size="50" required="false" col_
type="xellerate" xel_data_source="xel_usr_title" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DEPT"
data_type="VARCHAR2" data_typ_size="50" required="false" col_
type="xellerate" xel_data_source="xel_usr_dept" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_EMAIL"
data_type="VARCHAR2" data_typ_size="60" required="false" col_
type="xellerate" xel_data_source="xel_usr_email" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_COMM_LANG" data_type="VARCHAR2" data_typ_size="50"
required="false" col_type="xellerate" xel_data_source="xel_usr_comm_
lang" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_LOGON_LANG" data_type="VARCHAR2" data_typ_size="50"
required="false" col_type="xellerate" xel_data_source="xel_usr_logon_
lang" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_TEL_NO" data_type="VARCHAR2" data_typ_size="15"
required="false" col_type="xellerate" xel_data_source="xel_usr_tel_
no" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_TIME_ZONE" data_type="VARCHAR2" data_typ_size="50"
required="false" col_type="xellerate" xel_data_source="xel_usr_time_zone" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_DATE_FMT" data_type="VARCHAR2" data_typ_size="50"
required="false" col_type="xellerate" xel_data_source="xel_usr_date_
fmt" />
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_DEC_NTN" data_type="VARCHAR2" data_typ_size="50"
required="false" col_type="xellerate" xel_data_source="xel_usr_dec_
ntn" />
<look_up_group logic_operator="NA">
<record_lookup_key table_name="XELUSER1.MDL2_USER_PROF"
logic_operator="NA" comparison_operator=">="
col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
<record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET"
logic_operator="AND" comparison_operator=">="
col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
</look_up_group>
<look_up_group logic_operator="AND">
<record_lookup_key logic_operator="NA" comparison_operator="="
table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="primary"
required="true" col_type="xellerate" xel_data_source="xel_usr_id"
/>
</look_up_group>
<look_up_group logic_operator="AND">
<record_lookup_key logic_operator="NA" comparison_operator="="
table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="primary"
required="true" col_type="join" xel_data_source="xel_usr_id" />
<record_lookup_key logic_operator="AND" comparison_operator="="
table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
required="true" col_type="join" xel_data_source="xel_usr_id" />
</look_up_group>
</task>
</operation>
In the preceding sample configuration XML, the names of the data elements are the values given for the xel_data_source
tag. You can change these names. For example, the value XEL_LAST_RECON_TIME
highlighted in bold font in the preceding sample configuration XML code. The same name is also used as the label for elements in each reconciliation event record.
The create or update reconciliation operation involves running two tasks. The first task identifies the users who have been modified or created after the last reconciliation. This returns a list of key field values for the modified and new users.
For example, if the key field to identify a user is the user ID, then this task returns a list of user IDs corresponding to the user profiles that have been modified or created after the last reconciliation.
The second task collects all required information about these users for creating the reconciliation event. The division of tasks is designed for optimal use of memory.
The lookup groups in the task help create lookup conditions for retrieving relevant data. The preceding sample configuration XML code implements the following lookup conditions:
Join the two tables in which user profile information is stored, and retrieve nonrepeated data for these users.
Perform incremental reconciliation by retrieving only those records that are modified after the last reconciliation.
The second task has one more lookup for the user ID, so that user information can be retrieved for each user ID by using the first task.
The time at which the previous reconciliation run was completed is stored in the Reconciliation Timestamp
IT resource parameter. This value is updated with the new system timestamp after the end of the current reconciliation run. This value is compared against the last updated time in the target database tables, as given in the configuration XML file. In this file, the time at which the last reconciliation run was completed is represented as XEL_LAST_RECON_TIME.
It is a connector configuration constant. You must not change it.
Note that incremental reconciliation is possible only if the target application is capable of updating the last update time in its database while modifying or creating records. If the target application does not have this feature, then you must not create the lookup group for comparing the last reconciliation time.
The following is sample code from the configuration XML file for reconciliation of users deleted from the target system:
<operation name = "reconcileDelete" enabled="true"> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select"> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <look_up_group logic_operator="NA"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join"xel_data_source="xel_usr_id"/> <record_lookup_key logic_operator="AND" comparison_ operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join xel_data_source="xel_usr_id" /> </look_up_group> </task> </operation>
Only user IDs are required for creating deletion reconciliation events. Therefore, the preceding configuration shows only the user ID as the data element to be retrieved according to the conditions given in the lookup group.
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Database Servers\Database Application Table\Database Application Table Rev 2.1.1.zip
These files and directories are listed in the following table.
The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.