Data Storage

Sun Identity Manager repository stores configuration object data in the following tables:

This is not a comprehensive list of tables; only relevant tables are listed here.

• object. Stores most of the Identity Manager application’s configuration objects, which include:

  • SystemConfiguration objects

  • TaskDefinition objects

  • WorkItem objects

  • Form objects

  • Resource objects

• task. Stores TaskInstances and WorkItems (in other words, the nonstatic instances of Workflows).

• org. Stores all Identity Manager organizational information.

• userobj. Stores all the Identity Manager enterprise identities. These identities are simply containers for accounts on managed systems.

• account. Stores the accounts identified on a managed system.

  ---

  Note –

  This is the table being referenced when someone “builds the account index.” Each managed system has a set number of accounts in this table after reconciliation or account linking.

  ---

• log. Stores all audit events and log type information.

A key concept to understand in the Identity Manager repository is that all data is stored in two ways, where each table has indexed and keyed columns used to query objects and each table has an XML column used to store the entire ASCII representation of the object (depending on the database engine this is typically a BLOB or MEDIUM TEXT data type). Identity Manager stores data in this way because all Identity Manager objects are de-serialized from Java objects to ASCII XML for storage in the repository.

The application, at a high level, queries by the indexed columns, pulls back XML ASCII text and then serializes the XML into Java objects. These objects are usually made available through the use of views (such as User view and Password view).

Object Naming Conventions

Do not use the following characters in any Identity Manager object names:

Avoid using other special characters in object names, such as the following, to prevent potential errors: