IDM Schema Configuration Object
You configure User and Role extended, queryable, and summary attributes in the IDM Schema Configuration configuration object.
Note –
The schema customizations provided in the IDM ObjectClass Configuration object are loaded at server startup. Whenever you modify the schema, you must restart the server to load the changes.
Waveset records any problems loading the schema in the system log messages. Use one of the following methods to view these messages:
-
Run the lh syslog command
-
Run the ’Recent System Messages’ report from the IDM Administrator Interface (Reports tab)
A sample of the schema can be found in the schema.xml file in the sample directory.
Edit the IDM Schema Configuration configuration object to add extended attributes to multiple object types during deployment. Specifically, you can
-
Configure extended, queryable and summary attributes for Users, Roles, Business Roles, IT Roles, Application Roles, Asset Roles, and any custom roles
-
Mark extended and built-in attributes as queryable or summary
Note –
The IDM Schema Configuration object is protected with the IDMSchemaConfig authType.
Administrators needing to view or edit the Waveset schema for Users or Roles must have the IDMSchemaConfig AdminGroup (capability) assigned. The Configurator user has this AdminGroup assigned by default.
Adding an Extended Attribute to an Object
To add an extended attribute, you must define the attribute with an IDMAttributeConfiguration (unless the attribute is a built-in attribute).
IDMAttributeConfigurations require a name and syntax. The valid syntax options are BOOLEAN, DATE, INT, or STRING. Optionally, an IDMAttributeConfiguration can specify whether the attribute is multi-valued, and can provide a display name (currently not used), and a description.
To add an extended attribute, or mark an attribute (either extended or built-in) as queryable or summary, specify an IDMObjectClassAttributeConfiguration in the appropriate IDMObjectClassConfiguration, such as User. You must specify a name that matches an existing (built-in or configured in the same configuration object) IDMAttributeConfiguration. You can also mark the IDMObjectClassAttributeConfiguration as queryable or summary.
In the following example, firstname, lastname, and fullname are extended attributes. The firstname and lastname User attributes are queryable and summary, but fullname is not.
Example 12–1 Extended Attributes Example
<?xml version=’1.0’ encoding=’UTF-8’?> <!DOCTYPE Waveset PUBLIC ’waveset.dtd’ ’waveset.dtd’> <Waveset> <Configuration name="IDM Schema Configuration" id=’#ID#Configuration:IDM_Schema_Configuration’ authType=’IDMSchemaConfig’> <IDMSchemaConfiguration> <IDMAttributeConfigurations> ... <IDMAttributeConfiguration name=’firstname’ description=’User’s first name’ syntax=’STRING’/> <IDMAttributeConfiguration name=’lastname’ description=’User’s last name’ syntax=’STRING’/> <IDMAttributeConfiguration name=’fullname’ description=’User’s full name’ syntax=’STRING’/> ... </IDMAttributeConfigurations> <IDMObjectClassConfigurations> ... <IDMObjectClassConfiguration name=’User’ extends=’Principal’> ... <IDMObjectClassAttributeConfiguration name=’firstname’ queryable=’true’ summary=’true’/> <IDMObjectClassAttributeConfiguration name=’lastname’ queryable=’true’ summary=’true’/> <IDMObjectClassAttributeConfiguration name=’fullname’/> ... </IDMObjectClassConfiguration> </IDMObjectClassConfigurations> </IDMSchemaConfiguration> </Configuration> </Waveset> |
Note –
To prevent potential conflicts with new core attributes in future releases of Oracle Waveset, prefix extended attributes with a deployment-specific prefix.
For example, to add an extended attribute to User to record the employeeNumber, prefer a prefix associated with the company, such as acme_employeeNumber. If a future release of Waveset incorporates a built-in user attribute named employeeNumber, the two attributes will remain distinct. Otherwise the built-in attribute takes precedence.
Extending the Role Object Class
You can extend Role using an IDMObjectClassConfiguration. The following built-in Role extensions all extend the Role object class:
-
BusinessRole
-
ITRole
-
AssetRole
-
ApplicationRole
To add an extended attribute to a particular role extension, such as AssetRole, add the IDMObjectClassAttributeConfiguration to the AssetRole IDMObjectClassConfiguration. To add an extended attribute to all kinds of roles, add the IDMObjectClassAttributeConfiguration to the Role IDMObjectClassConfiguration, and it will be inherited by all extensions of Role.
You can define custom extensions of Role or any extension of Role. For example, to add a custom extension of AssetRole, define a new IDMObjectClassConfiguration (in the IDM Schema Configuration) for the new role, and use the extends field to specify the parent role, as shown in the following example:
<IDMObjectClassConfiguration name=’MyAssetRole’
extends=’AssetRole’
description=’My Asset Role Description’/>
|
When you add a new Role objectclass, you must add a new Role type to the Role Configuration object. In addition, the new Role type’s name must match the name of the new Role objectclass. For more information, see Role Configuration Object.
- © 2010, Oracle Corporation and/or its affiliates