The following sections provide a summary of the differences between the IDMXUser view, and views defined in Oracle Waveset.
Waveset User View |
IDMXUser View |
---|---|
password |
Not applicable |
global |
Not applicable |
update |
Not applicable |
Waveset User View |
IDMXUser View |
---|---|
waveset.form |
sys.form |
waveset.id |
sys.id |
waveset.accountId |
accountId (actual attribute name is name assigned in the schema map) |
waveset.password |
password (actual attribute name is assigned in the schema map) |
waveset.email |
email (actual name is assigned in the schema map) |
waveset.disabled |
Not applicable |
waveset.roles |
roles |
waveset.resources |
resources |
waveset.policies |
policy |
waveset.applications |
applications |
waveset.organization |
Not applicable |
waveset.organizationId |
Not applicable |
waveset.policies |
Not applicable |
waveset.adminRoles |
Not applicable |
waveset.capabilities |
Not applicable |
waveset.creator |
Not applicable |
waveset.createDate |
Not applicable |
waveset.lastModifier |
Not applicable |
waveset.lastModDate |
Not applicable |
waveset.backgroundSave |
Not applicable |
waveset.attributes |
Not applicable |
waveset.original |
Not applicable |
Waveset User View |
IDMXUser View |
---|---|
waveset.accounts |
sys.links |
waveset.accounts[].resource |
sys.links[].resource |
waveset.accounts[].id |
Not applicable |
waveset.accounts[].accountId |
sys.links[].identity |
waveset.accounts[].accountGUID |
sys.links[].guid |
waveset.accounts[].accountDisplayName |
sys.links[].displayName |
waveset.accounts[].tempId |
Not applicable |
waveset.accounts[].created |
sys.links[].created |
waveset.accounts[].disabled |
sys.links[].disabled |
waveset.accounts[].attributes |
sys.links[].attributes |
waveset.accounts[].password |
sys.links[].attributes.password |
waveset.accounts[].resourceAttributes |
Not applicable |
waveset.accounts[].properties |
Not applicable |
waveset.accounts[].templateParameters |
Not applicable |
Waveset User View |
IDMXUser View |
---|---|
accounts[] |
objects[] |
accounts[].identity |
objects[].sys.identity |
accounts[].UserDefined |
objects[].UserDefined |
accounts[Lighthouse].firstname |
firstname (attribute name assigned in schema map) |
accounts[Lighthouse].lastname |
lastname (attribute name assigned in schema map) |
accounts[Lighthouse].fullname |
fullname (attribute name assigned in schema map) |
accounts[Lighthouse].UserDefined |
UserDefined |
Waveset User View |
IDMXUser View |
---|---|
accountInfo |
info |
accountInfo.typeNames |
info.resourceTypes |
accountInfo.types |
Not applicable |
accountInfo.accounts |
info.objects |
accountInfo.accounts[Lighthouse] |
info.master |
Waveset User View |
IDMXUser View |
---|---|
selectAll |
Not applicable |
resourceAccounts.currentResourceAccounts |
objects |
resourceAccounts.tobeCreatedResourceAccounts |
info.objects |
resourceAccounts.tobeDeletedResourceAccounts |
info.objects |
resourceAccounts.currentResourceAccounts[].attributes |
objects[] |
resourceAccounts.currentResourceAccounts[].selected |
Not applicable |
The mappings for info.objects are functionally similar to their resource accounts views counterparts, but they are not structurally similar.
In general, in Waveset, the resource accounts views operate by setting the selected attribute in the currentResourceAccounts list to true, which will then have different behavior for each view type.
In Service Provider, accounts are not selected with a boolean attribute. Instead, each operation has an action attribute that is initially null, and when set, triggers the operation.
All resource accounts views provide a way to update arbitrary account attributes in addition to performing an operation.
Most allow attributes to be placed in:
resourceAccounts.currentResourceAccounts[].attributes
The Rename view uses:
accounts[]
In the IDMXUser view, you always place attributes you want to modify in:
objects[]
The desired password is simply set in the following attributes:
password objects[].password
There is no automatic synchronization of passwords from the top level password attribute to the password attribute on the individual resource accounts. To pre-expire the password, set the following attributes:
sys.expirePassword objects[].sys.expirePassword
In Waveset, accounts are enabled or disabled by checking out the Enable or Disable view and setting the value of
resourceAccounts.currentResourceAccounts[].selected to true.
In the IDMXUser view, you set the following action attributes to true or false.
sys.disable objects[].sys.disable
In the Waveset Rename view, the new name is specified in the top-level field newAccountId, which is then propagated to those resource accounts selected in the currentResourceAccounts list. In the IDMXUser view, renames are requested by setting the following attributes to the desired identity, which for LDAP resources must be the full DN.
sys.newIdentity objects[].sys.newIdentity
The Waveset deprovision view has a complex structure designed for use with interactive forms. The three operations that may be requested through this view are:
unassign. Removes the assignment and deletes the account.
unlink. Removes the account link without deleting.
delete. Deletes the account, but leave the assignment.
In the IDMXUser view, you perform an unassign simply by removing a name from the roles, resources, or applications lists.
To perform an unlink, you may remove an object from the sys.links list, or set the following action attribute to true:
objects[].sys.unlink
To perform a delete without unassigning set the following command attribute to true.
objects[].sys.delete
To delete the directory user, set the following attribute to true:
sys.delete