Documentation Additions and Corrections

Previous Next
Sun Java[TM] System Identity Manager 7.0 Release Notes

Documentation Additions and Corrections

This section contains new and corrected information that was required after the Identity Manager 7.0 documentation set was published. This information is organized as follows:

Identity Manager Installation

Identity Manager Upgrade

Identity Manager Administration Guide

Identity Manager Resources Reference

Identity Manager Technical Deployment Overview

Identity Manager Workflows, Forms, and Views

Identity Manager Deployment Tools

Identity Manager Tuning, Troubleshooting, and Error Messages

Identity Manager Service Provider Edition Deployment

Using helpTool

Identity Manager Installation

This section provides new information and documentation corrections related to Sun Java™ System Identity Manager Installation.

What’s New?

The following new information was added to Identity Manager Installation:

Because Identity Auditor and Identity Manager SPE have been merged into Identity Manager, the installation procedures for these former products have been removed.

Added a chapter that describes how to install Identity Manager on a JBoss application server.

Updates

This section provides corrected information for Identity Manager Installation:

In Chapter 1, “Before You Install”, MySQL 5.0 should be listed as a supported repository. Tomcat 5.5 should be listed as a supported application server.

In Chapter 12, “Uninstalling Applications”, step 3 of the section titled “On UNIX” should read as follows:

3. Enter the following command:

   JAVA uninstall_Sun_Java_System_Identity_Manager

Identity Manager Upgrade

This section provides new information and documentation corrections for Sun Java™ System Identity Manager Upgrade.

What’s New?

The following new information was added to the Identity Manager Upgrade:

Instructions for upgrading Identity Manager 6.0 and 7.0 repository schemas are provided in the “Deploying the Upgrade in a Test Environment” section of Chapter 3, “Upgrading Identity Manager in a Test Environment.”

Instructions for upgrading TaskDefinition objects in a production environment are provided in the “Changing TaskDefinition Objects in Production” section of Chapter 4, “Upgrading Identity Manager in the Production Environment.”

Updated information describing recommended upgrade paths and the End of Service life policy for Identity Manager software products is provided in the “Upgrade Paths and End of Service Life” section of Chapter 1, “Overview of the Upgrade Process.”

Identity Manager Administration Guide

This section provides new information and documentation corrections for Sun Java™ System Identity Manager Administration.

What’s New?

With the merging of several publications (Identity Auditor Administration, Identity Manager Service Provider Edition Administration Addendum, and Identity Manager Audit Logging) into the Identity Manager Administration guide several new chapters have been added in this edition.

The following information is new in the Identity Manager Administration guide:

Chapter 4: Configuration

A new section was added to describe the new Bulk Resource Actions and to describe the Global Resource Policy.

Chapter 5: Administration

Information about understanding and managing admin roles and capabilities has moved from the Configuration chapter to the Administration chapter.

Chapter 7: Reporting

New information about using dashboards to group and view graphical reports (previously available in the Identity Manager Service Provider Edition Administration Addendum) has been added to this chapter. Also the types of reports is updated to include Auditor Reports.

Chapter 11, Identity Auditing

This new chapter describes the identity auditing features now available in Identity Manager. This chapter explains how to conduct identity audits and access reviews, and manage user compliance.

Chapter 12, Audit Logging

The Audit Logging information is now included in the Identity Manager Administration guide. Also, the tables listing supported data schema values in the Audit Log have been moved to Appendix C, Audit Log Database Schema.

Chapter 13, Service Provider Administration

This new chapter describes how to configure the Service Provider features in Identity Manager and administer service provider users (a new type of user in Identity Manager).

Appendix D, Active Sync Wizard

The Active Sync Wizard is deprecated in version 7.0. The instructions for using the Active Sync Wizard to configure synchronization have moved to Appendix D. Synchronization is now configured using the synchronization policy, as described in Configuring Synchronization in Chapter 6, Data Synchronization and Loading.

Updates

This section provides corrections to the Identity Manager Administration documentation:

Identity Manager now provides several new events that can be tracked and displayed as graphs or charts:

Provisioner Execution Counts: Tracks how many Provisioner operations occurred (by operation type).

Provisioner Execution Duration: Tracks the duration of each Provisioner operation (by operation type).

Resource Operation Count: Tracks the number of resource operations.

Resource Operation Duration: Tracks the duration of a resource operation.

Workflow Duration: Tracks how long it took to execute a workflow.

Provisioner Execution Duration: Tracks the number of times each workflow is executed.

You select these events from the Tracked Event menu that displays on the Dashboard Graph page when you create a Dashboard Graph:

From the Identity Manager administrative interface, select Reports > Dashboard Graphs.

Scroll to the bottom of the Dashboard Graphs and click New to create a new dashboard graph.

Enter a name in Graph Name field, and then select IDM from the Registry menu.

When the Tracked Event menu displays, you can select one of these events from the menu.

Different parameters are required for each of these tracked events. Provide the required parameters and then select Save.

Start some workflows and verify that the expected information is reflected in the Dashboard Graph.

Chapter 2, Getting Started

The Requests option described in the Identity Manager User Interface section should read as follows:

Requests — Submit requests for updates to user account resource assignments and role assignments.

Chapter 3, User and Account Management

Two new User Actions are now available from the Accounts > List Accounts tab related to identity auditing:

View Compliance Violation Log — view compliance violations logged in the audit log for a selected user.

You can select a timeline or specify a date or date range for the log entries you want to view. You can also specify an email report. However, be aware that sensitive information, such as account IDs or account history may be exposed in the email. If preferred, you can override the default PDF options for the report.

View Compliance Status — view information about the current status of compliance activities for a selected user. This action reports the data and time of the last audit policy scan, the assigned audit policies, and details about policy exemptions and violations for the user.

These options were previously available in Identity Auditor from the Compliance > User tab.

Chapter 6, Data Synchronization and Loading

You can now apply Identity Attributes during a load operation.

To enable the ability to apply identity attributes during a load operation, add Load from File or Load from Resource to the list of enabled applications for the Identity Attributes.

When enabled, the load operation does not display the following options:

User Form

Update Attributes

Merge Attributes

If you select the Update Accounts option, then all identity attributes are processed fully and accounts are reprovisioned. Otherwise, only attributes that are sourced from the file, or from the resource, being loaded and that flow to the Identity user are processed.

Chapter 9, Password Sync

Configuring a JMS Listener Adapter for Password Sync is now done through the Meta View, instead of using the Active Sync Wizard.

To configure a JMS Listener Adapter for Password Sync, do the following:

Log in to the Identity Manager Administrative Interface.

Click Meta View > Identity Attributes.

Add the following attributes:

accountID — Select this attribute in the Attribute Name field and then select the IDMAccountid attribute from the JMS resource.

password — Select this attribute in the Attribute Name field and then select the password attribute from the JMS resource.

Set the Attribute Properties as appropriate. For more information about setting attribute properties, see “Adding and Editing Identity Attributes” in Chapter 3 of the Identity Manager Administration guide.

Specify Targets as appropriate. For example, you can add LDAP targets if desired, or edit the conditions for the target attributes.

Click OK to return to the Identity Attributes page.

In the Enabled Applications area, select the Active Sync application.

Click Save.

Follow the instructions in “Configuring Synchronization” for Active Sync adapters in Chapter 6 of Identity Manager Administration to configure synchronization for the JMS Listener adapter.

Chapter 11, Identity Auditing

The following note was omitted from the Attestation Security section of the Identity Auditing chapter:

Note: If security on Attestations is set to organization controlled, then the Auditor Attestor capability is also required to modify another user's attestations.

The correct value for the escalation timeout default value, stated in the section titled “Adjust Escalation Timeouts,” is 7 days.

Identity Manager Resources Reference

This section contains new information and documentation corrections for the Sun Java™ System Identity Manager Resources Reference:

What’s New?

The following new information was added to the Identity Manager Resources Reference:

BridgeStream SmartRoles adapter

Scripted JDBC adapter

Realm support in Sun Java System Access Manager

Updates

The Provisioning Notes table for the Shell Script adapter should state that enabling and disabling accounts is supported.

Identity Manager Technical Deployment Overview

This section contains new information and documentation corrections for Sun Java™ System Identity Manager Technical Deployment Overview:

What’s New?

The following new information was added to Identity Manager Technical Deployment Overview:

Discussion of how to handle multiple accounts for a single Identity Manager user on a resource (Appendix C, Assigning Multiple Accounts per User to a Resource)

Updates to the procedures for private labelling of the product interfaces. (Chapter 5., Private Labelling of Identity Manager)

Discussion of how to create a link on the login page for each available language (Appendix B, Enabling Internationalization)

Updates

This section provides corrections to Identity Manager Technical Deployment Overview:

You can use CSS to set column widths in the User list and Resource list tables to a fixed pixel or percentage value. To do so, add the following style classes (commented out by default) to customStyle.css. You can then edit the values to meet the user's requirements.

th#UserListTreeContent_Col0 {
  width: 1px;
}

th#UserListTreeContent_Col1 {
  width: 1px;
}

th#UserListTreeContent_Col2 {
  width: 50%;
}

th#UserListTreeContent_Col3 {
  width: 50%;
}

th#ResourceListTreeContent_Col0 {
  width: 1px;
}

th#ResourceListTreeContent_Col1 {
  width: 1px;
}

th#ResourceListTreeContent_Col2 {
  width: 33%;
}

th#ResourceListTreeContent_Col3 {
  width: 33%;
}

th#ResourceListTreeContent_Col4 {
  width: 33%;
}

You can also resize table columns by clicking and dragging the right border of the column header. If you mouse over the right border of the column header, the cursor will change to a horizontal resize arrow. Left-click and drag the cursor will resize the column. (Resizing ends when you release the mouse button.)

The System Configuration object now contains the security.delegation.historyLength attribute, which controls the number of previous delegations that are recorded.

The Access Review Dashboard and Access Review Detail Report both show instances of reviews that are recorded in the audit logs. Without database maintenance, the audit logs are never trimmed, and the list of reviews grows. Identity Manager provides the ability to limit the reviews shown to a certain age range. To change this limit, you must customize compliance/dashboard.jsp (for the dashboard) and sample/auditortasks.xml (for the Details report). (The default is to show only reviews that are less than 2 years old.)

To restrict the reviews included in the Access Review Dashboard, customize compliance/dashboard.jsp as follows:

Open compliance/dashboard.jsp in either the Identity Manager IDE or editor of your choice:

Change the line: form.setOption("maxAge", "2y"); to form.setOption("maxAge", "6M"); to limit the list to reviews run in the last 6 months. The qualifiers are:

m - minute

h - hour

d - day

w - week

M - month

y - year

To show all reviews that still exist in the audit logs, comment out this line.

To restrict the reviews included in the Access Review Detail Report,

Open sample/auditortasks.xml in either the IDE or editor of your choice.

Change the following line as indicated:

<s>maxAge</s>
  <s>2y</s>

to

<s>maxAge</s>
  <s>6M</s>

to limit reviews to the last 6 months. The same qualifiers as above apply.

Each Periodic Access Review includes a set of UserEntitlement records that were created when the review was run. These records, which accumulate over time, provide valuable historical information about accounts. However, to conserve database space, consider deleting some records. You can delete a record by executing Server Task > Run Task > Delete Access Review. Deleting a review adds new audit log entries that indicate the review is deleted, and deletes all UserEntitlement records associated with the review, which conserves database space.

In the section “ Changing Background Image on the Login Page”chapter 5, the third line of code should read:

url(../images/other/login-backimage2.jpg)

Code Example 5-5 contains information that should appear in Code Example 5-4. Code Example 5.4 should be as follows:

Code Example 5.4  Customizing Navigation Tabs

/* LEVEL 1 TABS */

.TabLvl1Div {

  background-image:url(../images/other/dot.gif);

  background-repeat:repeat-x;

  background-position:left bottom;

  background-color:#333366;

  padding:6px 10px 0px;

}

a.TabLvl1Lnk:link, a.TabLvl1Lnk:visited {

  display:block;

  padding:4px 10px 3px;

  font: bold 0.95em sans-serif;

  color:#FFF;

  text-decoration:none;

  text-align:center;

}

table.TabLvl1Tbl td {

  background-image:url(../images/other/dot.gif);

  background-repeat:repeat-x;

  background-position:left top;

  background-color:#666699;

  border:solid 1px #aba1b5;

}

table.TabLvl1Tbl td.TabLvl1TblSelTd {

  background-color:#9999CC;

  background-image:url(../images/other/dot.gif);

  background-repeat:repeat-x;

  background-position:left bottom;

  border-bottom:none;

}

/* LEVEL 2 TABS */

.TabLvl2Div {

  background-image:url(../images/other/dot.gif);

  background-repeat:repeat-x;

  background-position:left bottom;

  background-color:#9999CC;

  padding:6px 0px 0px 10px

}

a.TabLvl2Lnk:link, a.TabLvl2Lnk:visited{

  display:block;

  padding:3px 6px 2px;

  font: 0.8em sans-serif;

  color:#333;

  text-decoration:none;

  text-align:center;

}

table.TabLvl2Tbl div.TabLvl2SelTxt {

  display:block;

  padding:3px 6px 2px;

  font: 0.8em sans-serif;

  color:#333;

  font-weight:normal;

  text-align:center;

}

table.TabLvl2Tbl td {

  background-image:url(../images/other/dot.gif);

  background-repeat:repeat-x;

  background-position:left top;

  background-color:#CCCCFF;

  border:solid 1px #aba1b5;

}

table.TabLvl2Tbl td.TabLvl2TblSelTd {

  border-bottom:none;

  background-image:url(../images/other/dot.gif);

  background-repeat:repeat-x;

  background-position:left bottom;

  background-color:#FFF;

  border-left:solid 1px #aba1b5;

  border-right:solid 1px #aba1b5;

  border-top:solid 1px #aba1b5;

Code Example 5.5 should be as follows:

Code Example 5.5  Changing Tab Panel Tabs

table.Tab2TblNew td {background-image:url(../images/other/dot.gif);background-repeat:repeat-x;background-positi on:left top;background-color:#CCCCFF;border:solid 1px #8f989f}

table.Tab2TblNew td.Tab2TblSelTd {border-bottom:none;background-image:url(../images/other/dot.gif);background-repeat:repeat- x;background-position:left bottom;background-color:#FFF;border-left:solid 1px #8f989f;border-right:solid 1px #8f989f;border-top:solid 1px #8f989f}

Identity Manager Workflows, Forms, and Views

This section contains new information and documentation corrections for Sun Java™ System Identity Manager Workflows, Forms, and Views.

What’s New?

The following new information was added to Identity Manager Workflows, Forms, and Views:

Discussion about the getSubordinates FormUtil method (Chapter 4, FormUtil Methods).

Improved discussion of the <set> XPRESS function and related functions (Chapter 6, XPRESS Language).

Discussion of the inlineAlert HTML display component (Chapter 8, HTML Display Components).

Discussion of how to turn off the automatic linking of existing accounts (Chapter 3, Identity Manager Forms).

Updates

This section provides corrections to the Identity Manager Workflows, Forms, and Views documentation:

You can turn off policy checking in your user form by adding the following field to the form:

<Field name='viewOptions.CallViewValidators'>

  <Display class='Hidden'/>

    <Expansion>

        <s>false</s>

    </Expansion>

</Field>

This field overrides the value in the OP_CALL_VIEW_VALIDATORS field of modify.jsp.

The Identity Manager User Interface pages include a second XPRESS form that implements the navigation bar. As a result, the rendered page contains two <FORM> tags, each with a different name attribute:

<form name="endUserNavigation"> and <form name="mainform">

To avoid potential confusion between these two <FORM> elements, make sure you use the name attribute as follows to distinguish which <FORM> you are referencing: document.mainform or document.endUserNavigation.

The discussion of the Field element in Chapter 3, Identity Manager Forms, should contain the following description of the confirm attribute.

confirm - Use to ensure that the values of two fields match when the form is submitted. The value of this attribute should be the name of another field defined in the form whose value this field is expected to match.

Identity Manager Deployment Tools

This section contains new information and documentation corrections for the Sun Java™ System Identity Manager Deployment Tools:

What’s New?

The following new information was added to the Identity Manager Deployment Tools:

Added several new rules, related to Periodic Access Review, to the “Working with Rules” chapter.

Moved instructions for creating and editing rules using the BPE from Chapter 2, “Working with Rules” into a new “Creating and Editing Rules” section in Appendix A, “Using the Identity Manager BPE.”

New Chapter 1, “Using the Identity Manager IDE” describes how to install and use the new Identity Manager Integrated Development Environment (Identity Manager IDE).

This Java application is a a fully integrated NetBeans plugin that enables you to view, customize, and debug Identity Manager objects in your deployment. The Identity Manager IDE was designed to replace Identity Manager’s Business Process Editor (BPE) application.

Changed existing “Using the Identity Manager BPE” chapter into an appendix.

New Chapter 8, “Using SPML 2.0 with Identity Manager Web Services” describes the new SPML 2.0 support in Identity Manager; including which features are supported and why, instructions for configuring SPML 2.0 support, and how to extend support in the field.

Identity Manager Tuning, Troubleshooting, and Error Messages

This section provides new information and documentation corrections for Sun Java™ System Identity Manager Tuning, Troubleshooting, and Error Messages.

What’s New?

The following new information was added to the Identity Manager Tuning, Troubleshooting, and Error Messages:

Information about tracing authorization flows when listing or accessing Service Provider Users and when assigning AdminRoles during Service Provider User login. See the new “SPE Delegated Administration Tracing” section in Chapter 2, “Troubleshooting and Tracing.”

Instructions explaining how to view SystemLog reports are provided in the “Viewing SystemLog Reports” section of Chapter 3, “Errors and Exceptions.”

Information about new error messages format/presentation are provided in the “Overview” section of Chapter 3, “Errors and Exceptions.”

Updates

Some tasks have been moved from the adapter to the task package. Update these paths if you have tracing enabled for any of the following tasks, or if you have customized task definitions referencing these packages.

Old package name

New package name

com.waveset.adapter.ADSyncFailoverTask

com.waveset.task.ADSyncFailoverTask

com.waveset.adapter.ADSyncRecoveryCollectorTask

com.waveset.task.ADSyncRecoveryCollectorTask

com.waveset.adapter.SARunner

com.waveset.task.SARunner

com.waveset.adapter.SourceAdapterTask

com.waveset.task.SourceAdapterTask

Identity Manager Service Provider Edition Deployment

This section provides new information and documentation corrections for Sun Java™ System Identity Manager SPE Deployment.

What’s New?

Identity Manager and Identity Manager SPE now use the same auditing system. As a result, discussions about auditing have been moved to Identity Manager Deployment Tools.

Identity Manager SPE now uses the LighthouseContext instead of the IDMXContext. As a result, chapter about the IDMXContext has been replaced.

Using helpTool

With the Identity Manager 6.0 release, a new feature has been added that allows you to search the online help and documentation files, which are in HTML format. The search engine is based on the SunLabs “Nova” search engine technology.

There are two stages to using the Nova engine: indexing and retrieval. During the indexing stage, the input documents are analyzed and an index is created which is used during the retrieval stage. During retrieval, it is possible to pull “passages” that consist of the context in which the query terms were found. The passage retrieval process requires the original HTML files to be present, so these files must exist in a location in the file system accessible by the search engine.

helpTool is a Java program that performs two basic functions:

Copies the HTML source files into a location known to the search engine

Creates the index used during the retrieval stage

You execute helpTool from the command line, as follows:

$ java -jar helpTool.jar

usage: HelpTool

-d Destination directory

-h This help information

-i Directory or JAR containing input files, no wildcards

-n Directory for Nova index

-o Output file name

-p Indexing properties file

Rebuilding/Re-Creating the Online Help Index

The HTML files for online help are packaged in a JAR file. You must extract these files to a directory for the search engine. Use the following procedure:

Unpack the helpTool distribution to a temporary directory. (Details TBD)

In this example, we will extract the files to /tmp/helpTool.

In a UNIX shell or Windows command window, change directory to the location where the Identity Manager application was deployed to your web container.

For example, a directory for Sun Java System Application Server might look like the following:

/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/idm

Change your current working directory to the help/ directory.

Note

It is important to run helpTool from this directory or the index will not build correctly. In addition, you should remove the old index files by deleting the contents of the index/help/ subdirectory.

Gather the following information for your command line arguments:

Destination directory — html/help/en_US

Note

Use the locale string appropriate for your installation.

Input file — ../WEB-INF/lib/idm.jar

Nova index directory — index/help

Output file name — index_files_help.txt

Note

The name of the file is not important — but the tool will exit if this file already exists.

Indexing properties file — index/index.properties

Run the following command:

$ java -jar /tmp/helpTool/helpTool.jar -d html/help/en_US -i ../
WEB-INF/lib/idm.jar -n index/help -o help_files_help.txt -p index/index.properties

Extracted 475 files.

[15/Dec/2005:13:11:38] PM Init index/help AWord 1085803878

[15/Dec/2005:13:11:38] PM Making meta file: index/help/MF: 0

[15/Dec/2005:13:11:38] PM Created active file: index/help/AL

[15/Dec/2005:13:11:40] MP Partition: 1, 475 documents, 5496 terms.

[15/Dec/2005:13:11:40] MP Finished dumping: 1 index/help 0.266

[15/Dec/2005:13:11:40] IS 475 documents, 6.56 MB, 2.11 s, 11166.66 MB/h

[15/Dec/2005:13:11:40] PM Waiting for housekeeper to finish

[15/Dec/2005:13:11:41] PM Shutdown index/help AWord 1085803878

Rebuilding/Re-Creating the Documentation Index

Use the following procedure to rebuild or re-create the documentation index:

Unpack the helpTool distribution to a temporary directory. (Details TBD)

In this example, we will extract the files to /tmp/helpTool.

In a UNIX shell or Windows command window, change directory to the location where the Identity Manager application was deployed to your web container.

For example, a directory for Sun Java System Application Server might look like:

/opt/SUNWappserver/domains/domain1/applications/j2ee-modules/idm

Change your current working directory to the help/ directory.

Note

You must run helpTool from this directory or the index will not build correctly. In addition you should remove the old index files by deleting the contents of the index/docs/ subdirectory.

Gather the following information for your command line arguments:

Destination directory — html/docs

Input files — ../doc/HTML/en_US

Note

The tool will copy the en_US/ directory and subdirectories to the destination.

Nova index directory — index/docs

Output file name — index_files_docs.txt

Note

The name of the file is not important – but the tool will exit if this file already exists.

Indexing properties file — index/index.properties

Run the following command:

$ java -jar /tmp/helpTool/helpTool.jar -d html/docs -i ../doc/HTML/en_US -n index/docs -o help_files_docs.txt -p index/index.properties

Copied 84 files.

Copied 105 files.

Copied 1 files.

Copied 15 files.

Copied 1 files.

Copied 58 files.

Copied 134 files.

Copied 156 files.

Copied 116 files.

Copied 136 files.

Copied 21 files.

Copied 37 files.

Copied 1 files.

Copied 13 files.

Copied 2 files.

Copied 19 files.

Copied 20 files.

Copied 52 files.

Copied 3 files.

Copied 14 files.

Copied 3 files.

Copied 3 files.

Copied 608 files.

[15/Dec/2005:13:24:25] PM Init index/docs AWord 1252155067

[15/Dec/2005:13:24:25] PM Making meta file: index/docs/MF: 0

[15/Dec/2005:13:24:25] PM Created active file: index/docs/AL

[15/Dec/2005:13:24:28] MP Partition: 1, 192 documents, 38488 terms.

[15/Dec/2005:13:24:29] MP Finished dumping: 1 index/docs 0.617

[15/Dec/2005:13:24:29] IS 192 documents, 14.70 MB, 3.81 s, 13900.78 MB/h

[15/Dec/2005:13:24:29] PM Waiting for housekeeper to finish

[15/Dec/2005:13:24:30] PM Shutdown index/docs AWord 1252155067

Previous      Next

Copyright 2006 Sun Microsystems, Inc. All rights reserved.

Old package name	New package name
com.waveset.adapter.ADSyncFailoverTask	com.waveset.task.ADSyncFailoverTask
com.waveset.adapter.ADSyncRecoveryCollectorTask	com.waveset.task.ADSyncRecoveryCollectorTask
com.waveset.adapter.SARunner	com.waveset.task.SARunner
com.waveset.adapter.SourceAdapterTask	com.waveset.task.SourceAdapterTask


Note	It is important to run helpTool from this directory or the index will not build correctly. In addition, you should remove the old index files by deleting the contents of the index/help/ subdirectory.


Note	Use the locale string appropriate for your installation.


Note	The name of the file is not important — but the tool will exit if this file already exists.


Note	You must run helpTool from this directory or the index will not build correctly. In addition you should remove the old index files by deleting the contents of the index/docs/ subdirectory.


Note	The tool will copy the en_US/ directory and subdirectories to the destination.


Note	The name of the file is not important – but the tool will exit if this file already exists.