Skip Navigation Links | |
Exit Print View | |
Oracle Identity Analytics Business Administrator's Guide 11g Release 1 |
1. Oracle Identity Analytics Identity Warehouse
2. Oracle Identity Analytics Importing
3. Oracle Identity Analytics ETL Process
4. Oracle Identity Analytics Data Correlation
Understanding Data Correlation
To Correlate an Orphan Account to a User
To Change Ownership of an Account
5. Oracle Identity Analytics Role Engineering and Management
6. Oracle Identity Analytics Workflows
7. Oracle Identity Analytics Identity Certifications
8. Oracle Identity Analytics Identity Audit
9. Oracle Identity Analytics Reports
10. Oracle Identity Analytics Scheduling
11. Oracle Identity Analytics Configuration
Correlation rules are defined in the schema (.rbx) files under the Oracle Identity Analytics schema folder.
A correlation rule checks if the global user field matches an account field. The left side of the rule (before the = sign) is associated with the global user, and the right side of the role is associated with the account. For example, $globalUser.userName=$account.userName.
When creating data correlation rules, remember the following:
Only one attribute can be set at a time for global users (on the left side of the rule), but any number of expressions can be configured on the right side of the rule for accounts.
Correlation rules, once defined, are evaluated in the same order as they are found in the schema file.
No patterns can be applied to the global user attribute. For example #globaluser.userName(-10) is not allowed.
The default correlation rule to associate users to their entitlements on the basis of their user IDs is $globaluser.userName=$account.userName.
The global user attribute and the global user table column should bear the same name for the data correlation feature to function correctly. For example, userName is the attribute that appears in the Oracle Identity Analytics table for global users and should be named accordingly.
When one global user accurately meets a certain rule designed for it, the correlation is established between the user and entitlements and no further expressions are evaluated for that account.
If more than one global user meets a correlation rule for a given account, the next correlation rule is evaluated. Subsequently, both results are intersected, and, if as a result of this intersection only one global user meets both rules, that global user is correlated to the account.
For example, suppose the following rules are configured:
# @IdentityCorrelationRule rule="$globalUser.FirstName=$account.FirstName" # @IdentityCorrelationRule rule="$globalUser.LastName=$account.LastName"
An account has the following attributes: FirstName="John", LastName="Cook".
When evaluating the first rule, Oracle Identity Analytics might find many global users with "John" as FirstName, but when it evaluates the second rule and the intersection is made, only one global user meets both rules.
Following is an example of a schema file with multiple correlation rules:
# # @iam:namespace name="Summarization" shortName="SUM" # # @IdentityCorrelationRule rule="$globalUser.userName=$account.userName" # @IdentityCorrelationRule rule="$globalUser.FirstName=$account.FirstName" # @IdentityCorrelationRule rule="$globalUser.LastName=$account.LastName" # @IdentityCorrelationRule rule="$globalUser.MiddleName=$account.FirstName(-1.1)$account.LastName" # @IdentityCorrelationRule rule="$globalUser.userName=[defaultuser]" userName,endPoint,domain,comments,suspended,locked,name,FunctionCode,FirstName, MiddleName, LastName
Note - The correlation method used in previous versions of Oracle Identity Analytics using the <correlationkey> tag also works with Oracle Identity Analytics, so you do not need to change the old schema files.