Skip Navigation Links | |
Exit Print View | |
![]() |
Oracle Identity Analytics 11gR1 Database Administrator's Guide |
3. Resource Types Metadata Module
This chapter describes the tables that make up the Oracle Identity Analytics Resource Types Metadata module.
|
|
The NAMESPACES table lists resource types from the provisioning system that Oracle Identity Analytics connects to, or it lists the resource types that Oracle Identity Analytics connects to otherwise. Each resource type is identified by a unique key called NAMESPACEKEY. In addition, this table also stores its corresponding NAMESPACENAME, NAMESPACESHORTNAME, and NAMESPACECOMMENTS.
PK_NAMESPACES on column NAMESPACEKEY
None
None
|
|
An account has various attributes defined that are clustered under a particular category. For example, in Active Directory a user's Exchange Attributes are grouped under the 'Exchange' category, and in Top Secret a user's TSO attributes are grouped under the 'TSO' category. Oracle Identity Analytics stores and handles these different categories under the ATTRIBUTECATEGORIES table. The attribute categories are listed under their particular Resource Types by referencing the NAMESPACES table with the NAMESPACEKEY. The Attribute Category is also defined in a particular order to facilitate the import of accounts.
PK_ATTRIBUTECATEGORIES - composite key on columns ATTRIBUTECATEGORYKEY and NAMESPACEKEY
None
None
|
|
The attributes for different Resource Types are listed under the ATTRIBUTES table. Each attribute is mapped to a particular attribute category by way of a reference to the ATTRIBUTECATEGORYKEY from the ATTRIBUTECATEGORIES table. Each attribute is defined by its name and other attribute values such as minimum value, maximum value, excluded value, and default value. The attribute can also be listed as hidden. An edit type lists the data type of the attribute and the label field specifies the attribute name that would be seen in different modules of Oracle Identity Analytics. In addition, a set of flags are assigned in this table to facilitate the handling of the attribute in Oracle Identity Analytics. The functions of these flags are listed below:
HIDDEN-> The attribute is hidden on the Oracle Identity Analytics UI pages
MANAGED-> This flag is selected when any operation is to be done on the attribute
MANDATORY-> This flag specifies that all the operations are to be done on the attribute
ISIMPORTABLE -> The attribute can be imported from a provisioning system
ISAUDITABLE -> This flag specifies that auditing can be done on the attribute
ISMINABLE -> This flag is selected when the attribute is defined for RoleEngineering
ISENTITLEMENT_MINABLE -> This flag specifies that the attribute's entitlement are defined for Role Engineering
ISCERTIFIABLE -> Select this flag when certification is to be carried out on the attribute
PK_ATTRIBUTECATEGORIES - composite key on columns ATTRIBUTEKEY and ATTRIBUTECATEGORYKEY
None
None
|
|
The ATTRIBUTE_VALUES table stores the actual values of all entitlements/attributes in Oracle Identity Analytics if they are present in the accounts. The ATTRIBUTE_VALUE field stores the value, and the ATTRIBUTE_ID field ties the table to the ID in the ATTRIBUTES table.
PK_ATTRIBUTE_VALUES - primary key on column ID
None
IX_ATTR_VALUES_AID - non-unique index on column ATTRIBUTE_ID
|
|
Attributes for various resources have values that are not always comprehensible to managers or end users. System Administrators can add comprehensible names for these attributes in Oracle Identity Analytics so that they are more easily understood. The table that defines the mapping between the attribute value and the attribute's comprehensible name is ATTRIBUTE_VALUE_METADATA table. Every entry in this table references the attribute_values and endpoints table by their respective IDs.
PK_ ATTRIBUTE_VALUES_MET - Composite primary key on columns ATTRIBUTE_VALUE_ID and ENDPOINT_ID
None
None
|
|
The ENDPOINTS table contains all of the resource IDs that are tied to the different resource types. (Prior to Sun Role Manager 5.0, resources were called endpoints, and resource types were called namespaces.) A resource type can have multiple 'instances' and each instance has a corresponding resource. The NAMESPACE_ID field is used to reference the NAMESPACES table, and the field ID is unique.
PK_ENDPOINTS - primary key on column ID
None
None
|
|
Each policy can be associated with a resource (endpoint), and this is represented in a derived table, ENDPOINT_POLICIES. This table in turn references the tables ENDPOINTS and POLICIES through the respective primary keys.