Data Rules Reference to Customize and Transform Identity and Account Attributes
You can add rules to customize or transform identity and account attributes. These rules are written in JavaScript.
Objects
Table - Objects (Outbound)
| Object Name | Purpose | Example |
|---|---|---|
|
requestAttributes |
Provisioning request Attribute Object. These attributes are available when provisioning is via policy based, access bundle request, role based, or direct methods. |
|
|
user |
User Object. Use required getter on this to access any member. |
|
|
application |
Resource Object. Use required getter on this to access any member. |
|
Table - Objects (Inbound)
| Object Name | Purpose | Example |
|---|---|---|
|
user |
User Object. Use required getter on this to access any member for Source of Identity. |
user.getName().getGivenName(), user.getUserName() |
|
account |
Account Object. Use required getter on this to access any member for Manage Permissions. |
account.getDisplayName() |
Best Practices to Transform or Customize Identity and Account Attributes
Here are a few best practices and recommendations to consider:
- You can transform or customize identity and account attributes for Inbound data ingested from Authoritative Sources or Managed Systems. However, you can only transform identity (user) attributes for Outbound Data.
- Always perform a NULL check in rules for extracted values before using them otherwise it can lead to ingestion cycle failures on NULL references. This has to be done for both, user attributes object in Authoritative Sources and account attributes object in Managed Systems for inbound transformations.
- You cannot directly transform or assign value to attributes having array object data type, i.e. attributes returning a list of values, such as emails, photos, and addresses, but you can use them to modify/manipulate other user or account attributes. For example, to set the country value as the default value for the attribute location if a location is null, use:
user.getLocation() !=null ? user.getLocation() : user.getAddresses()[0].getCountry()
Related Topics
Authoritative Source Identity Object Attributes for Outbound Transformation
You can modify or alter the outbound data by applying data transformation rules to the data available or provisioned into the Orchestrated system. Here's a list of identity (user) attributes available for use in outbound data transformations.
Syntax to Fetch Identity Attributes for Outbound Data
These details can be fetched using the syntax:
get<FieldName>()Example - Retrieve the user's given name
user.getName().getGivenName()Table - Identity (User) Object Attributes for Outbound Data
| Attribute | Sub Attribute | Data Type | Syntax |
|---|---|---|---|
|
name |
Reference |
user.getName() |
|
|
formatted |
String |
user.getName().getFormatted() |
|
|
familyName |
String |
user.getName().getFamilyName() |
|
|
givenName |
String |
user.getName().getGivenName() |
|
|
middleName |
String |
user.getName().getMiddleName() |
|
|
honorificPrefix |
String |
user.getName().getHonorificPrefix() |
|
|
honorificSuffix |
String |
user.getName().getHonorificSuffix() |
|
|
userName |
String |
user.getUserName() |
|
|
displayName |
String |
user.getDisplayName() |
|
|
description |
String |
user.getDescription() |
|
|
primaryEmail |
String |
user.getPrimaryEmail() |
|
|
userType |
String |
user.getUserType() |
|
|
title |
String |
user.getTitle() |
|
|
employeeNumber |
String |
user.getEmployeeNumber() |
|
|
organization |
Reference |
user.getOrganization() |
|
|
value |
String |
user.getOrganization().getValue() |
|
|
ref |
String |
user.getOrganization().getRef() |
|
|
displayName |
String |
user.getOrganization().getDisplayName() |
|
|
resourceType |
String |
user.getOrganization().getResourceType() |
|
|
department |
String |
user.getDepartment() |
|
|
manager |
Reference |
user.getManager() |
|
|
value |
String |
user.getManager().getValue() |
|
|
ref |
String |
user.getManager().getRef() |
|
|
displayName |
String |
user.getManager().getDisplayName() |
|
|
resourceType |
String |
user.getManager().getResourceType() |
|
|
status |
String |
user.getStatus() |
|
|
jobCode |
String |
user.getJobCode() |
|
|
state |
String |
user.getState() |
|
|
risk |
String |
user.getRisk() |
|
|
location |
String |
user.getLocation() |
|
|
emails |
List of Email |
|
|
|
pendingVerificationData |
String |
email.getPendingVerificationData() |
|
|
primary |
Boolean |
email.getPrimary() |
|
|
secondary |
Boolean |
email.getSecondary() |
|
|
type |
String |
email.getType() |
|
|
value |
String |
email.getValue() |
|
|
verified |
Boolean |
email.getVerified() |
|
|
addresses |
List of Address |
|
|
|
country |
String |
address.getCountry() |
|
|
formatted |
String |
address.getFormatted() |
|
|
locality |
String |
address.getLocality() |
|
|
postalCode |
String |
address.getPostalCode() |
|
|
primary |
Boolean |
address.isPrimary() |
|
|
region |
String |
address.getRegion() |
|
|
streetAddress |
String |
address.getStreetAddress() |
|
|
type |
String |
address.getType() |
|
|
phoneNumbers |
List of PhoneNumber |
|
|
|
display |
String |
phoneNumber.getDisplay() |
|
|
primary |
Boolean |
phoneNumber.isPrimary() |
|
|
type |
String |
phoneNumber.getType() |
|
|
value |
String |
phoneNumber.getValue() |
|
|
Boolean |
phoneNumber.isVerified() |
Authoritative Source Identity Object Attributes for Inbound Transformation and Identity Attributes Customization
You can modify or alter the incoming data by applying data transformation rules during the data ingestion phase into the Orchestrated system. You can use the same set of attributes to customize composite identity profile constructed in Oracle Access Governance by transforming identity attributes.
Syntax to Fetch Identity Attributes for Inbound Data
The attribute details can be fetched using the syntax:
get<FieldName>()Example - Retrieve the user's given name
user.getName().getGivenName()Table - Authoritative Source Identity Attributes for Inbound Data
| Attribute | Sub Attribute | Data Type | Syntax |
|---|---|---|---|
|
fullName (for OIG/ICF) |
Reference |
user.getFullName() |
|
|
formatted |
String |
user.getFullName().getFormatted() |
|
|
familyName |
String |
user.getFullName().getFamilyName() |
|
|
givenName |
String |
user.getFullName().getGivenName() |
|
|
middleName |
String |
user.getFullName().getMiddleName() |
|
|
honorificPrefix |
String |
user.getFullName().getHonorificPrefix() |
|
|
honorificSuffix |
String |
user.getFullName().getHonorificSuffix() |
|
|
name (for OCI) |
Reference |
user.getName() |
|
|
formatted |
String |
user.getName().getFormatted() |
|
|
familyName |
String |
user.getName().getFamilyName() |
|
|
givenName |
String |
user.getName().getGivenName() |
|
|
middleName |
String |
user.getName().getMiddleName() |
|
|
honorificPrefix |
String |
user.getName().getHonorificPrefix() |
|
|
honorificSuffix |
String |
user.getName().getHonorificSuffix() |
|
|
userName |
String |
user.getUserName() |
|
|
displayName |
String |
user.getDisplayName() |
|
|
description |
String |
user.getDescription() |
|
|
primaryEmail |
String |
user.getPrimaryEmail() |
|
|
userType |
String |
user.getUserType() |
|
|
title |
String |
user.getTitle() |
|
|
employeeNumber |
String |
user.getEmployeeNumber() |
|
|
organization |
Reference |
user.getOrganization() |
|
|
value |
String |
user.getOrganization().getValue() |
|
|
ref |
String |
user.getOrganization().getRef() |
|
|
displayName |
String |
user.getOrganization().getDisplayName() |
|
|
resourceType |
String |
user.getOrganization().getResourceType() |
|
|
department |
String |
user.getDepartment() |
|
|
manager |
Reference |
user.getManager() |
|
|
value |
String |
user.getManager().getValue() |
|
|
ref |
String |
user.getManager().getRef() |
|
|
displayName |
String |
user.getManager().getDisplayName() |
|
|
resourceType |
String |
user.getManager().getResourceType() |
|
|
status |
String |
user.getStatus() |
|
|
jobCode |
String |
user.getJobCode() |
|
|
state |
String |
user.getState() |
|
|
risk |
String |
user.getRisk() |
|
|
location |
String |
user.getLocation() |
|
|
compartmentId |
String |
user.getCompartmentId() |
|
|
domainId |
String |
user.getDomainId() |
|
|
domainOCID |
String |
user.getDomainOCID() |
|
|
region |
String |
user.getRegion() |
|
|
emails |
List of Email |
emails = user.getEmails() |
|
|
pendingVerificationData |
String |
user.getEmails()[0].getPendingVerificationData() |
|
|
primary |
Boolean |
user.getEmails()[0].getPrimary() |
|
|
secondary |
Boolean |
user.getEmails()[0].getSecondary() |
|
|
type |
String |
user.getEmails()[0].getType() |
|
|
value |
String |
user.getEmails()[0].getValue() |
|
|
verified |
Boolean |
user.getEmails()[0].getVerified() |
|
|
addresses |
List of Address |
|
|
|
country |
String |
user.getAddresses()[0].getCountry() |
|
|
formatted |
String |
user.getAddresses()[0].getFormatted() |
|
|
locality |
String |
user.getAddresses()[0].getLocality() |
|
|
postalCode |
String |
user.getAddresses()[0].getPostalCode() |
|
|
primary |
Boolean |
user.getAddresses()[0].isPrimary() |
|
|
region |
String |
user.getAddresses()[0].getRegion() |
|
|
streetAddress |
String |
user.getAddresses()[0].getStreetAddress() |
|
|
type |
String |
user.getAddresses()[0].getType() |
|
|
phoneNumbers |
List of PhoneNumber |
|
|
|
display |
String |
user.getPhoneNumbers()[0].getDisplay() |
|
|
primary |
Boolean |
user.getPhoneNumbers()[0].isPrimary() |
|
|
type |
String |
user.getPhoneNumbers()[0].getType() |
|
|
value |
String |
user.getPhoneNumbers()[0].getValue() |
|
|
Boolean |
user.getPhoneNumbers()[0].isVerified() |
||
|
photos |
List of photos |
|
|
|
display |
String |
user.getPhotos()[0].getDisplay() |
|
|
primary |
Boolean |
user.getPhotos()[0].isPrimary() |
|
|
type |
String |
user.getPhotos()[0].getType() |
|
|
value |
String |
user.getPhotos()[0].getValue() |
|
|
ims |
List of ims |
|
|
|
display |
String |
user.getIms()[0].getDisplay() |
|
|
primary |
Boolean |
user.getIms()[0].isPrimary() |
|
|
type |
String |
user.getIms()[0].getType() |
|
|
value |
String |
user.getIms()[0].getValue() |
Managed Systems Account Object Attributes for Inbound Transformation
You can modify or alter the incoming account attribute data by applying data transformation rules during the data ingestion phase into the Orchestrated system.
Syntax to Fetch Account Attributes for Inbound Data Transformation
The attribute details can be fetched using the syntax:
get<FieldName>()Example - Retrieve the user's given name
account.getName().getGivenName()Table - Managed Systems Account Attributes for the Inbound Data Transformation
| Attribute | Sub Attribute | Data Type | Syntax |
|---|---|---|---|
|
fullName |
Reference |
account.getFullName() |
|
|
formatted |
String |
account.getFullName().getFormatted() |
|
|
familyName |
String |
account.getFullName().getFamilyName() |
|
|
givenName |
String |
account.getFullName().getGivenName() |
|
|
middleName |
String |
account.getFullName().getMiddleName() |
|
|
honorificPrefix |
String |
account.getFullName().getHonorificPrefix() |
|
|
honorificSuffix |
String |
account.getFullName().getHonorificSuffix() |
|
|
userName |
String |
account.getUserName() |
|
|
displayName |
String |
account.getDisplayName() |
|
|
description |
String |
account.getDescription() |
|
|
primaryEmail |
String |
account.getPrimaryEmail() |
|
|
userType |
String |
account.getUserType() |
|
|
title |
String |
account.getTitle() |
|
|
status |
String |
account.getStatus() |
|
|
accountType |
String |
account.getAccountType() |
|
|
provisionedByMechanism |
String |
account.getProvisionedByMechanism() |
|
|
provisionedOnDate |
String |
account.getProvisionedOnDate() |
|
|
resourceName |
String |
account.getResourceName() |
|
|
startDate |
Long |
account.getStartDate() |
|
|
name |
String |
account.getName() |
|
|
userLogin |
String |
account.getUserLogin() |
|
|
resourcesId |
String |
account.getResourcesId() |
|
|
compartmentId |
String |
account.getCompartmentId() |
|
|
domainId |
String |
account.getDomainId() |
|
|
domainOCID |
String |
account.getDomainOCID() |
|
|
region |
String |
account.getRegion() |
|
|
emails |
List of Email |
emails = account.getEmails() |
|
|
pendingVerificationData |
String |
account.getEmails()[0].getPendingVerificationData() |
|
|
primary |
Boolean |
account.getEmails()[0].getPrimary() |
|
|
secondary |
Boolean |
account.getEmails()[0].getSecondary() |
|
|
type |
String |
account.getEmails()[0].getType() |
|
|
value |
String |
account.getEmails()[0].getValue() |
|
|
verified |
Boolean |
account.getEmails()[0].getVerified() |
|
|
addresses |
List of Address |
addresses = account.getAddresses(); |
|
|
country |
String |
account.getAddresses()[0].getCountry() |
|
|
formatted |
String |
account.getAddresses()[0].getFormatted() |
|
|
locality |
String |
account.getAddresses()[0].getLocality() |
|
|
postalCode |
String |
account.getAddresses()[0].getPostalCode() |
|
|
primary |
Boolean |
account.getAddresses()[0].isPrimary() |
|
|
region |
String |
account.getAddresses()[0].getRegion() |
|
|
streetAddress |
String |
account.getAddresses()[0].getStreetAddress() |
|
|
type |
String |
account.getAddresses()[0].getType() |
|
|
phoneNumbers |
List of PhoneNumber |
phoneNumbers = account.getPhoneNumbers() |
|
|
display |
String |
account.getPhoneNumbers()[0].getDisplay() |
|
|
primary |
Boolean |
account.getPhoneNumbers()[0].isPrimary() |
|
|
type |
String |
account.getPhoneNumbers()[0].getType() |
|
|
value |
String |
account.getPhoneNumbers()[0].getValue() |
|
|
Boolean |
account.getPhoneNumbers()[0].isVerified() |
||
|
photos |
List of photos |
photos = account.getPhotos() |
|
|
display |
String |
account.getPhotos()[0].getDisplay() |
|
|
primary |
Boolean |
account.getPhotos()[0].isPrimary() |
|
|
type |
String |
account.getPhotos()[0].getType() |
|
|
value |
String |
account.getPhotos()[0].getValue() |
|
|
ims |
List of ims |
ims = account.getIms() |
|
|
display |
String |
account.getIms()[0].getDisplay() |
|
|
primary |
Boolean |
account.getIms()[0].isPrimary() |
|
|
type |
String |
account.getIms()[0].getType() |
|
|
value |
String |
account.getIms()[0].getValue() |
Custom User and Account Attributes
You can fetch and use custom user or account attribute while applying data transformation rules for the inbound data transformation.
User Custom Attribute
Oracle Access Governance provides a utility method to fetch the custom attribute of a user for inbound transformations. To fetch the CUSTOM_ATTRIBUTE_NAME of a user, you would use the following syntax, for example:
if( user.getCustomAttributes() != null ) {user.getCustomAttributes()['CUSTOM_ATTRIBUTE_NAME'] }For example, for a custom attribute called Tags:
if( user.getCustomAttributes() != null ) {user.getCustomAttributes()['Tags'] }Account Custom Attribute
Oracle Access Governance provides a utility method to fetch the custom attribute of an account for inbound transformations. To fetch the CUSTOM_ATTRIBUTE_NAME of an account, you would use the following syntax, for example:
if(account.getCustomAttributes() != null) {account.getCustomAttributes()['CUSTOM_ATTRIBUTE_NAME'] }For example, for a custom attribute called Tags:
if(account.getCustomAttributes() != null) {account.getCustomAttributes()['Tags'] }Examples for Outbound Data Transformation
Here are a few sample mapping rules and uses cases while applying outbound data transformations in Oracle Access Governance.
Table - Sample Mapping Rules
| Usecase | Sample Rule |
|---|---|
|
Fixed string value |
'SampleValue' |
|
User attribute |
user.getName().getGivenName()Note: You must perform a null check before using such operations as the value can be null. |
|
Application attribute |
application.getDisplayName()Note: You must perform a null check before using such operations as the value can be null. |
|
Request attribute |
requestAttributes.get('organizationName').get(0)Note:
|
| Set value to the combination of 2 user attributes | |
| Set the value to another attribute if the input value is null (if organization is null then set to a fixed value) | user.getOrganization() != null && user.getOrganization().getDisplayName() != null ? user.getOrganization().getDisplayName() : 'DefaultOrganization' |
Examples for Inbound Data Transformation and Identity Attributes
Here are a few sample mapping rules and uses cases while applying inbound data transformations or applying transformations on the composite identity profile in Oracle Access Governance.
Note:
As a best practice, we recommend to always perform a NULL check in rules for extracted values before using them otherwise it can lead to ingestion cycle failures on NULL references. This has to be done for both, user attributes object in Authoritative Sources and account attributes object in Managed Systems for inbound transformations.Sample Mapping Rules for Authoritative Sources
Here are a few mapping rule expressions along with input value or output value for the identity (user) object attributes.
| Target attribute | Type of attribute | Target attribute data type | Aim of mapping rule | Mapping rule expression | Value input | Value output |
|---|---|---|---|---|---|---|
|
userName |
DEFAULTS |
String |
Concatenate userName & displayName and set this value in userName attribute |
user.getUserName().concat('-',user.getDisplayName()) |
userName=mark.hill displayName=Mark Hill |
mark.hill-Mark Hill |
|
userName |
DEFAULTS |
String |
If userName is not null, then convert userName to upperCase and set in userName attribute |
if(user.getUserName()!=null) {user.getUserName().toUpperCase() } |
userName=mark.hill |
MARK.HILL |
|
jobDescription |
CUSTOM |
String |
LowerCase the value of description and set it in custom attribute, jobDescription |
user.getDescription().toLowerCase() |
description = SoftwareDeveloper1 |
jobDescription = softwaredeveloper1 |
|
status |
DEFAULTS |
Boolean |
If status is null set it to true else alternate the value. |
user.getStatus()==null ? true : !user.getStatus() |
status = true | false |
|
risk |
DEFAULTS |
Integer |
If risk is null set 20, else increase risk by 15 | user.getRisk() == null ? 20 : user.getRisk() + 15 |
risk = 30 risk = null |
45 20 |
|
description |
DEFAULTS |
String |
Get startDate of type long, convert it into Date and then set it as a String to the description attribute. |
new Date(user.getStartDate()).toISOString() |
startDate = 1703442600000 |
2023-12-25T07:55:46.061Z |
|
provisionedOnDate |
DEFAULTS |
Date |
Get validFromDate (long), convert to date, then set provisionedOnDate rounded to 1st of next month. |
const currentDate = new Date(user.getValidFromDate()); new Date(currentDate.getFullYear(), currentDate.getMonth() + 1, 1).getTime(); |
validFromDate = 1703442600000 |
provisionedOnDate = 1704047400000 |
|
provisionedFromDate |
DEFAULTS |
Date |
Input type string. Output type date. |
new Date(user.getValidFromDate()).toISOString() |
validFromDate = 1703442600000 input = 2023-12-24T18:30:00.000Z |
provisionedFromDate = 1703422800000 |
Sample Mapping Rules for Managed Systems
Here are a few mapping rule expressions along with input value or output value for the account object attributes.
Table - Sample Mapping Rules for Managing Permissions
| Target attribute | Type of attribute | Target attribute data type | Aim of mapping rule | Mapping rule expression | Value input | Value output |
|---|---|---|---|---|---|---|
|
displayName |
DEFAULTS |
String |
If displayName is not null then set upper case value to displayName. |
if(account.getDisplayName()!=null) {account.getDisplayName().toUpperCase() } |
displayName = Mark Hill |
MARK HILL |
|
primaryEmail |
DEFAULTS |
String |
Concatenate userLogin & "@myexample.com" and set in primaryEmail. |
account.getUserLogin().concat('@myexample.com') |
userLogin = mark.hill | mark.hill@myexample.com |
|
jobDescription |
CUSTOM |
String |
LowerCase the value of description and set it in custom attributes jobDescription. |
if(account.getDescription()!=null) { account.getDescription().toLowerCase() } |
description = SoftwareDeveloper1 | jobDescription = softwaredeveloper1 |
|
status |
DEFAULTS |
Boolean |
Example 1: If status is null then set it to true else alternate the value. |
account.getStatus()==null ? true : !account.getStatus() |
status = true |
false |
|
Example 2: Set status to false. |
false |
status = null/true/false | false | |||
|
risk |
DEFAULTS |
Integer |
If risk is null then set to 20, else increase risk by 15. |
account.getRisk() == null ? 20 : account.getRisk() + 15 |
risk = 30 risk = null |
45 20 |
|
riskSummary |
DEFAULTS |
Long |
If riskSummary is null set to 1234, else increase risk by 70. |
account.getRiskSummary() == null ? 1234 : account.getRiskSummary() + 70 |
riskSummary = 30 riskSummary = null |
100 1234 |
Data Rules Reference to Customize and Transform Identity and Account Attributes
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.