5 Using the Database Application Tables Connector
You can use the connector for performing reconciliation and provisioning operations after configuring it to meet your requirements.
This chapter provides information about the following topics:
5.1 Configuring Reconciliation
Reconciliation involves duplicating in Oracle Identity Governance the creation of and modifications to user accounts on the target system. This section discusses the following topics related to configuring reconciliation:
5.1.1 Performing Full Reconciliation and Incremental Reconciliation
Full reconciliation involves reconciling all existing user records from the target system into Oracle Identity Governance. After you deploy the connector, you must first perform full reconciliation. In addition, you can switch from incremental reconciliation to full reconciliation whenever you want to ensure that all target system records are reconciled in Oracle Identity Governance.
You can perform a full reconciliation run in one of the following manners:
-
Ensure that no value is specified for the Filter attribute of the scheduled job for user data reconciliation. See Scheduled Jobs for Reconciliation of User Records for information about the Filter attribute.
-
Ensure the Sync Token attribute of the scheduled job for incremental reconciliation does not contain any value. See Scheduled Jobs for Incremental Reconciliation for information about the Sync Token attribute.
In incremental reconciliation, only records created or modified after the latest date/ timestamp the last reconciliation was run are considered for reconciliation. To perform incremental reconciliation, configure and run the scheduled job for incremental reconciliation. The first time you run the scheduled job for incremental reconciliation, note that a full reconciliation is performed. Note that the scheduled job for incremental reconciliation is generated only if you specify a last update column value for the changeLogColumn property in the DBATConfiguration.groovy file.
5.1.2 Performing Limited Reconciliation
By default, all target system records that are added or modified after the last reconciliation run are reconciled during the current reconciliation run. You can customize this process by specifying the subset of added or modified target system records that must be reconciled. You do this by creating filters for the reconciliation module.
You can configure limited reconciliation by performing the procedures described in one of the following sections:
5.1.2.1 Specifying a Value for the Filter Attribute
You can perform limited reconciliation by creating filters for the reconciliation module. This connector provides a Filter attribute (a scheduled task attribute) that allows you to use any of the Database Application Tables resource attributes to filter the target system records.
When you specify a value for the Filter attribute, only the target system records that match the filter criterion are reconciled into Oracle Identity Governance. If you do not specify a value for the Filter attribute, then all the records in the target system are reconciled into Oracle Identity Governance.
You specify a value for the Filter attribute while configuring the user reconciliation scheduled job.
For detailed information about Filters, see ICF Filter Syntax in Oracle Fusion Middleware Developing and Customizing Applications for Oracle Identity Governance.
5.1.2.2 Specifying a Value for the customizedQuery Parameter
If you want to filter values that are being retrieved from different tables by using native SQL queries, then use the customizedQuery property to configure limited reconciliation. You can configure limited reconciliation by specifying a value for either the customizedQuery property in the DBATConfiguration.groovy file or customizedQuery IT resource parameter.
You must specify a WHERE clause specifying the subset of newly added or modified records that you want to reconcile as the value of the customizedQuery parameter. For example, specifying the following WHERE clause as the value of the customizedQuery parameter returns all user records whose first name is John:
WHERE FIRST_NAME='JOHN'
The following is another example of a WHERE clause that returns all user records whose location contains "land":
WHERE LOCATION LIKE '%LAND'
Note:
If you are configuring limited reconciliation by using the customizedQuery property, then first test the query by running it on a staging server to ensure that data in the production server is altered as desired.
5.2 Configuring Provisioning
Learn about performing provisioning operations in Oracle Identity Governance and the guidelines that you must apply while performing these operations.
5.2.1 Guidelines on Performing Provisioning Operations
These guidelines provide information on what to do when performing provisioning operations.
For a Create User provisioning operation, you must specify a value for the User Name field. For example, John Doe. It is a mandatory field.
5.2.2 Performing Provisioning Operations
You create a new user in Identity Self Service by using the Create User page. You provision or request for accounts on the Accounts tab of the User Details page.
To perform provisioning operations in Oracle Identity Governance:
-
Log in to Identity Self Service.
-
Create a user as follows:
- In Identity Self Service, click Manage. The Home tab displays the Manage options. Click Users. The Manage Users page is displayed.
- From the Actions menu, select Create. Alternatively, you can click Create on the toolbar. The Create User page is displayed with input fields for user profile attributes.
- Enter details of the user in the Create User page.
-
On the Account tab, click Request Accounts.
-
In the Catalog page, search for and add to cart the application instance created for the connector that you created earlier, and then click Checkout.
-
Specify values for fields in the application form, and then click Ready to Submit.
-
Click Submit.
Note:
See Creating a User in Oracle Fusion Middleware Performing Self Service Tasks with Oracle Identity Governance for information about the fields on the Create User page.5.3 Configuring Reconciliation Jobs
Configure reconciliation jobs to perform reconciliation runs that check for new information on your target system periodically and replicates the data in Oracle Identity Governance.
You can apply this procedure to configure the reconciliation jobs for users and entitlements.
5.4 Uninstalling the Connector
Uninstalling the connector deletes all the account-related data associated with its resource objects.
If you want to uninstall the connector for any reason, then run the Uninstall Connector utility. Before you run this utility, ensure that you set values for ObjectType
and ObjectValues
properties in the ConnectorUninstall.properties file. For example, if you want to delete resource objects, scheduled tasks, and scheduled jobs associated with the connector, then enter "ResourceObject", "ScheduleTask", "ScheduleJob"
as the value of the ObjectType property and a semicolon-separated list of object values corresponding to your connector (for example, Databasetable User; Databasetable Group
) as the value of the ObjectValues
property.
Note:
If you set values for theConnectorName
and Release
properties along with the ObjectType
and ObjectValue
properties, then the deletion of objects listed in the ObjectValues
property is performed by the utility and the Connector information is skipped.
For more information, see Uninstalling Connectors in Oracle Fusion Middleware Administering Oracle Identity Governance.