Versions Compared

Old Version 7

changes.mady.by.user RoFa

Saved on

compared with

New Version Current

changes.mady.by.user Luca Kurmann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat


Introduction

This article describes the CoreOne system connector for Oracle Database and how the target system has to be configured in the CoreOne Suite.

Target system configuration parameters

The following target system configuration parameters are available

General host parameters

Parameter

Description / Remarks

Server (mehrere getrennt mit ";")

Oracle server host name, can be multiple hosts delimited by the “;” character. All hosts use the same credentials and parameters as defined below

Usernamen

User name for the database

Passwort

Password for the database

Port

Numeric port value, default is 1521

SID / Servicenamen

SID or Service name of the Oracle DB instance

SQL parameters

...

Parameter

See below for an explanation of the different SQL command

...

types

...

Description / Remarks

...

SQL CreateIdentity

...

Stored procedure

...

SQL GetIdentityParameters

...

Select query (function)

...

SQL CheckIdentityExists

...

Select query (function)

...

SQL FindObjectIdentifiersByAttributes

...

Select query (function)

...

SQL UpdateIdentity

...

Stored procedure

...

SQL DeleteIdentity

...

Stored procedure

...

SQL ValidateCredentials

...

Not implemented

...

SQL IsIdentityActivate

...

Select query (function)

...

SQL ActivateIdentity

...

Stored procedure

...

SQL DeactivateIdentity

...

Stored procedure

...

SQL SetIdentityPassword

...

Not implemented

...

SQL IsPropertyValueUnique

...

Select query (function)

...

SQL GetResourcesFromIdentity

...

Select query (function)

...

SQL GetIdentityMembersByResourceIdentifier

...

Select query (function)

...

SQL AddIdentityToResource

...

Stored procedure

...

SQL RemoveIdentityFromResource

...

Stored procedure

...

SQL GetIdentity

...

Select query (function)

...

SQL CreateResource

...

Stored procedure

...

SQL GetResourceParameters

...

Select query (function)

...

SQL CheckResourceExists

...

Select query (function)

...

SQL UpdateResource

...

Stored procedure

...

SQL DeleteResource

...

Stored procedure

...

SQL GetResources

...

Select query (function)

...

SQL IsResourcePropertyValueUnique

...

Select query (function)

...

SQL GetResource

...

Select query (function)

SQL command types

Select Query (function)

This can be a simple SELECT query from a table or a view. It’s also possible to call a function inside a SELECT query.

Examples:

SELECT * FROM t.users;
SELECT * FROM v.users;
SELECT * FROM get_users('all');

Stored procedure

If a stored procedure is needed for the SQL parameter, you have to specify the name of the stored procedure. The input and output parameters will be added in the system connector and are defined below.

Examples:

create_user
update_user

Source system Oracle database requirements

To execute the SQL statements defined in the target system, there are certain requirements needed on the database, so that they will be executed correctly.

Identity methods

...

System connector method

...

Info

The CoreOne Suite - Core service has to be restarted after each change of the SQL parameters for it to take effect.

Mapping of SQL parameters

The input parameters are mapped from the corresponding identity or resource provisioning configuration. The attributes from this provision configuration are then used to replace the parameters in the stored procedures and select queries. The parameter name that gets replaced is taken from the tables system_identity_type_attribute/system_resource_type_attribute and from there, it uses the value in the column target_system_property_name

Example:

Attribute name: First Prename, Target system property name: first_prename

SQL query: Select * from users where firstprename = {first_prename}

The {first_prename} word gets replaced by the value from the Attribute First Prename

Info

Multi value attributes: Attributes with multiple values are currently not supported by the Oracle DB connector. If you use a multi value attribute, the value will always be empty.

Identity methods

Info

The Parameter IDENTITY_ID ist hard-coded and can’t be changed/defined.

System connector method

SQL command type

Input parameters
(See above how the mapping works for these parameters)

Excepted return value

Description

SQL CreateIdentity

Stored procedure

  • Identity attributes, parameter names are taken from target_system_property_name in the system_identity_type_attribute table

  • IDENTITY_ID
    Unique identifier of the identity from the target system

Creates the user in the target system

SQL GetIdentityParameters

Select query (function)

  • SQL replacement for identity identifier: {IDENTITY_ID}

  • SQL replacements for identity attributes: {target_system_

identity

  • property_

type_attribute

  • name}

  • All identity parameters from the SELECT query

Returns all the user parameters of a user

SQL CheckIdentityExists

Select query (function)

  • SQL replacement for identity identifier: {IDENTITY_ID}

  • Result row(s) or nothing

Checks if the user in the target system exists, if rows are returned → true, else false

SQL FindObjectIdentifiersByAttributes

Select query (function)

  • SQL replacement for system identity type: {SYSTEM_IDENTITY_TYPE_ID}

  • SQL replacements for attribute values: {target_system_

identity_type

  • property_

attribute

  • name}

  • Result rows with column name IDENTITY_ID

Finds object identifiers of users by their attribute values.

Returns all the object identifiers of users where the attributes values were found

SQL UpdateIdentity

(→ calls SQL GetIdentityParameters)

Stored procedure

  • Identity identifier: IDENTITY_ID

  • Identity attributes, parameter names are taken from target_system_property_name in the system_identity_type_attribute table

-

Updates a user with the attribute values

SQL DeleteIdentity

Stored procedure

  • Identity identifier: IDENTITY_ID

-

Deletes a user by their identity identifier

SQL ValidateCredentials

Not implemented

-

-

-

SQL IsIdentityActivate

Select query (function)

  • SQL replacement for identity identifier: {IDENTITY_ID}

  • SQL replacements for identity attributes: {target_system_

identity_type

  • property_

attribute

  • name}

  • Result row(s) or nothing

Checks if the user in the target system is active, if rows are returned → true, else false

SQL ActivateIdentity

Stored procedure

  • Identity identifier: IDENTITY_ID

-

Activates a user in the target system

SQL DeactivateIdentity

Stored procedure

  • Identity identifier: IDENTITY_ID

-

Deactivates a user in the target system

SQL SetIdentityPassword

Not implemented

-

-

-

SQL IsPropertyValueUnique

Select query (function)

  • SQL replacement for unique property: {UNIQUEPROPERTY}

  • SQL replacement for unique property value: {UNIQUEPROPERTYVALUE}

  • Result row(s) or nothing

Checks if a property value is unique in the target system.

There are 3 cases that gets checked to determine if the property value is unique:

  • Returing more than one row:

    • Not unique → false

  • Returing 1 row:

    • If property value is on the user with the given user object id → Is unique → true

    • If the property value is on another user → Is unique → false

  • Returning now rows:

    • Is unique → true

Resource methods

System connector method

SQL command type

Input parameters

Excepted return value

Description

SQL CreateResource

Not implemented

GetResourceParameters

Not implemented

CheckResourceExists

  • Unique resource identifier

Single row with single column

Stored procedure

  • Resource attributes, parameter names are taken from target_system_property_name in the system_resource_type_attribute table

  • RESOURCE_ID
    Unique identifier of the resource from the target system

Creates the resource in the target system

SQL GetResourceParameters

Select query (function)

  • SQL replacement for resource identifier: {RESOURCE_ID}

  • SQL replacements for resource attributes: {target_system_property_name}

  • All resource parameters from the SELECT query

Returns all the resource parameters of a resource

SQL CheckResourceExists

Select query (function)

  • SQL replacement for resource identifier: {RESOURCE_ID}

  • SQL replacements for resource attributes: {target_system_property_name}

  • Result row(s) or nothing

Checks if the resource

exists. Return nothing if it doesn’t.

UpdateResource

Not implemented

DeleteResource

Not implemented

GetResources

Not implemented

IsPropertyValueUnique

Not implemented

GetResourceMembersByResource

Not implemented

AddResourceToResource

Not implemented

RemoveResourceFromResource

Not implemented

FindObjectIdentifiersByAttributes

Not implemented

in the target system exists, if rows are returned → true, else false

SQL UpdateResource

(→ calls SQL GetResourceParameters)

Stored procedure

  • Resource identifier: RESOURCE_ID

  • Resource attributes, parameter names are taken from target_system_property_name in the system_resource_type_attribute table

-

Updates a resource with the attribute values

SQL DeleteResource

Stored procedure

  • Resource identifier: RESOURCE_ID

-

Deletes a resource in the target system

SQL GetResources

Select query (function)

  • SQL replacement for system resource type: {SYSTEM_RESOURCE_TYPE_ID}

  • SQL replacements for the search value: {textPattern}

  • SQL replacements for maximun amount of results returned: {maxResults}

  • Result rows with the resource identifiers that were found with the column name RESOURCE_ID

  • Recommended to send back a column named RESOURCE_DISPLAYNAME to represent the readable name of the resource

Returns resources of a specific system resource type, filtered by the text pattern and limited by the max results value

SQL IsResourcePropertyValueUnique

Select query (function)

  • SQL replacement for unique property: {UNIQUEPROPERTY}

  • SQL replacement for unique property value: {UNIQUEPROPERTYVALUE}

  • SQL replacement for system resource type: {SYSTEM_RESOURCE_TYPE_ID}

  • Result row(s) or nothing

Checks if a property value is unique in the target system.

There are 3 cases that gets checked to determine if the property value is unique:

  • Returing more than one row:

    • Not unique → false

  • Returing 1 row:

    • If property value is on the user with the given user object id → Is unique → true

    • If the property value is on another user → Is unique → false

  • Returning now rows:

    • Is unique → true

Identity-resource membership methods

System connector method

SQL command type

Input parameters

Excepted return value

Description

SQL AddIdentityToResource

  • Unique user object id

    • Unique resource object id

    Stored procedure

    • Identity identifier: IDENTITY_ID

    • Resource identifier: RESOURCE_ID

    -

    Adds the user to the resource

    SQL RemoveIdentityFromResource

  • Unique user object id

    • Unique resource object id

    Stored procedure

    • Identity identifier: IDENTITY_ID

    • Resource identifier: RESOURCE_ID

    -

    Removes the user identity from the resource

    AddResourceToIdentity

    • Unique user object id

    • Unique resource object id

    -

    Adds the resource to the user

    RemoveResourceFromIdentity

    • Unique user object id

    • Unique resource object id

    -

    Removes the user from the resource

    GetResourcesFromIdentity

    • Unique user object id

    • List of resource identifiers

    Adds the user identity to the resource

    GetIdentityMembersByResourceIdentifier

    • Unique resource object id

    • List of user identity identifiers

    Gets all the user identities from the resource

    SQL GetResourcesFromIdentity

    Select query (function)

    • SQL replacement for identity identifier: {IDENTITY_ID}

    • SQL replacement for the system resource type: {SYSTEM_RESOURCE_TYPE_ID}

    • Result rows with the resources from the identity, column names to return:
      RESOURCE_ID → unique identifier of the resource
      RESOURCE_DISPLAY_NAME → display name of the resource

    Gets all the resources from the identity

    SQL GetIdentityMembersByResourceIdentifier

    Select query (function)

    • SQL replacement for resource identifier: {RESOURCE_ID}

    • Result rows with the identities from the resource, column names to return:
      IDENTITY_ID → unique identifier of the identity

    Gets all the user identities from the resource

    SQL command types

    Select Query (function)

    This can be a simple SELECT query from a table or a view. It’s also possible to call a function inside a SELECT query.

    Note

    There mustn’t be a semicolon at the end of the query

    Examples:

    SELECT * FROM t.users
    SELECT * FROM v.users
    SELECT * FROM get_users('all')

    Stored procedure

    If a stored procedure is needed for the SQL parameter, you have to specify the name of the stored procedure. The input and output parameters will be added in the system connector and are defined below.

    Examples:

    create_user
    update_user

    Identity features

    The following identity functions are supported:

    System Connector task features

    Supported

    Create / delete identities

    Provisioning identities 

    Update identities          

    Provisioning identity updates   

    Deprovision identities  

    Cleanup of inactive identities active     

    Check password changed active

    Resources features

    The following resource functions are supported:

    System Connector task features

    Supported

    Create/delete resources

    Provision resources     

    Update resources         

    Provisioning resource changes 

    Deprovisioning resources         

    Provisioning resource allocations         

    Deprovisioning resource allocations     

    Provisioning resources-resource allocations     

    -

    Deprovisioning resource resource allocations   

    -

     

    Cleanup features

    The following cleanup functions are supported:

    System Connector task features

    Supported

    In the should-actual Log available    

    -

    Should be - Actually is - cleanup

    -

    Read back account properties

    Resource identity member target system clean up

    -

    Resource resource member target system clean up

    -

    How-to Artikel

    Filter by label (Content by label)
    cqllabel in ( "systemkonnektor" , "how-to" ) and type = "page" and space = "IKB"

    Verwandte Artikel

    Filter by label (Content by label)
    cqllabel = "systemkonnektor" and type = "page" and space = "IKB"