|
|
|
An attribute stores information about a user, group, or organization entity, such as a telephone number or address. An entity’s attributes determine its profile.
In the directory configuration file, attributes are described in ImsManagedObjectAttr elements. In the User Object, Group Object and Organization Object sections of the directory configuration file, you can do the following:
There is one ImsManagedObjectAttr element for each attribute in user, group, and organization profiles. For example, an ImsManagedObjectAttr element may describe a user ID.
An ImsManagedObjectAttr element resembles the following:
<ImsManagedObjectAttr physicalname="tblUsers.id" displayname="User Internal ID" description="User Internal ID" valuetype="Number" required="false" multivalued="false" maxlength="0" hidden="false" permission="READONLY">
Note: When you are using an Oracle database, note the following when you configure managed object attributes:
Be sure to specify a maximum length for String datatypes to prevent truncation. To limit the length of strings, you can create a validation rule that displays an error when a user types a string that exceeds the maximum length.
The ImsManagedObjectAttr parameters are as follows.
Note: The parameters are optional unless otherwise specified.
(Required)
Specifies the physical name of the attribute, and it must contain one of the following:
Format: tablename.columnname
For example, when an attribute is stored in the id column in the tblUsers table, the physical name for that attribute is as follows:
tblUsers.id
You must define each table that contains an attribute in a Table element.
A well-known attribute can represent a computed value. For example, you can use a well-known attribute to refer to an attribute that is computed by a custom operation.
(Required)
Specifies a unique name for the attribute.
In the User Console, the display name appears in the list of attributes that are available to add to a task screen.
Note: Do not modify an attribute’s displayname in the directory configuration file (directory.xml). To change the name of the attribute on a task screen, you can specify a label for the attribute in the task screen definition. For more information, see the Administration Guide.
Provides the description of the attribute.
Specifies the attribute’s data type. The valid values are as follows:
The value can be any string.
This is the default value.
The value must be an integer.
Note: Integer does not support decimal numbers.
The value must be an integer. The number option supports decimal numbers.
The value must parse to a valid date using the pattern:
MM/dd/yyyy
The value must parse to a valid date using the pattern yyyy-MM-dd
The value must parse to a valid date using the pattern YYYYYYYDDD where:
YYYYYYY is a seven number representation for year beginning with three zeroes. For example: 0002008
DDD is the three number representation for the day beginning with zeroes, as needed. Valid values include 001 to 366.
When an attribute’s valuetype is incorrect, Identity Manager queries may fail.
To make sure that an attribute is stored correctly in the database, you can associate it with a validation rule.
Indicates whether a value must be specified for the attribute, as follows:
Indicates whether the attribute can have multiple values, as follows:
For example, the group membership attribute in a user profile is multi-valued to store the groups to which a user belongs.
To store multi-valued attributes in a delimited list instead of in a multi-row table, you must define the delimiter character in the delimiter parameter.
Make sure that the number of possible values and the length of each value that the column enables are sufficient.
Important! The Group Membership attribute in the User object definition must be multi-valued.
Provides the name of the well-known attribute.
Well-known attributes have a specific meaning in CA Identity Manager.
Format: %ATTRIBUTENAME%
Note: When a custom operation is associated with an attribute, you must specify a well-known attribute.
Determines the maximum size of the column.
Indicates whether an attribute’s value can be modified in a task screen, as follows:
The value is displayed but cannot be modified
The value cannot be modified once the object is created. For example, a user ID cannot be changed after the user is created
The value can be modified (default)
Indicates whether an attribute appears in the Identity Manager task screens, as follows:
Logical attributes use hidden attributes.
Note: For more information about logical attributes, see the Programming Guide for Java.
Indicates attributes that are used by CA Identity Manager only, and should not be modified by users in the User Console, as follows:
Associates a validation rule set with the attribute.
The validation rule set that you specify must be defined in a ValidationRuleSet element in the directory configuration file.
Defines the character that separates values when multiple values are stored in a single column.
Important! The multivalued parameter must be set to true for the delimiter parameter to apply.
Note: To prevent displaying sensitive information, such as passwords or salaries, in the User Console, you can specify DataClassification parameters.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |