An attribute stores information about a user, group, or organization entity, such as a telephone number or address. The attributes of an entity determine its profile.
In the directory configuration file, attributes are described in ImsManagedObjectAttr elements. In the User Object, Group Object and Organization Object sections of the directory configuration file:
For each attribute in user, group, and organization profiles, there is only one ImsManagedObjectAttr element. For example, an ImsManagedObjectAttr element may describe a user ID.
An ImsManagedObjectAttr element resembles the following code:
<ImsManagedObjectAttr physicalname="tblUsers.id" displayname="User Internal ID" description="User Internal ID" valuetype="Number" required="false" multivalued="false" maxlength="0" hidden="false" permission="READONLY">
Note: When you are using an Oracle database, note the following points while configuring managed object attributes:
Be sure to specify a maximum length for String datatypes to prevent truncation. To limit the length of strings, you can create a validation rule to display an error when a user types a string that exceeds the maximum length.
The ImsManagedObjectAttr parameters are as follows.
Note: The parameters are optional unless otherwise specified.
(Required)
Specifies the physical name of the attribute, and it must contain one of the following details:
Format: tablename.columnname
For example, when an attribute is stored in the id column in the tblUsers table, the physical name for that attribute is as follows:
tblUsers.id
You are required to define each table that contains an attribute in a Table element.
A well-known attribute can represent a computed value. For example, you can use a well-known attribute to refer to an attribute computed using a custom operation.
(Required)
Specifies a unique name for the attribute.
In the User Console, the display name appears in the list of attributes that are available to add to a task screen.
Note: Do not modify the displayname of an attribute in the directory configuration file (directory.xml). To change the name of the attribute on a task screen, you can specify a label for the attribute in the task screen definition. For more information, see the Administration Guide.
Provides the description of the attribute.
Specifies the data type of the attribute. The valid values are as follows:
The value can be any string.
This is the default value.
The value must be an integer.
Note: Integer does not support decimal numbers.
The value must be an integer. The number option supports decimal numbers.
The value must parse to a valid date using the pattern:
MM/dd/yyyy
The value must parse to a valid date using the pattern yyyy-MM-dd.
The value must parse to a valid date using the pattern YYYYYYYDDD where:
YYYYYYY is a seven number representation of year beginning with three zeros. For example: 0002008
DDD is the three number representation for the day beginning with zeroes, as needed. Valid values include from 001 to 366.
If the valuetype of an attribute is incorrect, CA IdentityMinder queries may fail.
To make sure that an attribute is stored correctly in the database, you can associate it with a validation rule.
Indicates whether a value is required to specify for the attribute, as follows:
Indicates whether the attribute can have multiple values, as follows:
For example, the group membership attribute in a user profile is multi-valued to store the groups to which a user belongs.
To store multi-valued attributes in a delimited list instead of in a multi-row table, you are required to define the delimiter character in the delimiter parameter.
Make sure that the number of possible values and the length of each value that the column enables are sufficient.
Important! Make sure that the Group Membership attribute in the User object definition is multi-valued.
Provides the name of the well-known attribute.
Well-known attributes have a specific meaning in CA IdentityMinder.
Format: %ATTRIBUTENAME%
Note: When a custom operation is associated with an attribute, you are required to specify a well-known attribute.
Determines the maximum size of the column.
Indicates whether the value of an attribute can be modified in a task screen, as follows:
The value is displayed but cannot be modified.
The value cannot be modified once the object is created. For example, a user ID cannot be changed after the user is created.
The value can be modified (default).
Indicates whether an attribute appears in the CA IdentityMinder task screens, as follows:
Logical attributes use hidden attributes.
Note: For more information about logical attributes, see the Programming Guide for Java.
Indicates that only CA IdentityMinder used attributes. Users must not modify the attributes in the User Console, as follows:
Associates a validation rule set with the attribute.
Make sure that the validation rule set that you specify is defined in a ValidationRuleSet element in the directory configuration file.
Defines the character that separates values when multiple values are stored in a single column.
Important! Make sure that the multivalued parameter is set to true for the delimiter parameter to apply.
Note: To prevent displaying sensitive information, such as passwords or salaries, in the User Console, you can specify DataClassification parameters.
|
Copyright © 2013 CA.
All rights reserved.
|
|