Chuyển đến nội dung chính

Oracle IDM Auditing

Source: https://abhirockzz.wordpress.com
Reporting 
is a vital functionality in any product which deals with sensitive information. Same applies to Identity & Access Management tools. Oracle IDM’s Auditing module acts as a foundation for its OOTB Reporting capabilities. Let’s take a quick look at Auditing engine and how it facilitates the Reporting functionality within OIM
The use case presented here is simple – change to a user record in OIM.
What are the sequence of events which get triggered from an Audit perspective?
This is best explained by a diagram. I came up with the figure below in an attempt to better articulate the process.

oim-auditing
Although the diagram is self explanatory, a theoretical translation of the same is not going to harm us! 
  • The updated/created user record gets pushed into the USR table (stores the user information) – Its a normal process by which the information gets recorded in the OIM Database
  • The information is further propagated by the OIM Auditing engine (as a part of core back end server logic) and it initiates a transaction
  • The Audit Engine inserts a new entry in the AUD_JMS table as a part of the audit transaction completion. The AUD_JMS table is nothing but a staging table
  • The Issue Audit Messages scheduled job picks up the Audit messages in the AUD_JMS table and submits the key to the oimAuditQueue JMS queue.
  • The MDB corresponding to the queue initiates the Audit data processing – the data is seeded into the UPA table. This data is in the form of XML. These are snapshots of the user profile at the instant when the user record was actually modified/created. The UPA table also stores the delta (changes to the profile)
  • Finally, the Post processors of the Audit engine pick up the XML snapshots from the central UPA table and store them in specific audit tables (in a de-normalized format) like UPA_USR, UPA_USR_FIELDS, UPA_RESOURCE, UPA_UD_FORMS etc
  • These tables serve as the primary source of information for the Reporting module. If you have ever worked on the OIM Reporting module, I am sure you can relate to the Data Sources which you configure on your BI Publisher instance – these are for executing direct queries on the above mentioned Audit tables for its data.

Nhận xét

Bài đăng phổ biến từ blog này

Approval specific web services in Oracle IDM

Source: https://abhirockzz.wordpress.com Oracle IDM integrates with and leverages the SOA suite for approval related features (SOA is quite rich to be honest and is utilized as the back bone for Web Services connector as well). SOA is not just for namesake – SOA suite does in fact rely on the concept of loosely coupled and independent services. The approval engine makes use of three such web services Request web service : this is deployed on the OIM server Request Callback web service : this is deployed on SOA server Provisioning Callback web service : this too is deployed on OIM and used in context of approvals related to  Disconnected application instances But how/when are these (SOA) services leveraged ? Consider an example of a basic approval process OIM approval engine calls a SOA composite (from within an approval policy) in response to evaluation of a self service request.  The internals of this call are out of scope of this post (maybe some other time!) Operati

Allow Duplicate Emails

Version: Oracle Identity Manager 11.1.2.3.0 Step 1:  Login to Oracle Identity System Administration Step 2: On the navigation menu, select Configuration Properties under System Configuration. Step 3: Create the following System Property. Step 4: Verify using duplicate emails.