Ask Identigral (Issue 4)

by Deborah Volk on May 22nd, 2009

Ask Identigral is our answer to Dear Abby. According to Wikipedia, "Dear Abby ... is known for its uncommon common sense and youthful perspective", two qualities we're striving for in our blog. Since Abby isn't very good when it comes to identity and access management products' arcana, I together with the rest of Identigral staff have decided to step in and close the gap. Email us your questions about any Oracle identity or access management product(s) and once a week we will post the answers here
We have a field on our Oracle Identity Manager user profile (Xellerate User object) that has been there a couple years.The business isn't using the field anymore, how can we remove it and be sure we won't break anything?
Just like processes, data requirements change all the time. One field becomes another, etc. Luckily, Oracle Identity Manager (OIM) user fields are easy to remove. Before you go and hit that delete button, you should make sure of a few things:

1) Obvious but still worth noting: make sure you really want to delete it. Deleting the field is a permanent change, it does remove the column from the database (as opposed to a change in the object or process forms). There's no undo.

2) Remove any reference to the field from Lookup.USR_PROCESS_TRIGGERS lookup

3) References to the field in any pre-populate adapters need to be removed before you delete the field. The deletion process will warn you about the field being mapped in process task or entity adapters. There is no warning if there are existing mappings for pre-populate adapters.

4) References to the fields in any out-of-the-box or GTC connector lookups (e.g. Active Directory or Sun directory lookups) need to be removed. This may or may not cause your adapter to become unhappy.

This is not an exhaustive list but these actions are the lowest common denominator for a generic (if there is such a thing!) OIM implementation. As an alternative to deleting the field, you could hide it by adding a 'visible' property to it and setting it to false.
Have a Question?

Send your questions to ask@identigral.com and we'll do our best to answer. Please use your work email address - no GMail, Hotmail, Yahoo, etc.


Posted in Ask Identigral, Change Management, Oracle Identity Manager    Tagged with ask identigral


1 Comments

Martin - May 26th, 2009 at 3:02 PM
You also need to scan all source code (scheduled tasks, entity adapters, provisioning adapters, etc) for any references to the deleted attribute.



Leave a Comment
Search

Subscribe

follow on

2012 (1)
2011 (2)
2010 (2)
2009 (64)
March (11)
April (18)
May (18)
June (4)
July (1)
August (1)
September (5)
October (5)
December (1)