Symantec IGA

 View Only

Connector Xpress:  Stored Procedures (in-place)

  • 1.  Connector Xpress:  Stored Procedures (in-place)

    Posted Feb 13, 2018 01:37 PM



    For data warehouse solutions, that use a database to manage offline/manually provisioned applications, there is typically a common request to manage the "account" to "application" step from the Identity Management solution via Connector Xpress JDBC connector.


    If the data warehouse has a web-layer API, that is the first approach to solve this request.


    However, if the data warehouse does not have a web-layer API, then we would address this with direct management at the data tier.   While it is possible to use the JDBC thin drivers/protocols to manage as many tables for user access and entitlements, we have found introduction of an intermediate layer, to lower future cost and business risk.


    The use of pre-built or new Stored Procedures, allows the customer's DBA to limit access and processes to their database tables.   The Stored Procedures ownership would reside with the customer's DBA team, and allow them to change or restrict it as needed, via internal change control processes.   


    To meet this requirement, the CA Identity Suite Connector Xpress solution, allows for data mapping to Stored Procedures.




    1) The IM CX Connector framework, allows for a feature set to modify OOTB behavior.
          a. This feature set is called “Operational Bindings” (aka Javascript or Stored Procedures).
          b. There are many available operations to leverage within this feature, with three (3) sets of timings.
    2) This proposal intends to leverage the CX Operational Bindings with Javascript or Stored Procedure to perform an approved “interruption/redirect”
          a. Upon a “modify” operation (expected for a rejection), the javascript would perform a ldapmodify operation to the “REAL” endpoint.
          b. Upon a “modify” operation (expected for a rejection), the jStored procedure would perform a db modify operation to the “REAL” endpoint.



    Example Screens for features for JavaScript.  





    Example Screens for Stored Procedures:







    For debugging processes, we like to hear from others what you find of use.



    One process we have found useful, is to leverage the DB Management UI, CA Erwin, or 3rd party DbVisualizer tool, to reverse engineer the tables and existing stored procedures.


    Using this information, to then focus on the following sub-use-cases:

    1) View account

    2) Create account (assume stub id, no entitlements)

    3) Delete account

    4) Modify account profile (enable/disable, FN, LN, pwd change, etc.)

    5) Modify account membershipOf/Entitlements (Add/Remove/Replace)







    Will add more information.