Pageviews

Thursday, November 19, 2015

OIM - Target Reconciliation - Child Table entry is coming Blank.



Follow
24 people are following Ritesh Maddala. Be the first of your friends.

OIM - Target Reconciliation - Child Table entry is coming Blank.

Issue -

During target reconciliation, the users are getting linked properly and reconciliation data is also visible in Reconciliation Event, but the issue is, the Role Name is not visible or a blank value is coming in Child table.

Solution -

1. Configure/Create a lookup to get the Groups or Role from Target System.

2. Run lookup reconciliation scheduler.

3. Check the groups in lookup configured/created in step 1.

4. If Groups/Roles are present in the above lookup, run Entitlement List Scheduler.

5. Check Entitlement Tab under App Instance for Particular App Instance.

6. Now run the Target reconciliation again.

7. If you face the same issue, then check ReconAttrMap Lookup. It might be possible that, you have missed to append  "[LOOKUP]" as keyword for code key for the role attribute. 

Check your Connector DOC first for how to Map the Child Table Attributes in ReconAttrMap.

For example - If you are using DBAT connector then Replace --> Groups~Group Name to Groups~Group Name[LOOKUP]

Here in the above example - Groups is Multi Valued Attribute in Resource Object and Group Name is an attribute for Role/Group.




4 comments:

  1. HI,
    hope you could answer me. Using DBAT connector, OIM can take all users AND their Roles from the tables right? But I udnerstand there are some limitation with child tables.
    I'm still unsure on what information besides Usernames can OIM take from these DB Tables...

    ReplyDelete
  2. Hi Zukoso,

    Please let me what is your actual requirements.

    DBAT is fully functional connector and uses groovy script as a mediator between you DB and OIM.

    You can fetch roles from DB and assign it to users at any point of time.

    Provisioning, reconciliation works similarly like other connectors.

    Hope this helps

    Thanks

    ReplyDelete
  3. Thanks!
    I have an Active Directory from where I'm taking all users to OIM.
    On the other hand there is a DBAT connector, which gets users and roles from a DB schema.
    There is a custom Java App where you can "create users and roles", and those are insrted in these tables.
    it might not be ideal,but we would like then for OIM to show these Roles in the interface, so we could assign those to users from OIM also. Would that be possible using DBAT connector?
    Or from DBAT I will only bring to OIM the "Role membership info" ?
    Sorry if I'm not explaining correctly, as I'm new to OIm, and still getting used to all the terminology.

    ReplyDelete
    Replies
    1. You are getting confused between all the features. .

      Start learning basics of

      Roles
      Access Policies
      Entitlements

      After learning this properly, you can solve your problems easily without confusions

      Hope this helps

      Delete