User virtual attributes

Access Governance Core supports a policy for linking user data from external sources. This policy is called virtualization.

The left pane displays a list of the inventoried repositories:

UserErc: The main integration interface table of Verify Governance.
S_User: The table of the users of the Request Center module.
Swim_User: This table is disabled by default and is used by the Request Center module.

Important:

Do not remove these repositories. You can add other repositories, but the removal of these default repositories can compromise the virtual mapping function.
It is a good rule to keep at all times the attribute mapping of the three tables in alignment. Be aware that all the attributes eventually convey into the UserErc table. Unless you have specific reasons for keeping some attributes mapped differently (for example, to keep certain records from being visualized in the Request Center), keep the attributes aligned to avoid unexpected results (for example, missing expected data for an attribute that was mapped differently in UserErc and in Swim_User.

The enabled repositories are displayed in green; the disabled ones are in red.

The enabled repositories are used by Access Governance Core.

The right pane contains the Details and the Attribute Mapping tabs.

When you select a repository in the left pane, the Details pane is automatically updated with the repository data.

Repository details are described in the next table:

Table 1. User virtual attributes - repository details.
Detail	Description
Name	Repository name
Description	Short description of the repository
Enabled	When this attribute is selected, the repository is accessible. When it is not selected, the repository cannot be accessed even if the connection parameters are configured correctly.
Type	Repository type. Currently, only the `database` type is available.
Connection	A connection to the database can be: Internal. PM (AG core module) External.
Connection Type	This attribute is displayed only if an external connection was chosen. These connection types are available. JNDI Custom
JNDI Name	The JNDI name is used for the connection to the database according to the configuration used on the application server in use. It is shown only if the JNDI external connection is selected in Connection Type.
Driver	The database driver. It is shown only if a custom external connection is selected in Connection Type.
URL	The URL used for connecting to the database. It is shown only if a custom external connection was selected.
UserId	The database User ID. It is shown only if a custom external connection was selected.
Password	The database password. It is shown only if a custom external connection was selected.
Table Name	The name of the table that is to be linked to the PERSON table as part of the customization task.
Database User	The user who is granted access to the database, if the authentication password to the database matches with the User ID.
Key Column	The name of the column in the PERSON table that must match with the column that is selected in the remote table.
Query File	An XML file that contains one or more queries to the database that is hosting the remote table. These queries are used to collect data for building the customized table.

Note: For some repositories, only some of the attributes are active and appear depending on the selection.

Each type of connection requires different parameters. The connection type is chosen in the intermediate part of the Details tab, in the Type and Connection fields. All the parameters that are needed for the selected connection are displayed in the lower part of the same pane.

The virtualization process is based on the Attribute Mapping tab:

Attribute mapping tab

The main information of this window is in the Name and Labels columns.

In the Name column, you find the attributes that are related to the repository selected in the Repository tab.

If you need to add another attribute to this column, click Actions > Add and select the attribute from the Select attribute to add window.

For the UserErc repository only, if the Select attribute to add window does not include an attribute that you might need, you must first create the new attribute in the Verify Governance database. For information about the procedure, see Adding columns to the UserErc table.

In the Labels column, you find the attributes that are related to system fields.

If you choose a label and click Select System Field, a Select System Field window opens, where you can set the system field that you want to associate to the Name on the same row.

For example, you can consider the USER_ERC table as repository involved into the virtual mapping.

Each attribute can be set in two different modes:

Mode 1: The USER_ERC attribute (listed under the column Name), is mapped with an attribute of PERSON. Changing the value of an attribute in one table causes the same change in the other table. To customize an attribute with Mode 1, insert the name of the PERSON attribute to be associated, preceded by an underscore ("_"), into the Label column.
Mode 2: The attribute in USER_ERC is only displayed among the users' external data, on the User Management page of the AG Core Console. To customize an attribute by using Mode 2, insert the attribute and assign it a name in the Label text-box. In this case, the change in USER_ERC is also reflected in the external table.

If you choose a label and click Browse icon Attribute Localization, an Attribute Localization window opens, where you can set the localization of the label.

The label can be associated to a set of values, related to the Lookup control column.

When you click Browse icon Lookup, a Lookup Options window opens.

There you can find several options that are provided by default (Internal) or freely configurable (Pop-up or Selectfield). For more information, see AGC > Configure > Rights Lookup.

To delete a value you previously set for Lookup control, click Clear icon Clear.

A label can be also associated to a Default Value that can be set and shown to the user in Request Center workflow activities.

You can also decide whether the label value is editable by selecting the related check box in the Editable column.

In the UI Rendering column, for every datum, you must specify the type of UI element that renders it, as shown in the following list:

Textfield
Textarea
Checkbox (true,false)
Checkbox (1,0)
Passwordfield
Date
Date-hours
Date-hours-seconds

Note:

You can choose Date, Date-hours or Date-hours-time as the rendering type for the date.

If you set a default value in the Default Value position, the format of the default value must comply with the formats that are shared among all the modules.

These product formats are available:

Date: dd/MM/yyyy
Date-hours: dd/MM/yyyy HH:mm
Date-hours-time: dd/MM/yyyy HH:mm:ss

Use the first check box in the left to select the corresponding row, if you want to:

Remove it, by selecting Actions > Remove.
Set as default, indicated with a green check mark, by selecting Actions > Set Key (single selection).

Select the Visible check box to specify that the data column must be displayed in all views where is needed.

The Up/Down yellow arrows define in which order the data columns are displayed in the system.

Select the Required check box to specify that the data must be mandatory present in all views where are needed.

After you click Actions > Add, the check box is flagged and disabled as not editable, if you select attributes that are indicated with a green check mark. In other words, the check box is disabled if you select attributes that are required for the repository that is selected in the Repository tab.

If a Required check box is not flagged, you can select it to specify that the attribute is required for the remote table/system.

Select Actions > Save to enable your changes.