This section provides reference documentation for the database views for reporting.
To provide data for your custom reports, you need to use database views. The core database views that ship with the product include both current state and history information for reporting. For most applications, you can use the views that provide both current state and history information. These views are described in the sections that follow.
In addition to the core set of views, there is a separate set of views that includes only the current state information, thereby providing a slight improvement in reporting performance. For example, the idmrpt_approver_v
view provides both current state and history information, whereas the idmrpt_approver_cs_v
view provides just the current state information. The structure of the two views is identical, so the columns used are exactly the same. Only the view names are different. The name for each current state view includes _cs
before the _v
suffix.
For most applications, you can use the views that provide both current state and history information. However, if you want to use the views that provide current state information only, here is the complete list of current state views:
idmrpt_acct_link_cs_v
idmrpt_approver_cs_v
idmrpt_association_cs_v
idmrpt_ext_idv_item_cs_v
idmrpt_cat_mappings_cs_v
idmrpt_category_cs_v
idmrpt_container_cs_v
idmrpt_ent_param_token_value_cs_v
idmrpt_ent_type_cs_v
idmrpt_ext_item_attr_cs_v
idmrpt_group_cs_v
idmrpt_identity_cs_v
idmrpt_ms_identity_cs_v
idmrpt_idv_acct_cs_v
idmrpt_idv_drivers_cs_v
idmrpt_idv_ent_bindings_cs_v
idmrpt_idv_ent_cs_v
idmrpt_idv_identity_trust_cs_v
idmrpt_idv_prd_cs_v
idmrpt_ms_acct_rule_cs_v
idmrpt_ms_acct_cs_v
idmrpt_ms_ent_type_cs_v
idmrpt_ms_ent_cs_v
idmrpt_ms_ent_trust_cs_v
idmrpt_ms_cs_v
idmrpt_owners_cs_v
idmrpt_res_parameter_cs_v
idmrpt_resource_cs_v
idmrpt_role_level_cs_v
idmrpt_role_mappings_cs_v
idmrpt_role_resource_association_cs_v
idmrpt_role_cs_v
idmrpt_sod_cs_v
idmrpt_sod_violations_cs_v
idmrpt_team_assignments_cs_v
idmrpt_team_cs_v
idmrpt_approval_cs_v
Information about the links between managed system accounts and IDM accounts.
ms_acct_id |
VARCHAR(32) |
This is the account ID |
idv_acct_id |
VARCHAR(32) |
|
idv_association |
VARCHAR(128) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
act_link_id |
VARCHAR(32) |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Contains role approver information.
approver_assoc_id |
VARCHAR(32) |
The ID of the role approval object |
cat_item_id |
VARCHAR(32) |
The ID of the role category |
cat_item_type_id |
VARCHAR(32) |
The role category type. For example, RESOURCE, SOD, or ROLE |
approver_id |
VARCHAR(32) |
The ID of the user approving the role |
approver_dn |
VARCHAR(255) |
The DN of the user approving the role |
approver_type |
VARCHAR(32) |
The type of approval. Fox example, IDENTITY, GROUP, or CONTAINER |
approval_type |
int2 |
A number indicating the type of approval: 1-grant, 2-revoke, grant & 3-revoke |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The time the role will be valid from |
idmrpt_deleted |
bool |
TRUE if the role is deleted and FALSE otherwise |
idmrpt_syn_state |
int2 |
The current sync state of the role |
association_id |
VARCHAR(32) |
|
drv_id |
VARCHAR(32) |
|
assoc_uid |
VARCHAR(256) |
|
assoc_state |
int2 |
|
item_id |
VARCHAR(32) |
|
item_type_id |
VARCHAR(32) |
|
idmrpt_deleted |
bool |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_syn_state |
int2 |
Stores information about extended objects in the identity vault.
item_id |
VARCHAR(32) |
|
item_dn |
VARCHAR(255) |
|
item_guid |
VARCHAR(64) |
|
object_id |
VARCHAR(32) |
|
item_name |
VARCHAR(128) |
|
item_desc |
VARCHAR(1024) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idv_id |
VARCHAR(32) |
|
idmrpt_syn_state |
int2 |
Contains information about the catalog items stored within the database.
item_type_id |
VARCHAR(4000) |
The ID for the type of catalog information. For example, ROLE, RESOURCE, GROUP, or SOD |
item_type_name |
VARCHAR(128) |
The name of the catalog. For example, IDM RBPM Role, IDM RBPM Resource, or IDM GROUP |
item_type |
int2 |
Numeric representation of item type : 1-user, 2-role, 3-group, 4-resource, 5-container, 6-prd, .... |
idmrpt_table_name |
VARCHAR(4000) |
The name of the table containing the information for this catalog |
mapping_id |
VARCHAR(32) |
|
mapped_id |
VARCHAR(32) |
|
category_id |
VARCHAR(32) |
|
mapped_id_type |
VARCHAR(32) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Table that stores custom catalog item information
category_id |
VARCHAR(32) |
|
category_type_id |
VARCHAR(32) |
|
category_key |
VARCHAR(255) |
|
category_name |
VARCHAR(4000) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idv_id |
VARCHAR(32) |
|
idmrpt_syn_state |
int2 |
contains information about the state of the collectors.
ms_collect_id |
VARCHAR(32) |
The ID of the collectors |
ms_query_api |
VARCHAR(4000) |
|
ms_collect_time |
TIMESTAMP WITH TIME ZONE |
The last collection time |
ms_collect_state |
bool |
The collection state |
ms_collection_id |
VARCHAR(32) |
The ID of the latest collection |
ms_collect_payload |
VARCHAR(4000) |
|
ms_collect_error |
VARCHAR(4000) |
Contains information about the Identity Vault containers.
container_id |
VARCHAR(32) |
The ID of the container |
container_dn |
VARCHAR(255) |
The DN of the container |
container_guid |
VARCHAR(64) |
The GUID of the container |
container_name |
VARCHAR(4000) |
The display name of the container |
container_desc |
VARCHAR(4000) |
The description of the container |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date the container is valid from |
idmrpt_deleted |
bool |
TRUE if the container has been deleted and FALSE otherwise |
idv_id |
VARCHAR(32) |
The ID of the Identity Vault |
container_type_id |
VARCHAR(32) |
|
idmrpt_syn_state |
int2 |
The synchronization state |
Stores extended or customized attribute definitions. This table does not require historical data, because it used as taxonomy of custom attributes.
attribute_id |
VARCHAR(32) |
|
attribute_name |
VARCHAR(128) |
|
display_value |
VARCHAR(128) |
|
attribute_type |
VARCHAR(64) |
java attribute type ( simple type: int, boolean, timestamp (as long), long, string, boolean |
Stores extended or custom object definitions. This table does not require historical data, because it used as taxonomy of custom attributes.
object_id |
VARCHAR(32) |
|
object_name |
VARCHAR(128) |
|
object_class |
VARCHAR(128) |
Contains information about the reporting data collection service configuration.
data_collect_locale |
VARCHAR(32) |
The locale that will be used in when collecting data from this data collection service. This value defaults to the system default locale of the data collection service. |
data_collect_interval |
int2 |
The data collection interval |
data_collect_interval_units |
int2 |
The units for the data collection interval. This value indicates days, weeks, or months: 1- day, 2- week, 3- month |
data_retention_interval |
int2 |
The data retention interval. This controls how long reporting data will be stored in the reporting warehouse. |
data_retention_interval_units |
int2 |
The units for the data retention interval. This value indicates days, weeks, or months: 1- day, 2- week, 3- month |
data_cleanup_interval |
int2 |
The data retention interval. This controls how long reporting data will be stored in the reporting warehouse. |
data_cleanup_interval_units |
int2 |
The units for the data clean up interval. This value indicates days, weeks, or months: 1- day, 2- week, 3- month |
next_data_cleanup |
int8 |
The time for the next data cleanup. |
min_dc_interval |
int8 |
The units for the minimum data collection interval. This value indicates days, weeks, or months: 1- day, 2- week, 3- month |
data_collect_query_timeout |
int8 |
|
next_data_collect_date |
int8 |
|
data_collect_srv_id |
VARCHAR(32) |
Stores custom entitlement parameter token values parsed out of the entitlement parameter string
binding_id |
VARCHAR(32) |
|
ent_id |
VARCHAR(32) |
|
ent_token_id |
VARCHAR(32) |
auto generated uuid |
bnd_cat_item_type_id |
VARCHAR(32) |
|
ent_token_key |
VARCHAR(64) |
|
ent_token_val |
VARCHAR(512) |
|
idmrpt_deleted |
bool |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_syn_state |
int2 |
Stores entitlement types and categories
ent_type_id |
VARCHAR(32) |
The auto generated entitlement type id. |
ent_type_cat |
VARCHAR(512) |
The entitlement type name. Examples: security account, security grouping, other account |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
Date this entitlement is valid from |
idmrpt_deleted |
bool |
TRUE if this value has been deleted and FALSE otherwise. |
idmrpt_syn_state |
int2 |
The synchronization state |
Stores extended catalog item information
cat_item_id |
VARCHAR(32) |
|
cat_item_type_id |
VARCHAR(32) |
|
attribute_id |
VARCHAR(32) |
|
attribute_value |
VARCHAR(512) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
cat_item_attr_id |
VARCHAR(32) |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Contains data about groups stored in the Identity Vault.
group_id |
VARCHAR(32) |
The unique ID for this group in the Identity Warehouse |
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this group. |
group_dn |
VARCHAR(255) |
The DN of the group |
group_guid |
VARCHAR(64) |
The GUID of the group from the Identity Vault |
group_name |
VARCHAR(4000) |
The display name of the group |
group_desc |
VARCHAR(4000) |
The group description |
dynamic_group |
bool |
TRUE if this group is a dynamic group and FALSE otherwise |
dynamic_rule |
VARCHAR(1024) |
The dynamic rule for this group if it is dynamic. |
nested_group |
bool |
TRUE if this group is a nested group and FALSE otherwise |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
Date this group became valid |
idmrpt_deleted |
bool |
TRUE if this group has been deleted and FALSE otherwise |
idmrpt_syn_state |
int2 |
The sync state for this group |
Contains identity profile information about users that have been collected by the reporting tool
identity_id |
VARCHAR(32) |
Auto generated unique identity identifier |
first_name |
VARCHAR(4000) |
First name |
last_name |
VARCHAR(4000) |
Last name |
middle_initial |
VARCHAR(4000) |
Middle name |
full_name |
VARCHAR(4000) |
Full name |
job_title |
VARCHAR(4000) |
Job title |
department |
VARCHAR(4000) |
Department |
location |
VARCHAR(4000) |
Location |
email_address |
VARCHAR(4000) |
Email address |
office_phone |
VARCHAR(4000) |
Office phone |
cell_phone |
VARCHAR(4000) |
Cell phone |
private_phone |
VARCHAR(4000) |
Private phone |
im_id |
VARCHAR(64) |
Instant messanger id |
mgr_id |
VARCHAR(32) |
The UUID for this user's manager |
photo |
TEXT(2147483647) |
This users photo |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
Date the user was created |
generational_qualifier |
VARCHAR(8) |
|
prefix |
VARCHAR(4000) |
Prefix |
preferred_name |
VARCHAR(4000) |
The prefix name |
preferred_language |
VARCHAR(4000) |
The prefix language |
job_code |
VARCHAR(4000) |
The user's job code |
workforce_id |
VARCHAR(4000) |
The user's workforce ID |
cost_center |
VARCHAR(4000) |
The user's cost center |
cost_center_description |
VARCHAR(4000) |
The description of the user's cost center |
employee_status |
VARCHAR(4000) |
The user's employee status |
employee_type |
VARCHAR(4000) |
The user's employee type |
company |
VARCHAR(4000) |
The company |
department_number |
VARCHAR(4000) |
The department number |
mailstop |
VARCHAR(4000) |
The mailstop |
office_number |
VARCHAR(4000) |
Physical Delivery Office Name |
street_address |
VARCHAR(4000) |
The street address |
city |
VARCHAR(4000) |
The city |
postal_code |
VARCHAR(4000) |
The postal code |
po_box |
VARCHAR(4000) |
The PO box |
fax_number |
VARCHAR(4000) |
The FAX number |
state |
VARCHAR(4000) |
The state the user resides in |
country |
VARCHAR(4000) |
The country the user resides in |
pager_number |
VARCHAR(4000) |
The user's pager number |
manager_flag |
bool |
TRUE if this user is a manager and FALSE otherwise |
manager_workforce_id |
VARCHAR(4000) |
The workforce ID of this user's manager |
hire_date |
TIMESTAMP WITH TIME ZONE |
The date this user was hired |
transfer_date |
TIMESTAMP WITH TIME ZONE |
The date this user was transferred |
termination_date |
TIMESTAMP WITH TIME ZONE |
The date this user's employment was terminated |
first_working_day |
TIMESTAMP WITH TIME ZONE |
The user's first working day |
last_working_day |
TIMESTAMP WITH TIME ZONE |
The user's last working day |
identity_desc |
VARCHAR(4000) |
|
idmrpt_syn_state |
int2 |
Stores application identity profile information
ms_identity_id |
VARCHAR(32) |
The auto-generated application identity identifier |
first_name |
VARCHAR(4000) |
The identity first name |
ms_uuid |
VARCHAR(4000) |
The application UUID |
ms_acct_id_value |
VARCHAR(4000) |
The application account ID value |
identity_id |
VARCHAR(32) |
The application UUID |
ms_identity_identifier |
VARCHAR(128) |
application identity identifier |
last_name |
VARCHAR(4000) |
identity last name |
middle_initial |
VARCHAR(4000) |
identity middle name |
full_name |
VARCHAR(4000) |
identity full name |
job_title |
VARCHAR(4000) |
job title |
department |
VARCHAR(4000) |
|
location |
VARCHAR(4000) |
|
email_address |
VARCHAR(4000) |
|
office_phone |
VARCHAR(4000) |
|
cell_phone |
VARCHAR(4000) |
|
private_phone |
VARCHAR(4000) |
|
im_id |
VARCHAR(64) |
instant messanger id. |
photo |
TEXT(2147483647) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
generational_qualifier |
VARCHAR(8) |
|
prefix |
VARCHAR(4000) |
|
preferred_name |
VARCHAR(4000) |
|
preferred_language |
VARCHAR(8) |
|
job_code |
VARCHAR(4000) |
|
workforce_id |
VARCHAR(4000) |
|
cost_center |
VARCHAR(4000) |
|
cost_center_description |
VARCHAR(4000) |
|
employee_status |
VARCHAR(4000) |
|
employee_type |
VARCHAR(4000) |
|
company |
VARCHAR(4000) |
|
department_number |
VARCHAR(4000) |
|
mailstop |
VARCHAR(4000) |
|
office_number |
VARCHAR(4000) |
Physical Delivery Office Name |
street_address |
VARCHAR(4000) |
|
city |
VARCHAR(4000) |
|
postal_code |
VARCHAR(4000) |
|
state |
VARCHAR(4000) |
|
country |
VARCHAR(4000) |
|
pager_number |
VARCHAR(4000) |
|
manager_flag |
bool |
|
manager_workforce_id |
VARCHAR(4000) |
|
hire_date |
TIMESTAMP WITH TIME ZONE |
|
transfer_date |
TIMESTAMP WITH TIME ZONE |
|
termination_date |
TIMESTAMP WITH TIME ZONE |
|
first_working_day |
TIMESTAMP WITH TIME ZONE |
|
last_working_day |
TIMESTAMP WITH TIME ZONE |
|
identity_desc |
VARCHAR(4000) |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Stores the set of Identity Vaults that participate in data collection for the reporting warehouse.
idv_id |
VARCHAR(32) |
The ID for this Identity Vault in the resporting warehouse |
idv_guid |
VARCHAR(255) |
The GUID of this Identity Vault on the Identity Vault |
idv_name |
VARCHAR(256) |
The name of this Identity Vault |
data_locale |
VARCHAR(16) |
The locale the reporting tool will use when collecting data from this database. |
idv_desc |
VARCHAR(1024) |
The description of this Identity Vault |
idv_host |
VARCHAR(256) |
The host address of this Identity Vault |
Contains information about the accounts in all of the Identity Vaults the reportings warehouse is collecting data about.
idv_acct_id |
VARCHAR(32) |
The unique ID for this account in the reporting warehouse |
identity_id |
VARCHAR(32) |
The ID of the account in the Identity Vault |
idv_acct_dn |
VARCHAR(255) |
The DN of the account in the identity vault |
idv_acct_guid |
VARCHAR(64) |
The GUID of the account in the Identity Vault |
idv_acct_status |
CHAR(1) |
The status of the account in the Identity Vault |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date the account was made active |
idmrpt_deleted |
bool |
TRUE if the account was deleted and FALSE otherwise |
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this account |
idmrpt_syn_state |
int2 |
The synchronized state of this account. |
Contains information about the driver configured in the Identity Vault connected tot he reporting warehouse.
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this driver |
idv_driver_id |
VARCHAR(32) |
The automatically generated unique ID of this driver in the reporting warehouse |
drv_dn |
VARCHAR(255) |
The DN of the driver |
drv_guid |
VARCHAR(64) |
The GUID of the driver |
drv_name |
VARCHAR(128) |
The name of the driver |
idmrpt_valid_from |
TIMESTAMP WITH TIME ZONE |
The date the driver was created |
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
The sync state of this driver |
Stores information about the entitlements available in the Identity Vaults.
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this entitlement |
idv_ent_id |
VARCHAR(32) |
The automatically generated ID for this entitlement |
idv_driver_id |
VARCHAR(32) |
The ID of the driver containing this entitlement |
idmrpt_ent_dn |
VARCHAR(255) |
The DN of this entitlement |
idmrpt_ent_guid |
VARCHAR(64) |
The GUID of this entitlement |
idmrpt_ent_name |
VARCHAR(4000) |
The name of this entitlement |
idmrpt_ent_desc |
VARCHAR(4000) |
The description of this entitlement |
idmrpt_ent_type_id |
VARCHAR(32) |
The ID of this type for this entitlement |
idmrpt_ent_type_name |
VARCHAR(512) |
The name of the type of this entitlement |
idm_ent_param_format |
VARCHAR(32) |
The format of the parameter of this entitlement |
idmrpt_valid_from |
TIMESTAMP WITH TIME ZONE |
The date this entitlement record is valid from |
idmrpt_deleted |
bool |
TRUE if this entitlement has been deleted and false otherwise |
idmrpt_syn_state |
int2 |
The sync state of this entitlement |
Contains information about the Identity Vault entitlement bindings
binding_id |
VARCHAR(32) |
The unique ID for this entitlement binding |
ent_id |
VARCHAR(32) |
The ID for this entitlement |
cat_item_id |
VARCHAR(32) |
The ID for the category of this entitlement |
cat_item_type_id |
VARCHAR(32) |
The ID of the category type. |
ent_param_str |
VARCHAR(4000) |
The parameter for this entitlement |
ms_ent_id |
VARCHAR(128) |
|
ms_id |
VARCHAR(32) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date this entitlement is valid from |
idmrpt_deleted |
bool |
TRUE if this entitlement has been deleted and false otherwise |
ent_src |
VARCHAR(64) |
The type of the source of the entitlement |
ent_param_val |
VARCHAR(4000) |
The parameter value |
idmrpt_syn_state |
int2 |
The sync state for this entitlement |
ent_param_id |
VARCHAR(512) |
|
ent_param_id2 |
VARCHAR(512) |
|
ent_param_liid |
VARCHAR(512) |
|
ent_corr_id |
VARCHAR(512) |
Contains role, resource, and group identity assignment information.
trust_id |
VARCHAR(32) |
The ID of this relationship |
identity_id |
VARCHAR(32) |
The ID of the Identity Vault containing this assignment |
trust_obj_id |
VARCHAR(32) |
The ID of the trust object |
trust_type_id |
VARCHAR(32) |
The type of assignment this is. For example, ROLE_ASSIGNMENT, RESOURCE_ASSIGNMENT, or GROUP_ASSIGNMENT |
trust_status |
int2 |
The status of the trust relationship |
requester_id |
VARCHAR(32) |
The ID of the requester of this resource |
request_date |
timestamptz |
The date the request was made |
request_comment |
VARCHAR(4000) |
The comment with the request |
cause |
VARCHAR(4000) |
The cause for the grant of this request. For example, role request |
cause_type |
VARCHAR(4000) |
The cause type for the grant of this request. For example, explicit, container, or group. |
approval_info |
VARCHAR(4000) |
|
trust_params |
VARCHAR(4000) |
|
idv_ent_id |
VARCHAR(32) |
|
idv_ent_ref |
VARCHAR(4000) |
|
ms_ent_id |
VARCHAR(32) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
trust_start_time |
TIMESTAMP WITH TIME ZONE |
|
trust_expiration_time |
TIMESTAMP WITH TIME ZONE |
|
idmrpt_syn_state |
int2 |
Contains a list of the provisioning request definitions contained in all the Identity Vaults connected to the reporting warehouse
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this PRD |
prd_id |
VARCHAR(32) |
The unique ID of this PRD in the reporting warehouse. |
prd_guid |
VARCHAR(64) |
The GUID of the PRD in the Identity Vault |
prd_dn |
VARCHAR(256) |
The DN of the PRD |
prd_name |
VARCHAR(4000) |
The display name of the PRD |
prd_desc |
VARCHAR(4000) |
The description of the PRD. |
idmrpt_deleted |
bool |
TRUE if this PRD has been delete from the Identity Vault and FALSE otherwise |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date this PRD was valid on |
idmrpt_syn_state |
int2 |
The sync state of this PRD |
Stores the Identity Vault trust types. This view is a fixed list of types and is populatd during the initial installation or upgrade of the reporting warehouse.
trust_type_id |
VARCHAR(32) |
The ID for this trust type. For example, ROLE_ASSIGNMENT, RESOURCE_ASSIGNMENT, or GROUP_ASSIGNMENT. |
trust_type_name |
VARCHAR(128) |
The display name of this trust type. |
trust_type_descr |
VARCHAR(512) |
The description of this trust type. |
idmrpt_deleted |
bool |
TRUE if this trust type has been deleted and FALSE otherwise. |
table that stores allowable container types that are synced from the idv.
container_type_id |
VARCHAR(32) |
|
naming_attr |
VARCHAR(32) |
|
object_class |
VARCHAR(512) |
|
idmrpt_deleted |
bool |
Contains information about managed systems the reporting information is collecting data from.
ms_id |
VARCHAR(32) |
The uniqeu ID for this managed system in the reporting warehouse |
ms_logical_id |
VARCHAR(4000) |
The logical ID of this managed system |
ms_collect_id |
VARCHAR(32) |
The collection ID of this managed system. |
ms_uuid |
VARCHAR(4000) |
|
ms_idm_driver |
VARCHAR(4000) |
|
ms_name |
VARCHAR(4000) |
|
ms_descr |
VARCHAR(4000) |
The description of this managed system |
ms_bus_owner |
VARCHAR(32) |
The ID of the business owner of this managed system |
ms_app_owner |
VARCHAR(32) |
The ID of the application owner of this managed system |
ms_domain |
VARCHAR(4000) |
The domain host address of this managed system |
ms_type |
VARCHAR(4000) |
The type of this managed system. For example, Active Directory |
ms_classification |
VARCHAR(4000) |
The classification of this managed system. For example, windows |
ms_location |
VARCHAR(4000) |
The physical location of this managed system |
ms_environment |
VARCHAR(4000) |
The operating system of this managed system |
ms_conn_ip |
VARCHAR(255) |
The IP address of this managed system |
ms_conn_auth_id |
VARCHAR(255) |
The ID used when connecting to the managed system |
ms_conn_port |
int4 |
The port used when connecting to this managed system |
ms_vendor |
VARCHAR(256) |
The vendor of this managed system |
ms_version |
VARCHAR(128) |
The version of this managed system |
ms_hierarchical |
bool |
|
ls_name |
VARCHAR(4000) |
|
ls_descr |
VARCHAR(4000) |
|
ls_bus_owner |
VARCHAR(32) |
|
ls_app_owner |
VARCHAR(32) |
|
ls_type |
VARCHAR(4000) |
|
ls_classification |
VARCHAR(4000) |
|
ls_location |
VARCHAR(4000) |
|
ls_environment |
VARCHAR(4000) |
|
ls_conn_ip |
VARCHAR(255) |
|
ls_conn_auth_id |
VARCHAR(255) |
|
ls_conn_port |
int4 |
|
ls_vendor |
VARCHAR(256) |
|
ls_version |
VARCHAR(128) |
|
ls_hierarchical |
bool |
|
idmrpt_deleted |
bool |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_syn_state |
int2 |
table that stores managed system accounts
identity_id |
VARCHAR(32) |
|
acct_id_type |
VARCHAR(128) |
an account might have login id's or unique account identifiers per application. this field indicates the type of login id or account identifier that is used in the account identifier field. e.g, in active directory accounts can be identified by and users can login using the samaccountname attribute, the userprincipalname attribute or its object * distinguished name* (dn). |
ms_acct_global_identifier |
VARCHAR(4000) |
unique identifier of account in ms ( provides ability to link all accounts) |
acct_id_value |
VARCHAR(4000) |
the identifier that uniquely identifies this account in an application. an account might have multiple unique identifiers per application. e.g. in active directory an account is identified by its samaccountname, userprincipalname and ldap dn. and in the idm world the account is known by its association. |
acct_status |
CHAR(1) |
status of the account (if applicable: active, inactive, disabled)active (a), inactive (i), or undefined (u) |
acct_type |
VARCHAR(32) |
account type string (not used) : regular, admin, elevated, ... |
idv_managed |
bool |
boolean flag, if set to true - means account is managed by IDM and idv association is not disabled |
idv_ms_app_name |
VARCHAR(4000) |
IDV name for managed systenm application |
idv_association |
VARCHAR(256) |
the IDV accoutnt Association |
idv_acct_id |
VARCHAR(32) |
the IDV accoutnt id, nullable fk to idv acct table |
idv_sync |
bool |
boolean flag, if set to true - means account is synchronied in IDV and MS |
ms_idv_acct_status |
CHAR(1) |
status of the account ms account according to idv record |
ms_id |
VARCHAR(32) |
|
ms_ent_type_id |
VARCHAR(32) |
|
ms_acct_id |
VARCHAR(32) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
ms_uuid |
VARCHAR(4000) |
|
acct_rule |
int4 |
|
match_attr_name |
VARCHAR(256) |
|
ext_attr |
bool |
|
attr_rule_id |
VARCHAR(32) |
|
idmrpt_deleted |
bool |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_syn_state |
int2 |
idmrpt_ms_collector contains information about the connected systems. This is the data that drives the Identity Vaults page in the reporting tool. These connected systems are used to collect reporting data.
ms_collect_id |
VARCHAR(32) |
The unique id for the collector |
collect_name |
VARCHAR(4000) |
The name of the collector |
collect_port |
int4 |
The port for connecting to the collector |
collect_host |
VARCHAR(64) |
The host name of the collector |
collect_context |
VARCHAR(32) |
The context for the collector |
collect_protocol |
VARCHAR(8) |
The protocol for the collector. Values: http, hhtps |
collect_acct |
VARCHAR(128) |
The account name used to connect to the collector |
collector_pswd |
VARCHAR(128) |
The password used for connecting to this collector |
collect_cert |
bytea |
The optional certificate used when connecting to this collector. This is only used for SSL. |
collect_desc |
VARCHAR(4000) |
The description of the collector |
data_locales |
VARCHAR(255) |
The locales to use when collecting data from this collector. Locale data is available in the managed system.(coma separated list). |
last_collect_date |
TIMESTAMP WITH TIME ZONE |
The last date data was collected from this collector |
next_collect_date |
timestamptz |
The next date data will be collected from this collector |
collect_type |
int2 |
The type of the pooling collector: 1 -idm engine rest endpoint collector 2 - enterprize application collector |
collect_state |
int2 |
The current state of the collection operation. Possible states are: 0- uninitialized, 1 - initialized, 2 - active, 3-running, 4 - suspended, 5- deleted |
ms_cert_info |
VARCHAR(4000) |
The public information about the certificate including the certificate name and file name. |
idmrpt_deleted |
bool |
TRUE if this collector has been deleted and FALSE otherwise |
Stores managed system entitlement values. This table does not contain managed system accounts.
ms_id |
VARCHAR(32) |
The managed system UUID |
ent_type_id |
VARCHAR(32) |
The entitlement type UUID |
ms_ent_id |
VARCHAR(32) |
They auto-generated entitlement value UUID |
ms_ent_val |
VARCHAR(4000) |
|
idv_ent_param_val |
VARCHAR(4000) |
The corresponding Identity Vault entitlement parmeter value string |
idv_ent_pt_id2 |
VARCHAR(4000) |
The corresponding Identity Vault entitlement parmeter ID token value |
idv_ent_pt_liid |
VARCHAR(4000) |
The corresponding Identity Vault entitlement parmeter LIID token value |
ms_ent_desc |
VARCHAR(4000) |
|
ms_ent_val_disp_name |
VARCHAR(4000) |
The entitlement value display name |
idmrpt_deleted |
bool |
|
entitlement_sub_type |
VARCHAR(4000) |
The entitlement sub type |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_syn_state |
int2 |
idv_ent_dn |
VARCHAR(256) |
Identifier of entitllement type within idv ( entitlement dn for connected system queried through REST API) |
idv_ent_id |
VARCHAR(32) |
Nullable foreing key to idmrpt_idv_ent.ent_ id. |
ent_type |
VARCHAR(256) |
Managed system entitlement type key (MS_ENT_TYPE). |
ms_ent_type_uuid |
VARCHAR(256) |
Managed system entitlement type id key (MS_ENT_TYPE_ID). |
ms_ent_type_cat |
VARCHAR(256) |
Managed system entitlement type category key (MS_ENT_CATEGORY). |
ms_ent_type_name |
VARCHAR(4000) |
Managed system entitlement type display name. |
ms_ent_name |
VARCHAR(4000) |
Managed system entitlement description name. |
ms_ent_desc |
VARCHAR(4000) |
Managed system entitlement description name. |
ms_ent_type_id |
VARCHAR(32) |
|
ms_uuid |
VARCHAR(4000) |
Managed system uuid ( managed system driver uuid), that this entitlement type belongs to. |
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
table that contains information about managed system entitlement assignments, excluding accounts
trustee_id |
VARCHAR(32) |
nullable foreing key, that points to trustee id (either idmrpt_ms_identity.identity_id or idmrpt_ms_ent.ms_ent_id |
trustee_type_id |
VARCHAR(32) |
|
ms_ent_trustee_idv_assoc |
VARCHAR(256) |
|
ms_ent_trustee_identifier |
VARCHAR(4000) |
|
ms_ent_id |
VARCHAR(32) |
|
ms_id |
VARCHAR(32) |
|
ms_ent_type_id |
VARCHAR(32) |
|
ms_trust_id |
VARCHAR(32) |
|
trust_status |
int2 |
not used for now, reserved for the future: 1-grant, 0 -revoke, 2 -deactivated |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
ownership_id |
VARCHAR(32) |
|
cat_item_id |
VARCHAR(32) |
|
cat_item_type_id |
VARCHAR(32) |
|
owner_id |
VARCHAR(32) |
|
owner_dn |
VARCHAR(255) |
|
owner_type |
VARCHAR(32) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Stores resource parameters. It excludes code map keys because it is runtime only.
param_id |
VARCHAR(32) |
|
res_id |
VARCHAR(32) |
|
param_key |
VARCHAR(128) |
|
param_disp_name |
VARCHAR(4000) |
|
hidden |
bool |
|
static_param |
bool |
|
param_type |
VARCHAR(32) |
|
param_value |
VARCHAR(4000) |
|
idv_ent_id |
VARCHAR(32) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Stores Identity Vault resource catalog information
res_id |
VARCHAR(32) |
The unique ID of this resource in the resporting warehouse |
res_dn |
VARCHAR(255) |
The DN of the resource |
res_guid |
VARCHAR(64) |
The GUID of this resource in the Identity Vault |
res_name |
VARCHAR(4000) |
The name of this resource |
res_desc |
VARCHAR(4000) |
The description of this resource |
grant_approval_prd |
VARCHAR(255) |
The PRD used to grant approval for this resource |
revoke_approval_prd |
VARCHAR(255) |
The PRD used to remove approval for this resource |
grant_quorum |
VARCHAR(8) |
The quorum percentage required to grant access to this resource |
revoke_quorum |
VARCHAR(8) |
The quorum percentage required to revoke the access to this resource |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date this resource is valid from |
idmrpt_deleted |
bool |
TRUE if this resource has been deleted and FALSE otherwise |
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this resource |
idmrpt_syn_state |
int2 |
The sync state of this resource |
Contains all of the roles in all of the Identity Vaults connected to the reporting tool
role_id |
VARCHAR(32) |
The ID of this role in this reporting warehouse |
role_dn |
VARCHAR(255) |
The DN of this role |
role_guid |
VARCHAR(64) |
The GUID of this role in the Identity Vault |
role_name |
VARCHAR(4000) |
The name of this role |
role_desc |
VARCHAR(4000) |
The description of this role |
approval_prd |
VARCHAR(255) |
The PRD used to grant this role |
quorum |
VARCHAR(8) |
The quorum percentage required to gain access to this role |
role_level |
int2 |
The level of this role. The levels are 10, 20, or 30 |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date this role is valid from |
idmrpt_deleted |
bool |
TRUE if this value is deleted and FALSE otherwise |
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this role |
idmrpt_syn_state |
int2 |
The sync state of this role |
Stores information about available role levels in the Identity Vaults connected to the reporting warehouse.
role_level |
int2 |
The role level. This is a number of 10, 20, and 30 |
role_level_name |
VARCHAR(255) |
The name of the role level |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date this role level was made valid |
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this role level |
idmrpt_syn_state |
int2 |
The sync state of this role level |
role_level_id |
VARCHAR(32) |
The ID for this role level |
Stores parent-child roles and implicit assignments
role_id |
VARCHAR(32) |
|
mapped_id |
VARCHAR(32) |
|
info |
VARCHAR(4000) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
mapping_id |
VARCHAR(32) |
|
mapped_id_type |
VARCHAR(32) |
mapped item type uuid based on catalog item type. if item type points to role, than it is a child role. |
idmrpt_syn_state |
int2 |
table that stores role to resource associations
role_id |
VARCHAR(32) |
|
res_id |
VARCHAR(32) |
|
assoc_dn |
VARCHAR(255) |
|
assoc_guid |
VARCHAR(64) |
|
idv_id |
VARCHAR(32) |
|
association_id |
VARCHAR(32) |
|
assoc_desc |
VARCHAR(4000) |
|
assoc_status |
int2 |
|
aproval_override |
bool |
|
idmrpt_deleted |
bool |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_syn_state |
int2 |
table that stores role to resource association dynamic parameter values
assoc_param_id |
VARCHAR(32) |
|
assoc_id |
VARCHAR(32) |
|
param_value |
VARCHAR(4000) |
|
param_key |
VARCHAR(128) |
|
idmrpt_deleted |
bool |
|
idmrpt_valid_from |
TIMESTAMP WITH TIME ZONE |
|
idmrpt_syn_state |
int2 |
Represents the registry of data collection drivers per Identity Vault
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this driver |
rpt_drv_id |
VARCHAR(32) |
The ID of this driver |
drv_dn |
VARCHAR(255) |
The DN of this driver |
drv_guid |
VARCHAR(64) |
The GUID of this driver in the Identity Vault |
drv_name |
VARCHAR(256) |
The name of this driver |
data_locale |
VARCHAR(16) |
The locale used when collecting data from this driver |
collect_events |
bool |
Flag that determines if the driver collector is ready to start receiving events from the data collection driver. By default this will be true. |
collector_id |
VARCHAR(32) |
The ID of this collector |
drv_desc |
VARCHAR(1024) |
The description of this driver |
drvset_guid |
VARCHAR(64) |
The GUID of the driver set containing this driver |
Stores the scope for all data collection drivers per Identity Vault, driver to enforce not inteceting scopes within one Identity Vault.
idv_id |
VARCHAR(32) |
The ID of the Identity Vault |
rpt_drv_id |
VARCHAR(32) |
The ID of the data collection driver |
driver_scope |
VARCHAR(255) |
The scope of the driver |
Catalog of separation of duties information
sod_id |
VARCHAR(32) |
The unique ID of this SOD in the reporting warehouse |
sod_dn |
VARCHAR(255) |
The DN of this SOD |
sod_guid |
VARCHAR(64) |
The GUID of this SOD in the Identity Vault |
idv_id |
VARCHAR(32) |
The ID of the Identity Vault containing this SOD |
role_id_1 |
VARCHAR(32) |
|
role_id_2 |
VARCHAR(32) |
|
sod_name |
VARCHAR(4000) |
The name of this SOD |
sod_desc |
VARCHAR(4000) |
The description of the SOD |
sod_approval_type |
int2 |
The approval type of this SOD |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
The date this SOD became valid |
idmrpt_deleted |
bool |
TRUE if this SOD has been deleted and FALSE otherwise |
idmrpt_syn_state |
int2 |
The sync state of this SOD |
custom_appr |
bool |
TRUE if this SOD is a custom approval type and false otherwise |
Stores approved separation of duties violations for identities
sod_id |
VARCHAR(32) |
|
identity_id |
VARCHAR(32) |
|
approval_date |
TIMESTAMP WITH TIME ZONE |
|
approval_info |
VARCHAR(4000) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
sod_violation_id |
VARCHAR(32) |
|
justification |
VARCHAR(4000) |
|
idmrpt_syn_state |
int2 |
Information about the approval activities for resource and role assignments as well as separation of duties exceptions.
approval_id |
VARCHAR(32) |
|
identity_id |
VARCHAR(32) |
|
item_type_id |
VARCHAR(32) |
|
item_id |
VARCHAR(32) |
|
approval_date |
TIMESTAMP WITH TIME ZONE |
|
approval_type |
int2 |
approval type; grant? 1, revoke 2, grant & revoke 3 |
action |
VARCHAR(16) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Stores Roles Based Provisioning Module team definitions
team_id |
VARCHAR(32) |
|
idv_id |
char(32) |
|
team_type |
VARCHAR(8) |
|
team_dn |
VARCHAR(255) |
|
team_guid |
VARCHAR(64) |
|
team_name |
VARCHAR(4000) |
|
team_desc |
VARCHAR(4000) |
|
manager_not_member |
bool |
|
team_all_users |
bool |
|
team_memb_relationship |
VARCHAR(128) |
|
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
idmrpt_syn_state |
int2 |
Stores the roles based provisioning module team member and manager assignments
team_id |
VARCHAR(32) |
|
assigned_id |
VARCHAR(32) |
|
assigned_id_type |
VARCHAR(32) |
|
assignment_type |
int2 |
type of assignments: 1 - member, 2 - manager |
idmrpt_valid_from |
TIMESTAMP WITHOUT TIME ZONE |
|
idmrpt_deleted |
bool |
|
assignment_id |
VARCHAR(32) |
|
idmrpt_syn_state |
int2 |