Database Schema Documentation
Database Schema DocumentationThis documentation provides information about Entity and Event schema available in IdentityIntelligence. The schema documentation helps you to create custom queries that can be used tofeed data to a third party tool for creating advanced visualization of Identity Intelligence data.This documentation also includes sample queries for typical user scenarios. Entity SchemaEvent SchemaSample QueriesEntity SchemaEntity Schema stores the Entity data gathered from data sources such as Identity Manager andIdentity Governance. Entity data represents contextual information about users, such as title,manager, access rights, and accounts assigned.This section lists the tables in Entity schema: hared-entity-identityStores the base identity information.Column Nameidentity name givenTypestringidentity name middlestringidentity name familystringidentity phone homestringRequiredYESYESKeyDescriptionRepresents the first nameof the identityRepresents the middlename of the identityRepresents the familyname of the identityLists the home phonenumber associated withthe identity
identity phone mobilestringidentity phone officestringidentity notesstringidentity locationstringidentity emailemailidentity photostringpersona titlestringpersona idstringpersona typeenumpersona statusenumYESLists the mobile phonenumber associated withthe identityLists the office phonenumber associated withthe identityProvides a descriptionassigned by userRepresents the physicallocation, as defined bythe data source, of theidentityProvides the primaryemail address of theidentityIndicates Base64encoded PNG photo ofthe individualProvides theorganization title of theidentityProvides theidentification code forthe personaFor example, workforceIDIndicates the category ofemployment orinteraction with theorganization for theidentityThe values can beconsultant, contractor,full time employee,part time employee,customerIndicates whether theidentity is Active orInactive, depending onyour organization’smethod for identifyingan individual’s statusThe values can be active,deceased,leave of absence,
persona organizationleave with pay,pending, retired,terminatedRepresents the name ofthe department ororganization to which theidentity belongsstringentity unique iduuidYESentity class typestringYESentity begin effective timedatetime YESentity begin effective time acclongYESFor example, departmentYES Provides uniqueidentification code forthis entityIndicates the type ofentityFor example,identity groupIndicates when the entitybecame current as Unixtime in millisecondsIndicates the accuracy ofthe time when the entitybecame currentcompared with the realtimeThe values can be: entity end effective timedatetime YESentity end effective time acclongYES-1: Indicatesindeterminate0: Indicatesaccurate time 0: Indicatespotentialinaccuracy inmsecIndicates when the entitybecame obsolete as Unixtime in millisecondsDefault: MAX TIMEIndicates the accuracy ofthe time when the entitybecame obsolete
compared with the realtimeThe values can be: entity tenant idstringentity producer instance typestringentity producer instance identity reconciliation idYESstring-1: Indicatesindeterminate0: Indicatesaccurate time 0: Indicatespotentialinaccuracy inmsecYES Provides identificationcode of the tenantowning this recordProvides the producer'sinstance typeYESFor example,NetIQIdentityManagerProvides the producer'sinstance idFor example,12.34.56.78Indicates universal valueon which to performentity Stores IdentityGroup that is a group of identities.Column Nameidentitygroup idTypestringidentitygroup namestringRequired KeyDescriptionYESYES Represents the ID of the identitygroup in the following format:"cn helpdesk-history,cn system,cn resourcedefs,cn roleconfig,cn appconfig,cn userapplicationdriver,cn driverset1,o system"YESRepresents the name of the identitygroup
identitygroup descriptionstringYESentity unique iduuidYESentity class typestringYESentity begin effective timedatetime YESentity begin effective time acc longYESProvides a description of the identitygroupYES Indicates globally unique ID for thisentityIndicates the type of entityFor example, identity groupIndicates when the entity becamecurrent as Unix time in millisecondsIndicates the accuracy of the timewhen the entity became currentcompared with the real timeThe values can be: entity end effective timeentity end effective time accdatetime YESlongYES-1: Indicates indeterminate0: Indicates accurate time 0: Indicates potentialinaccuracy in msecIndicates when the entity becameobsolete as Unix time inmillisecondsDefault: MAX TIMEIndicates the accuracy of the timewhen the entity became obsoletecompared with the real timeThe values can be: entity tenant idstringentity producer instance typestringYESentity producer instance idstringYES-1: Indicates indeterminate0: Indicates accurate time 0: Indicates potentialinaccuracy in msecYES Provides the ID of the tenant owningthe record as stored in the temporalgraph.Provides the producer's instancetypeFor example, NetIQIdentityManagerProvides the producer's instance id
For example, 12.34.56.78entity reconciliation idstringIndicates universal value on whichto perform entity reconciliationmf-shared-entity-externalidStores external ID that represents an alternate identity, such as Workforce ID, non-primaryemail address, AD login, and so on.Column Nameaccount domainTypestringRequiredNOaccount statusstringNOexternal id authoritystringYESexternal id valuestringYESentity unique iduuidYESentity class typestringYESentity begin effective timedatetime YESentity begin effective time acclongYESKeyDescriptionRepresents the domainFor example, CORPDOMfor ADIndicates whether theaccount that is associatedwith the identity is Active orInactiveYES Represents authority againstwhich the ID is judgedFor example, email,workforce, AD@hostRepresents the source'sidentification codeFor example, account namejdoe for Active DirectoryYES Indicates globally unique IDfor this entityIndicates the type of entityFor example, identity groupIndicates when the entitybecame current as Unix timein millisecondsIndicates the accuracy of thetime when the entity becamecurrent compared with thereal timeThe values can be:
entity end effective timedatetime YESentity end effective time acclongYES-1: Indicatesindeterminate0: Indicates accuratetime 0: Indicatespotential inaccuracyin msecIndicates when the entitybecame obsolete as Unixtime in millisecondsDefault: MAX TIMEIndicates the accuracy of thetime when the entity becameobsolete compared with thereal timeThe values can be: entity tenant idstringentity producer instance typestringentity producer instance identity reconciliation : Indicatesindeterminate0: Indicates accuratetime 0: Indicatespotential inaccuracyin msecYES Indicates the ID of the tenantowning this recordProvides the producer'sinstance typeFor example,NetIQIdentityManagerProvides the producer'sinstance IDFor example, 12.34.56.78Indicates universal value onwhich to perform entityreconciliation
Stores entitlement and the account-holding application.Column Nameapplication nameapplication esents the source’sdisplay nameFor example, OracleFinancials, SalesForce,Box.comRepresents the source’sdescription ofapplicationstringentity unique iduuidYESentity class typestringYESentity begin effective timedatetime YESentity begin effective time acclongYESFor example, PeopleSoftApplication, IT ServiceDeskYES Indicates globally uniqueID for this entityRepresents the type ofentityFor example,identity groupRepresents when theentity became current asUnix time inmillisecondsIndicates the accuracy ofthe time when the entitybecame currentcompared with the realtimeThe values can be: entity end effective timedatetime YES-1: Indicatesindeterminate0: Indicatesaccurate time 0: Indicatespotentialinaccuracy inmsecRepresents when theentity became obsolete
entity end effective time acclongas Unix time inmillisecondsDefault:MAX TIMEIndicates the accuracy ofthe time when the entitybecame obsoletecompared with the realtimeYESThe values can be: entity tenant idstringentity producer instance typestringentity producer instance identity reconciliation idstringYES-1: Indicatesindeterminate0: Indicatesaccurate time 0: Indicatespotentialinaccuracy inmsecYES Indicates the ID of thetenant owning the recordas stored in the temporalgraph.Provides the producer'sinstance typeYESFor example,NetIQIdentityManagerProvides the producer'sinstance idFor example,12.34.56.78Indicates u niversal valueon which to performentity ores entitlement information that is a digital entity such as a user account, computer, ordatabase that a business user needs to be able to access.Column NameTypeRequired KeyDescription
entity unique iduuidYESentity class typestringYESentity begin effective timedatetime YESentity begin effective time acc longYESYES Indicates globally unique ID for thisentityRepresents the type of entityFor example, identity groupRepresents when the entity becamecurrent as Unix time in millisecondsIndicates the accuracy of the time whenthe entity became current comparedwith the real timeThe values can be: entity end effective timedatetime YESentity end effective time acclongYES-1: Indicates indeterminate0: Indicates accurate time 0: Indicates potentialinaccuracy in msecIndicates when the entity becameobsolete as Unix time in millisecondsDefault: MAX TIMEIndicates the accuracy of the time whenthe entity became obsolete comparedwith the real timeThe values can be: entity tenant idstringentity producer instance typestringentity producer instance idstringentity reconciliation idstring-1: Indicates indeterminate0: Indicates accurate time 0: Indicates potentialinaccuracy in msecYESYES Provides the ID of the tenant owningthis recordProvides the producer's instance typeYESFor example, NetIQIdentityManagerProvides the producer's instance idFor example, 12.34.56.78Indicates universal value on which toperform entity reconciliation
entitlement idstringYESYES Indicates identification code for theentitlement in the following format:entitlement namestringYES"cn helpdesk-history,cn system,cn resourcedefs,cn roleconfig,cn appconfig,cn userapplicationdriver,cn driverset1,o system"Represents the entitlement nameentitlement descriptionstringYESRepresents the entitlement descriptionmf-shared-entity-relationStores relations of various entities.Column NameTypeRequiredKeyYES Indicates globally uniqueID for the entityRepresents the type ofentityentity unique iduuidYESentity class typestringYESentity begin effective timedatetimeentity begin effective time acc longYESYESDescriptionFor example,identity groupRepresents when the entitybecame current as Unixtime in millisecondsIndicates the accuracy ofthe time when the entitybecame current comparedwith the real timeThe values can be: -1: Indicatesindeterminate0: Indicates accuratetime 0: Indicatespotential inaccuracyin msec
entity end effective timedatetimeYESentity end effective time acclongYESIndicates when the entitybecame obsolete as Unixtime in millisecondsDefault: MAX TIMEIndicates the accuracy ofthe time when the entitybecame obsolete comparedwith the real timeThe values can be: entity tenant idstringentity producer instance typestringentity producer instance idstringYES-1: Indicatesindeterminate0: Indicates accuratetime 0: Indicatespotential inaccuracyin msecYES Provides the ID of thetenant owning the recordProvides the producer'sinstance typeFor example,NetIQIdentityManagerProvides the producer'sinstance idYESentity reconciliation idstringrel lhs iduuidYESYESrel lhs typestringYESYESrel rhs iduuidYESYESrel rhs typestringYESYESFor example, 12.34.56.78Provides universal value onwhich to perform entityreconciliation.Provides the ID of the lefthand side of the relationIndicates the entity type ofthe left-hand side of therelationProvides the ID of the righthand side of the relationIndicates the entity type ofthe right-hand side of therelation
mf-shared-entity-relation-closureStores relationship hierarchy information.Column Nameentity unique iduuidTypeentity class typestringRequired KeyDescriptionYESYES Indicates globallyunique ID for theentityYESRepresents the type ofentityentity begin effective timedatetimeYESentity begin effective time acclongYESFor example,identity groupRepresents when theentity became currentas Unix time inmillisecondsIndicates the accuracyof the time when theentity became currentcompared with thereal timeThe values can be: entity end effective timedatetimeYESentity end effective time acclongYES-1: Indicatesindeterminate0: Indicatesaccurate time 0: Indicatespotentialinaccuracy inmsecIndicates when theentity became obsoleteas Unix time inmillisecondsDefault:MAX TIMEIndicates the accuracyof the time when the
entity became obsoletecompared with thereal timeThe values can be: entity tenant idstringentity last modified native type stringentity producer instance typeentity producer instance idstringstringYESYESentity reconciliation idstringrel lhs iduuidYESrel lhs typestringYESrel rhs iduuidYES-1: Indicatesindeterminate0: Indicatesaccurate time 0: Indicatespotentialinaccuracy inmsecYES Provides the ID of thetenant owning therecordIndicates theproducer's native typefor the entityIndicates theproducer's instancetypeFor example,NetIQIdentityManagerProvides theproducer's instance idFor example,12.34.56.78Provides universalvalue on which toperform entityreconciliationYES Provides the ID of theleft-hand side of therelationYES Indicates the entitytype of the left-handside of the relationYES Provides the ID of theright-hand side of thisrelation
rel rhs typestringrelclosure pathstringYES(varchar(65000))relclosure depthintegerYESYESYES Indicates the entitytype of the right-handside of the relationYES Provides the path fromparent to child storedwith / as a separatorFor example, A/B/Cwhere A, B, C arerel lhs or rel rhs IDsYES Provides the numberof hops you need tomake to reach thechild from the parent
Event SchemaEvent Schema stores the audit and activity events gathered from data sources. An event can be: Changes to entity data, such as addition, deletion, modification, and change inrelationshipsActivities, such as user requests, approvals, and provisioning of permissions for roles andresourcesThe following table contains information about some of the commonly used fields in the eventschema:Column )RequiredDescriptionNOTIndicates when the activity occurredNULLIndicates the type of object central tothe action taken in the workflowprocessFor example:'Actor/User' indicates that the activitymight involve creating, modifying, ordeleting an identity'Host/Application/Workflow' indicatesa workflow-related action such as anidentity approving a requestIndicates whether the activity resultsin one of the following outcomes:Attempt represents actions that do notdenote a successful or failed outcomeSuccess represents an approved requestFailure represents a request that failedto be approvedRepresents the username, as suppliedby the data source, of the identityaffected by the activityFor example, Identity Managerprovides the username as adistinguished name (DN)Also see Source Username andDestination Identity Given NameApplies only when the value forDevice Custom String 5 Label equalscorrelationidServes as the correlation ID thatgroups all the activities associated with
char(1023)a single workflow processFor example, one process instancemight include the initial request action,three approval actions, and thesuccessful closure action of the requestAlso see Device Custom String 5Label in Attributes You Might Add tothe TableIndicates the source of the dataFor example, Identity GovernanceRepresents the name, as supplied bythe data source, of the access rightaffected by the activityFor example, Identity Managerprovides DNs for the names of accessrightsAlso see Permission NameIndicates whether the activity relates toa Role or ResourceIndicates the type of action that theidentity or workflow initiatedFor example, a/Authorization/Add/Request/Createvalue indicates that someone requesteda new access right or identityIndicates whether the associatedidentity Requested or Initiated theactivityRepresents a short description of theactivity as provided by the data sourceFor example, Role Request orWorkflow DeniedRepresents the username, as suppliedby the data source, of the identity thatgenerated the activityAlso see Destination Username andSource Identity Given Name
Sample QueriesThis section provides sample queries of typical user scenarios. You can use the following queriesor create similar queries to provide data to any third party tool for creating custom visualizations. Get events related to review of access rightsSELECTTO TIMESTAMP(devicereceipttime / 1000) as 'Event eCategoryBehavior '/Authorization/Review'and (CategoryOutcome '/Success'or CategoryOutcome '/Failure'); Get events related to user lifecycle activities, such as creating, modifying, and deleting anidentityselectTO TIMESTAMP(devicereceipttime / 1000) as 'Event ecategoryObject '/Actor/User'and (categoryBehavior '/Create'or categoryBehavior '/Delete'or categoryBehavior '/Modify'); Get events related to requests to add or delete access rightsselectTO TIMESTAMP(devicereceipttime / 1000) as 'Event Time',devicecustomstring5,name,filename,
eventswhereCategoryBehavior like '/Authorization/Add/Request%'or CategoryBehavior like '/Authorization/Delete/Request%'; Get events related to provisioning or removal of access rightsselectTO TIMESTAMP(devicereceipttime / 1000) as 'Event eCategoryBehavior '/Authorization/Add'or CategoryBehavior '/Authorization/Delete'; Get events involved in an access right request approval workflowselectTO TIMESTAMP(devicereceipttime / 1000) as 'Event eCategoryBehavior like '/Execute/Query/Approval%'and CategoryObject like '/Host/Application/Workflow%'; Get the epoch value of the following time:oCurrent time:select LEFT(TO CHAR(EXTRACT(EPOCH FROM now())*1000),13)o7 days from nowselect LEFT(TO CHAR(EXTRACT(EPOCH FROM now() ::TIMESTAMPTZ -
7)*1000),13);o30 days from nowselect LEFT(TO CHAR(EXTRACT(EPOCH FROM now() ::TIMESTAMPTZ 30)*1000),13);o1 year from nowselect LEFT(TO CHAR(EXTRACT(EPOCH FROM now() ::TIMESTAMPTZ 365)*1000),13); List all the Identity information as of a given timeNote: Ensure to specify same value for begin effective time and end effective time.SELECT*FROM"mf shared"."mf-shared-entity-identity"whereentity begin effective time epoch value of a time and entity end effective time epoch value of a time and(identity name given ! E''or identity name family ! E''); Get account information by unique ID of an identity as of a given timeNote: Ensure to specify same value for begin effective time and end effective time.selectt2.*from"mf shared"."mf-shared-entity-identity" as t1,"mf shared"."mf-shared-entity-relation" as rel,"mf shared"."mf-shared-entity-externalid" as t2wheret1.entity unique id ' entity unique id 'and t1.entity begin effective time epoch value of a time and t1.entity end effective time epoch value of a time and rel.rel lhs id t1.entity unique idand rel.entity class type 'PersonaHasAccount'and rel.entity begin effective time epoch value of a time and rel.entity end effective time epoch value of a time and t2.entity unique id rel.rel rhs idand t2.entity begin effective time epoch value of a time and t2.entity end effective time epoch value of a time ; Get persona information by unique ID of an identity as of a given timeNote: Ensure to specify same value for begin effective time and end effective time.SELECT"persona id@Persona","persona title@Persona","persona type@Persona","persona status@Persona","persona organization@Persona"
FROM"mf shared"."mf-shared-entity-identity"whereentity unique id ' entity unique id 'and entity begin effective time epoch value of a time and entity end effective time epoch value of a time ; Get access right information by unique ID of an identity as of a given timeNote: Ensure to specify same value for begin effective time and end effective time.selectentl.*from"mf shared"."mf-shared-entity-identity" t2,"mf shared"."mf-shared-entity-relation" rel,"mf shared"."mf-shared-entity-entitlement" entlWHEREt2.entity unique id ' entity unique id 'and t2.entity begin effective time epoch value of a time and t2.entity end effective time epoch value of a time and rel.rel lhs id t2.entity unique idand rel.entity class type 'IdentityHasEntitlement'and rel.entity begin effective time epoch value of a time and rel.entity end effective time epoch value of a time and entl.entity unique id rel.rel rhs idand entl.entity begin effective time epoch value of a time and entl.entity end effective time epoch value of a time ; Get identity information for an account in the event as of a given timeNote: Ensure to specify same value for begin effective time and end effective time.selectDISTINCT t3.*frominvestigation.events as ev ,"mf shared"."mf-shared-entity-externalid" as t2,"mf shared"."mf-shared-entity-relation" as rel,"mf shared"."mf-shared-entity-identity" as t3whereev.destinationUserName ' user name 'and UPPER(t2.external id value) UPPER(ev.destinationUserName)and t2.entity begin effective time epoch value of a time and t2.entity end effective time epoch value of a time and t2.entity begin effective time ev.deviceReceiptTimeand t2.entity end effective time ev.deviceReceiptTimeand rel.rel rhs id t2.entity unique idand rel.entity begin effective time epoch value of a time and rel.entity end effective time epoch value of a time and t3.entity unique id rel.rel lhs idand t3.entity begin effective time epoch value of a time and t3.entity end effective time epoch value of a time ; Get identity information for an identity in the event as of a given timeNote: Ensure to specify same value for begin effective time and end effective time.
selectDISTINCT t3.*frominvestigation.events as ev,"mf shared"."mf-shared-entity-externalid" as t2,"mf shared"."mf-shared-entity-relation" as rel,"mf shared"."mf-shared-entity-identity" as t3whereev.destinationUserId ' user id 'and t2.external id value ev.destinationUserIdand t2.entity begin effective time epoch value of a time and t2.entity end effective time epoch value of a time and t2.entity begin effective time ev.deviceReceiptTimeand t2.entity end effective time ev.deviceReceiptTimeand rel.rel rhs id t2.entity unique idand rel.entity begin effective time epoch value of a time and rel.entity end effective time epoch value of a time and t3.entity unique id rel.rel lhs idand t3.entity begin effective time epoch value of a time and t3.entity end effective time epoch value of a time ; Get access right information for a permission in the event as of a given timeNote: Ensure to specify same value for begin effective time and end effective time.selectDISTINCT ent.*frominvestigation.events as ev,"mf shared"."mf-shared-entity-entitlement" as entwhereev.fileName ' Filename. For example,CN LRole5Feb2020 001,CN Level30,CN RoleDefs,CN RoleConfig,CN AppConfig,CN User Application Driver,CN driverset1,O system 'and UPPER(ent.entitlement id) UPPER(ev.fileName)and ent.entity begin effective time epoch value of a time and ent.entity end effective time epoch value of a time and ent.entity begin effective time ev.deviceReceiptTimeand ent.entity end effective time ev.deviceReceiptTime;
Database Schema Documentation This documentation provides information about Entity and Event schema available in Identity Intelligence. The schema documentation helps you to create custom queries that can be used to feed data to a third party tool for creating advanced visualization of
HS-PORTAL 150 Hebe-Schiebe-Türbeschlag für Holzelemente Schema-Übersicht und allgemeine Hinweise 3.1.2 Ausführbar mit Führungsschiene HH0130-01/-02 KH0130-01 Schema A Schema D Schema G Schema G-2 Schema G-3 Schema H Schema C Schema F Schema K Schema E Schema L Achtung: Die für den SIEGENIA-AUBI-Beschlag HS-PORTAL 150 angegebenen .
figure 8 (also figure 41) : visualization schemas and its relationship to database schema. database schema builds on top of databases and visualization schema builds on top of database schema.10 figure 9 - a user can connect snap to a network or local database in order to begin visualization construction.
support schema evolution [43] to handle data whose structure . by storing FSD as one object without relying on any static schema & E/R model to decompose FSD into relational tables. That is, no schema on write . Flexible schema that is . schema ba
The totality of these behaviors is the graph schema. Drawing a graph schema . The best way to represent a graph schema is, of course, a graph. This is how the graph schema looks for the classic Tinkerpop graph. Figure 2: Example graph schema shown as a property graph . The graph schema is pretty much a property-graph.
the specified database or to have AWS DMS create each database for you as it finds the database on the source. Note For the purposes of this paper, in Oracle a user and schema are synonymous. In MySQL, schema is synonymous with database. Both SQL Server and Postgres have a concept of database AND schema. In this paper, we’re referring to the .
The EVER diagram serves as the visualization aid that graphically conveys changes to a database schema. The diagram is then transformed to an intermediate rep- . 7 Database schema translator Databases Figure 1: The overview of the EVER System for schema evolution diagra:ms. Section 3 introduces the extended graphical constructs for expressing .
Our framework of schema management is designed for docu-ment stores, which includes three components as shown in Fig. 2, schema extraction and discovery component, repository compo-nent, and schema consuming component with two functions of Schema Extraction and Discovery This component provi
o Additif alimentaire. 41 Intrants alimentaires: o Matière première : matière unique ou principale soumise à la transformation Unique : blé en minoterie, betterave ou canne en sucrerie Principale en volume : lait pour le yaourt, eau pour les boissons gazeuses Principale en valeur : sucre pour les boissons gazeuses 1. Chapitre introductif 1.4- Intrants et produits des IAA. 42 o Ingrédient .
