This topic explains how Microsoft® Forefront Identity Manager (FIM) 2010 works when it imports delta (changed) objects from a connected data source. Because users can have different database server types, such as Microsoft SQL Server, Oracle Database, or IBM DB2 Universal Database, it is the responsibility of the users to create a delta view on the connected data source by using the appropriate database programming language for their database type. To learn how to create views and populate them with data from a primary table, see your database documentation or consult your database administrator.
Database design for delta views
To import delta changes of objects in a database, you must provide a separate delta view of those changes. When you configure your management agent, on the Connect to Database page in Management Agent Designer, you can specify a primary table and a delta view. You can use the primary table for full import of all objects into a connector space. On subsequent delta import runs, you can use the delta view. This separate delta view must reside in the same database as the primary table that is selected for import. All exports are full export, and they do not require a separate view.
For example, you can select a table with the following user objects as the primary table. All objects are imported using a full import run.
Primary Table
EmployeeID | LastName | FirstName | Title |
---|---|---|---|
E001 |
Doyle |
Patricia |
Sales |
E002 |
DeVoe |
Michael |
Vice President |
E003 |
Lysaker |
Jenny |
Sales |
E004 |
Truelson |
Kim |
Sales |
Configuring a delta view
User information can change regularly. It is inefficient to run a full import of the primary table each time a change occurs. It is necessary to import again (Insert, Modify, or Delete) only the objects that have changed. A user-written trigger on the primary table determines these changes and writes the changed objects to a secondary delta view. The delta view with the user objects that have changed is specified on the Connect to Database page in Management Agent Designer.
For a delta view, the following requirements must be met:
- The delta view must have all of the columns
that exist in the primary table.
- The delta view must have at least one
additional column of string type. This is for the change type.
- If the Configure attribute-level change
type synchronization option is selected in Configure
delta, in the Configure Columns page in Management Agent
Designer, an additional string-type column is required for the
delta view. This column contains the names of the attributes that
have been modified.
- The delta view must be constructed so that
the rows are returned in the order in which entries were made into
the delta view. This can be achieved, for example, by sorting based
on a time stamp column.
- After a delta import run, it is necessary to
remove the rows from the delta view that have already been
imported. If the rows that have already been imported are not
removed, they will be imported again on subsequent delta runs,
making the same changes that have already been applied.
In the following example of a delta view, employee E001 has a new title, employee E003 has a last name change, employee E004 has left the company and can be removed, and employee E006 is new and needs to be added. No change has occurred for employee E002; therefore, no object for E002 exists in the delta view. The table in the previous example is specified as the primary table. This delta view has the following columns:
- The EmployeeID column is required
because it exists in the primary table. This column serves as a
reference\anchor column, guranteeing uniqueness of each object.
- The LastName column is required
because it exists in the primary table. This column contains each
user object's last name.
- The FirstName column is required
because it exists in the primary table. This column contains each
user object's first name.
- The Title column is required because
it exists in the primary table. This column contains each user
object's job title.
- The change_type column is required
because it is used to identify the change type operation for each
delta object.
Delta View
EmployeeID |
LastName |
FirstName |
Title |
change_type |
E001 |
Doyle |
Patricia |
Vice President |
Modify |
E003 |
Lysaker-Diaz |
Jenny |
Sales |
Modify |
E004 |
Truelson |
Kim |
Sales |
Delete |
E006 |
Zeman |
Michael |
Sales |
Add |
Configuring a delta view for multi-value attributes
To synchronize changes to objects with multi-value attributes, a primary table, a multi-value table, and a delta view are required. Triggers are required to detect changes to the multi-value table and to translate the change to a change type in the delta view. This delta view can contain both single-value attribute changes and multi-value attribute changes. For more information about configuring a multi-value table, see Related Topics.
In the following example, the primary table has one row containing a user object for department manager Steven Thorpe (employee E005) and one row for newly added employee Michael Zeman (E006). There is a secondary multi-value table that identifies the employees that Steve manages (DIRECTS) to which—in addition to the primary table—Michael Zeman (E006) will be added. Finally, there is a delta view that contains the object-level change that will occur for adding Michael Zeman (E006) and the attribute-level change that will occur to the object for Steven Thorpe for adding a new employee (E006) to those employees that he manages (DIRECTS).
Primary Table
EmployeeID |
OBJECT_TYPE |
LastName |
FirstName |
E005 |
user |
Thorpe |
Steven |
E006 |
user |
Zeman |
Michael |
Multi-Value Table
EmployeeID |
ATTRIBUTE_NAME |
STRING_VALUE |
E005 |
DIRECTS |
E001 |
E005 |
DIRECTS |
E002 |
E005 |
DIRECTS |
E003 |
E005 |
DIRECTS |
E006 |
This delta view has the following columns:
- The EmployeeID column is required
because it exists in the primary table. This column serves as a
reference\anchor column, guaranteeing uniqueness of each
object.
- The LastName column is required
because it exists in the primary table. This column contains each
user object's last name.
- The FirstName column is required
because it exists in the primary table. This column contains each
user object's first name.
- The OBJECT_TYPE column is required
because it exists in the primary table. This column is used to
identify the object type.
- The ATTRIBUTE_NAME column is required
only if the Enable attribute-level change type
synchronization option is selected in Management Agent
Designer. This column is used to identify a target attribute. This
column can be left blank for object-level changes if the delta view
will contain both attribute-level changes and object-level
changes.
- The CHANGE_TYPE column is required for
the change type. This column maps a change that occurs in the
primary table or multi-value table to a change type in the delta
view. If the Enable attribute-level change type
synchronization option is selected, this column can contain the
Modify_Attribute change type for attribute-level change or an Add,
Modify, or Delete change type for object-level change. If the
Enable attribute-level change type synchronization option is
not selected, this column can contain only Add, Modify, or Delete.
You can configure the change type—if it is something other than the
default Add, Modify, or Delete—in Management Agent Designer.
Delta View
EmployeeID | LastName | FirstName | OBJECT_TYPE | ATTRIBUTE_NAME | CHANGE_TYPE |
---|---|---|---|---|---|
E005 |
Thorpe |
Steven |
User |
DIRECTS |
Modify_Attribute |
E006 |
Zeman |
Michael |
User |
NEED TEXT |
Add |