I have seen some very odd names for Identity attributes.
Just as a refresher, Identity attributes are defined in the ObjectConfig-Identity.xml file.
For example:
<ObjectAttribute displayName="Job Title" editMode="readOnly" name="jobTitle"/>
My example doesn't include any source or target definitions.
If you want the field to be searchable, you have two options. One option is to use one of the extendedNumber values. If you just check the searchable box in the UI, SailPoint will assign the next available extendedNumber value. This option is fraught with dangers. The first danger is that OOTB there are only 10 extended attributes defined in the IdentityExtended.hbm.xml file, so if you exceed 10, you will need to uncomment the 11-20 lines and then create the database table fields. The second danger is that only 5 of the OOTB extended attributes have indexes defined, so any search on those non-indexed attributes will generate a table scan in the database, affecting performance. You should define and create these indexes as soon as possible in your installation process.
The second option is to used named columns. This method is described in the hibernate file and here is where this post is important to apply. My recommendation is to always use strict and concise camelCase for identity attribute names, which go in the ObjectConfig-Identity.xml and in the IdentityExtended.hbm.xml files. Here are some naming schemes that have generated terrible results:
All caps like EMPLID
Trailing caps like personID
Leading caps like ADLoginName
Numbers like AS400Login
Pascal Case such as JobTitle
Repeated caps like autoFRActivate
Long long names like ADLastModifiedDatetime
Using underscores (snake case) like job_title
Database keywords or function names. Here are some I have discovered:
- position
Single lower case values are FINE - emplid, title, these are fine although not very descriptive.
If you want to use "ID" in the description, use "Id" in the name such as personId
Keep it short, keep it simple. Two words is best: jobTitle, departmentName, adLogin, adGuid, empoyeeId, etc. Remember that Oracle 12c only allows a 30 character identifier.
When you deploy the hibernate file and then execute the iiq extendedSchema command, the extendedSchema job takes the camel case and splits it into words, like this:
jobTitle becomes job_title
This is done because database don't normally care about case. For this same reason, always make your indexes to look like the field name, not like the camelCase.
<property name="jobTitle" type="string" length="450"
access="sailpoint.persistence.ExtendedPropertyAccessor"
index="spt_identity_job_title_ci"/>
NOT index="spt_identity_jobTitle_ci"/>
Don't try to create the database scripts on your own, you will likely make a mistake.
End
No comments:
Post a Comment