Managing BHOLD objects and attributes

 

Applies To: Forefront Identity Manager

The BHOLD Core database schema provides a set of object types that define objects that represent the parts of an object model:

• Accounts

• Applications

• Organizational units (orgunits)

• Permissions

• Roles

• Users

Each of these object types is associated with a set of attribute types. An attribute is information associated with an object instance that helps distinguish one instance of an object from another. For example, because BHOLD often expects the Description attribute of an object instance to be a unique identifier (when it creates a personal role for a user, for example), a well-designed object model will ensure that no two object instances of the same type have the same value for the Description attribute.

BHOLD provides attribute sets to make it easier to organize and associate attribute types with object types. That is, attribute types are connected with object types in sets rather than individually.

An attribute type is defined by its names, data type (that is, the form in which the attribute data is stored), its maximum length, and an optional default value.

When you create and manage your role model, you may find it necessary to add attribute types to some object types to correspond with attributes on related objects in other identity systems. For example, the default attribute types of the User object type in BHOLD do not include an attribute type that represents the user’s job title. As a result, if you want to create job-related roles in BHOLD, you would likely want to add an attribute type for job title or job description to the User object.

In addition to these objects, there are three object types that are used to manage BHOLD itself:

• BholdCommon

• LogItem

• System

Because these objects do not represent items in the object model, it is not likely that you would ever need to modify them.

Managing BHOLD objects and attributes consists of the following essential tasks:

• Managing object types

• Managing attribute types and type sets

• Managing data types

Managing object types

BHOLD allows you to add and remove attribute type sets to an object type and to change how an attribute type set is displayed for an object. You cannot create or remove an object type from the BHOLD database schema.

For information about attribute type sets, see Managing attribute types and type sets later in this topic.

To add an attribute type set to an object type

1. In the BHOLD Core portal, in the left pane, click Object types.

2. On the Object types page, click the object type that you want to add an attribute type set to.

3. On the Object type/<object> page, next to Attribute type sets, click Modify.

4. On the Link attribute type set/<object> page, in Order, type a number indicating where in the list of object attributes the new attribute type set should appear.

   Tip

   The number in parentheses before each item in the list of attribute type sets specifies the list order.

5. In the Visible list, click one of the following to specify how the list of attributes in the attribute set will be displayed for an instance of the object:

   • Always show to specify that the list is always expanded

   • Do not show to specify that the list of attributes in the set is not displayed

   • Show collapsed to specify that the list is not shown until the user expands it

6. In the Attribute type set list, click the attribute type set you want to link to the object type, click Add, and then click Done.

7. On the Object type/<object> page, click Done.

To remove an attribute type set from an object type

1. In the BHOLD Core portal, in the left pane, click Object types.

2. On the Object types page, click the object type that you want to remove an attribute type set from.

3. On the Object type/<object> page, next to Attribute type sets, click Modify.

4. On the Link attribute type set/<object> page, next to the attribute type set you want to remove, click Modify, click Remove, and then click Done.

5. On the Object type/<object> page, click Done.

To change how an attribute type set is displayed

1. In the BHOLD Core portal, in the left pane, click Object types.

2. On the Object types page, click the object type that you want to change.

3. On the Object type/<object> page, next to Attribute type sets, click Modify.

4. On the Link attribute type set/<object> page, next to the attribute type set you want to change, click Modify.

5. On the Modify attribute type set of object type/<object> page, in Order, type a number that specifies the position of the attribute type set list in the object attribute list, in the Visible list, click the item the specifies whether and how the attribute list will be displayed, click Modify, and then click Done.

6. On the Object type/<object> page, click Done.

Managing attribute types and type sets

In the BHOLD database, each instance of an object has multiple attributes that help distinguish it from other objects of the same type and to convey information about the real-world item (such as a user or an organizational unit) that the object represents. An object type set is linked to one or more attribute type sets, each of which contains one or more attribute types. An attribute type set can contain predefined attribute types as well as attribute types that you define.

Managing attribute types

You can create a new attribute type, modify an existing attribute type, or delete an attribute type. You cannot delete an attribute type if it is a member of an attribute set.

To create an attribute type

1. In the BHOLD Core portal, in the left pane, click Attribute types.

2. On the Attribute types page, click Add.

3. On the Add attribute type page, in Identity, type the name of the new attribute type as you want it to appear in attribute type lists.

4. In the Data type, click the type of data the attribute will store. For information about data types, including how to define a new data type, see Managing data types later in this topic.

5. In Maximum length, type a number that specifies the longest allowable value for the attribute.

6. In Default value, type the value that you want to the attribute to be set to if a different value is not specified.

7. In the remaining boxes, type the name of the attribute as you want it to be presented to the user in the respective languages or contexts.

8. Click OK, and then, on the Attribute type/<attribute> page, click Done.

To modify an attribute type

1. In the BHOLD Core portal, in the left pane, click Attribute types.

2. On the Attribute types page, click the attribute type you want to modify.

3. On the Attribute type/<attribute> page, click Modify.

4. On the Modify attribute type/<attribute> page, modify the values that you want to change, click OK, and then, on the Attribute type/<attribute> page, click Done.

To delete an attribute type

1. In the BHOLD Core portal, in the left pane, click Attribute types.

2. On the Attribute types page, click the attribute type you want to delete.

3. On the Attribute type/<attribute> page, click Remove, and then click OK.

   Important

   Remove is available only if the attribute type does not belong to an attribute type set. To learn how to remove an attribute type from an attribute type set, see Managing attribute type sets later in this topic.

Managing attribute type sets

An attribute type set aggregates attribute types to make it easier to manage them as a group when linking attribute types to or removing attribute types from an object type. You can create an attribute type set, modify an attribute type set, add and remove attribute types in an attribute type set, and delete an attribute type set. You cannot delete an attribute type set if it is linked to an object type.

To create an attribute type set

1. In the BHOLD Core portal, in the left pane, click Attribute type sets.

2. On the Attribute type sets page, click Add.

3. On the Add attribute type set page, in Description, type the name of the attribute type set as you want it to appear in attribute type set lists.

4. In the remaining boxes, type the name of the attribute list as you want it to be presented to the user in the respective languages or contexts, and then click OK.

5. On the Attribute type set/<set> page, click Done.

To modify an attribute type set

1. In the BHOLD Core portal, in the left pane, click Attribute type sets.

2. On the Attribute type sets page, click the attribute type set you want to change.

3. On the Attribute type set/<set> page, click Modify.

4. On the Modify attribute set/<set> page, modify the values that you want to change, and then click OK.

5. On the Attribute type set/<set> page, click Done.

To add an attribute type to an attribute type set

1. In the BHOLD Core portal, in the left pane, click Attribute type sets.

2. On the Attribute type sets page, click the attribute type set you want to add an attribute type to.

3. On the Attribute type set/<set> page, expand Attribute types, and then click Modify.

4. On the Attribute types of the attribute type set/<set> page, in Attribute type, click the attribute type you want to add to the attribute type set.

   Tip

   To help locate the attribute type in the list, type the attribute type name in the box below the list, and then click Search.

5. In order, type a number indicating where the attribute is to be displayed in the attribute list.

6. Select the Mandatory check box if the user should be required to supply a value for the attribute.

7. Click Add, and then click Done.

To remove an attribute type from an attribute type set

1. In the BHOLD Core portal, in the left pane, click Attribute type sets.

2. On the Attribute type sets page, click the attribute type set you want to remove an attribute type from.

3. On the Attribute type set/<set> page, expand Attribute types, and then click Modify.

4. On the Attribute types of the attribute type set/<set> page, next to the attribute type you want to remove, click Modify, click Remove, and then click Done.

To delete an attribute type set

1. In the BHOLD Core portal, in the left pane, click Attribute type sets.

2. On the Attribute type sets page, click the attribute type set you want to delete.

3. On the Attribute type set/<set> page, click Remove, and then click OK.

   Important

   Remove is available only if the attribute type set is not linked to an object type. To learn how to remove an attribute type set from an object type, see Managing object types earlier in this topic.

Managing data types

A data type specifies the format of the data that is stored in an attribute that is based on the data type. For example, an attribute that should only accept a Y or N value should be defined using the YesNo data type. The data format is specified by using a regular expression that describes the acceptable character pattern. BHOLD rejects a value that does not match the regular expression.

BHOLD provides a set of default data types, including AlphaNumeric, Date, Time, Integer, and Password. In most cases, an attribute type can be based on a predefined data type. If a predefined data type does not meet your requirements, you can create a data type to meet those requirements. You can also modify and delete a data type that you created.

To create a data type

1. In the BHOLD Core portal, in the left pane, click Data types.

2. On the Data types page, click Add.

3. On the Add data type page, in Identity, type a name for the data type, in Regular expression, type a regular expression that defines the format of the data type, and then click OK.

4. On the Data type/<type> page, click Done.

To modify a data type

1. In the BHOLD Core portal, in the left pane, click Data types.

2. On the Data types page, click the data type you want to modify.

3. On the Data type/<type> click Modify.

4. On the Modify data type/<type> page, change the values you want to modify, click OK, and then click Done.

To delete a data type

1. In the BHOLD Core portal, in the left pane, click Data types.

2. On the Data types page, click the data type you want to delete.

3. On the Data type/<type> click Remove, and then click OK.

See also

• Microsoft BHOLD Core Operations Guide

  • Introduction to administering Microsoft BHOLD Core

  • Administering Microsoft BHOLD Core