Idea ID: 2781996

Package Identity Vault Schema

Status : Under Consideration
over 2 years ago
I'd like the ability to be able to package the Identity Vault schema so that I can move it between environments.

The package should be an Identity Vault package.

I'd like the ability to package individual classes and their associated attributes, or to select multiple classes.

This should only make changes to the Designer copy of the schema - it remains the operator’s responsibility to manage the deployment of changes into eDirectory.

When the package is added to the Identity Vault object, the schema extensions should be added.

When the package is removed from the Identity Vault object, the schema extensions should be removed.

Tags:

  • There are legal restrictions that prevent this for now but it is something we can consider moving forward.

     

    Yes, I agree this will be a priority for IGA designer.

  • : why don't you open source Designer or set up a closed contribution program interested people could apply for, sign an NDA, fix stuff and send merge request?

  • I can't think of an identity project in the last 20 years that hasn't included both custom schema and multiple stages (dev / test / prod). Having to manually keep the schema updates in sync between stages, while using packages to keep the code in sync is, at best, a bit of a pain.

    I'm working right now in a three tier environment (dev / test / proc) where some data attributes are published from an HR system in to eDir with a custom aux class and attributes added to a user object. From there, it goes out to other connected applications. I can easily package the filters, the schema maps, and the policies to make this happen, but I can't package the schema changes to go with it.

    I like Lothar's method listed above. It's not perfect, but it seems pretty good and you could easily borrow it and enhance it in to Designer.

  • Under consideration for IGA Deisgner. Please provide any specific use cases.

  • I recall suggesting this a decade or so ago. Probably it's burried somewhere in RMS. Or whatever it was that pre-dated RMS. Might be in Bugzilla, too, since we used to put Designer requests directly in to Bugzilla.