Idea ID: 2781996

Package Identity Vault Schema

Status: Under Consideration

Under Consideration

See status update history

I'd like the ability to be able to package the Identity Vault schema so that I can move it between environments.

The package should be an Identity Vault package.

I'd like the ability to package individual classes and their associated attributes, or to select multiple classes.

This should only make changes to the Designer copy of the schema - it remains the operator’s responsibility to manage the deployment of changes into eDirectory.

When the package is added to the Identity Vault object, the schema extensions should be added.

When the package is removed from the Identity Vault object, the schema extensions should be removed.

Tags:

  • We do that by adding generic resources containing .sch file contents to packages.

    - Export classes/attributes to a .sch file

    - copy/paste contents into "text/plain" resource object

    - add resource object to package

    To apply package content:

    - copy/paste resource object's content into file

    - import file into Designer's schema.

    Manual steps involved, but at least schema can be versioned and distributed with the other packages that depend on it. Of course it would be super-simple to automate the above, if considerations turn out favourable.

    Side note: I actually prefer a driverset package over an ID Vault package because that allows collecting schema resources in a separate library. Resources from ID Vault packages get installed beside the driverset object, which seems kind of odd (or maybe just uncommon).

     

     

     

  • @Alex M - that's why I suggested the package should only modify the designer copy of the schema. It would then be down to the admin to make sure that eDirectory is in a state where the schema changes are deploy-able. I don't see a safe way of automating the changes directly into eDirectory.
  • Hard to guarantee removal of schema extensions if they are still in use. It should flag this and refuse to remove package until all objects are cleared of relevant schema in eDir.