Tuesday, 17 August 2010

Trigger happy Oracle Identity Manager - Part 6 - Fine granulair OIM user attribute



When an attribute of an OIM user is changed a trigger can be started. The first thing that is triggered is the post update trigger of the Data Object. This will trigger a check of the LOOKUP.USR.TRIGGER lookup tables.
When a field defined in this lookup table is changed the process defined in the decode field of this table is triggered. This means all the processes on all the resource objects exactly named as in the decode field are triggered. This way a password change on the OIM user atribute could change password change processes be triggered on all resource objects. As long as the resource objects tasks are exactly named like in the lookup table is defined.


Watch out for circular triggers in the post update trigger. When the post update trigger makes an update of the attribute it will recursively trigger itself. When no end point in this trigger process is defined the application server will go down because all the resources will be used in this process.

2 comments:

Sunny said...

Hi,

Would you mind explaining the circular trigger in the post update trigger in detail?

Regards,
Sunny Ajmera

ing. Xander Heemskerk CISSP said...

Sunny,

The post update trigger updates the field on which the trigger is, that ways starting the trigger, that would do an update that would again trigger the post update trigger.....etc etc etc.
This recursive process would bring down your application server.

By the way soory for the late reply, I didn't receive your post notification.