Skip to main content

Database Integration

Oracle Integration

Hitachi ID Identity Manager can bind to any Oracle Database server (any version) using SQL*Net and issue PLSQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (ALTER USER, UPDATE or invoke a stored procedure).

The Identity Manager administrator can specify alternate SQL commands and so can manage application passwords as well as database connect passwords.

Identity Manager connectors can create, delete, enable, disable, modify and rename system users in any specified Oracle Database server. It creates new Oracle users by cloning existing ones, copying and adjusting their role memberships and tablespace rights in the process. It can also manage the membership of Oracle Database users in Oracle Database roles.

Oracle DBMS security roles are mapped to Identity Manager managed groups. Identity Manager can manage role assignment, using the its built in group-membership-management semantics.

The same Identity Manager connector that manages Oracle Database users can be configured with application-specific SQL code, in order to manage users defined wholly inside an application tablespace, rather than as database-level users. All the same operations (create, delete, enable, disable, rename, change attribute, change group membership) are supported in this configuration, but are implemented via direct SQL calls or calls to stored procedures.

Sybase ASE Integration

Identity Manager can bind to any Sybase ASE database server (any version) using TDS and issue SQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (sp_password, UPDATE or invoke a stored procedure).

The Identity Manager administrator can specify alternate SQL commands and so can manage application passwords as well as database connect passwords.

Identity Manager connectors can create, delete, enable, disable, modify and rename system users in any specified Sybase ASE database server. It creates new Sybase ASE users by cloning existing ones, copying and adjusting their group memberships and tablespace rights in the process. It can also manage the membership of Sybase ASE database users in Sybase ASE database groups.

The same Identity Manager connector that manages Sybase ASE database users can be configured with application-specific SQL code, in order to manage users defined wholly inside an application tablespace, rather than as database-level users. All the same operations (create, delete, enable, disable, rename, change attribute, change group membership) are supported in this configuration.

SQL Server Integration

Identity Manager can bind to an MSSQL server, running version 7.x, 2000, 2005, 2008 or later, using its native TDS protocol. Once connected, Identity Manager can list users, validate current passwords and administratively reset passwords by issuing SQL commands and/or calling stored procedures (SELECT, SP_PASSWORD, UPDATE, etc.).

Default SQL commands are included to update MSSQL passwords, while Identity Manager administrators may specify alternate commands to manage passwords in application tablespaces.

No agent software is installed on the SQL server.

Identity Manager connectors can create, delete, enable, disable, modify and rename system users in any specified MSSQL server. It creates new MSSQL users by cloning existing ones, copying and adjusting their group memberships and tablespace rights in the process. It can also directly manage the membership of MSSQL users in MSSQL groups.

The same Identity Manager connector that manages MSSQL users can be configured with application-specific SQL code, in order to manage users defined wholly inside an application tablespace, rather than as database-level users. All the same operations (create, delete, enable, disable, rename, change attribute, change group membership) are supported in this configuration.

IBM UDB/DB2 Integration

Identity Manager can bind to any DB2/UDB database server (any version) using the DB2/UDB client software and issue SQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (UPDATE or stored procedure).

The Identity Manager administrator can specify alternate SQL commands and so can manage application passwords as well as database connect passwords. Identity Manager connectors can create, delete, enable, disable, modify and rename system users in any specified DB2/UDB database server. It creates new DB2/UDB users by cloning existing ones, copying and adjusting their group memberships and tablespace rights in the process. It can also manage the membership of DB2/UDB database users in DB2/UDB database groups.

The same Identity Manager connector that manages DB2/UDB database users can be configured with application-specific SQL code, in order to manage users defined wholly inside an application tablespace, rather than as database-level users. All the same operations (create, delete, enable, disable, rename, change attribute, change group membership) are supported in this configuration.

page top page top