6.1 Filter Tasks in Designer

This section contains instructions on performing common filter-related tasks in Designer:

6.1.1 Accessing the Filter Editor

The Filter editor allows you to edit the filter. There are three different ways to access the Filter editor: through the model outline, through the policy flow, and through the Policy Set view.

Model Outline View

  1. In an open project, click the Outline tab.

  2. Click the Show Model Outline icon. Policy Builder interface to define XSLT policies.

  3. Select the driver you want to manage the filter for, then click the plus sign to the right.

  4. Double-click the Filter icon and to launch the Filter editor.

    or

    Right-click and select Edit.

Policy Flow View

  1. In an open project, click the Outline tab.

  2. Select the Show Policy Flow icon.

  3. Double-click the Sync icon or Notify icon to launch the Filter editor.

    or

    Right-click and select Edit Policy > Filter.

Policy Set View

  1. Double-click the filter policy in the Policy Set view.

Keyboard Support

Table 6-1 Filter Editor Keyboard Support

Action

Description

Up-arrow

Moves the cursor up in the Filter editor.

Down-arrow

Moves the cursor down in the Filter editor.

Left-arrow

Collapses the information displayed

Right-arrow

Expands the information displayed.

Insert

Adds a class.

Ctrl+Insert

Adds an attribute.

Delete

Deletes the selected items.

Enter

Accesses the edit mode. Press Enter a second time to commit the changes.

Esc

Exits the edit mode.

6.1.2 Editing the Filter

The Filter editor allows you to create and edit the filter. To display a context menu, right-click an item.

Figure 6-1 Filter Options

Removing or Adding Classes and Attributes

By removing or adding classes and attributes, you determine the objects that synchronize between the connected data store and the Identity Vault.

Removing a Class or Attribute

If you do not want a class or an attribute to synchronize, the best practice is to completely remove the class or the attribute completely from the filter. There are two different ways to add or remove attributes and classes from the filter:

  • Right-click the class or attribute you want to remove, then select Delete.

  • Select the class or attribute you want to remove, then click the Delete icon in the upper right corner.

Adding a Class

  1. Right-click in the Filter editor, then click Add Classes.

    or

    Click the Add Classes icon in the upper right corner

  2. Browse and select the class you want to add, then click OK.

  3. Change the options to synchronize the information.

  4. To save the changes, click File > Save.

Adding an Attribute

  1. Right-click in the Filter editor, then click Add Attribute.

    or

    Click the attribute icon in the upper-right corner.

  2. Browse and select the attribute you want to add, then click OK.

  3. Change the options to synchronize the information.

  4. To save the changes, click File > Save.

Modifying Multiple Attributes

The Filter editor allows you to modify more than one attribute at a time. Press the Ctrl key and select multiple attributes; when the option changes, it is changed for all of the selected attributes.

Copying an Existing Filter

You can copy an existing filter from another driver and use it in the driver you are currently working with.

  1. Click the Copy an Existing Filter icon

    Or

    Right-click in the Filter editor, then click Copy an Existing Filter.

  2. Browse to and select the filter object you want to copy, then click OK.

    If you have more than one Identity Vault in your project, you can copy filters from the other Identity Vaults. When you are browsing to select the other object, you can browse to the other Identity Vault and use a filter stored there.

Setting Default Values for Attributes

You can define the default values for new attributes when they are added to the filter.

  1. Click the Set Default Values for New Attributes icon in the upper right corner.

  2. Select the options you want new attributes to have, then click OK.

Changing the Filter Settings

The Filter editor gives you the option of changing how information is synchronized between the Identity Vault and the connected system. The filter has different settings for classes and attributes.

  1. In the Filter editor, select a class.

  2. Change the filter settings for the selected class.

    Options

    Definitions

    Publisher

    • Synchronize: Allows the class to synchronize from the connected system into the Identity Vault.

    • Ignore: Does not synchronize the class from the connected system into the Identity Vault.

    Subscriber

    • Synchronize: Allows the class to synchronize from the Identity Vault into the connected system.

    • Ignore: Does not synchronize the class from the Identity Vault into the connected system.

    Create Home Directory

    • Yes: Automatically creates home directories.

    • No: Does not create home directories.

    Track Member of Template

    • Yes: Determines whether or not the Publisher channel maintains the Member of Template attribute when it creates objects from a template.

    • No: Does not track the Member of Template attribute.

  3. Select an attribute.

  4. Change the filter settings for the selected attribute.

    Options

    Definitions

    Publisher

    • Synchronize: Changes to this object are reported and automatically synchronized.

    • Ignore: Changes to this object are not reported nor automatically synchronized.

    • Notify: Changes to this object are reported, but not automatically synchronized.

    • Rest: Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher channel or Subscriber channel, not both.)

    Subscriber

    • Synchronize: Changes to this object are reported and automatically synchronized.

    • Ignore: Changes to this object are not reported nor automatically synchronized.

    • Notify: Changes to this object are reported, but not automatically synchronized.

    • Reset: Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher channel or Subscriber channel, not both.)

    Merge Authority

    • Default Behavior: If an attribute is not being synchronized in either channel, no merging occurs.

      If an attribute is being synchronized in one channel and not the other, then all existing values on the destination for that channel are removed and replaced with the values from the source for that channel. If the source has multiple values and the destination can only accommodate a single value, then only one of the values is used on the destination side.

      If an attribute is being synchronized in both channels and both sides can accommodate only a single value, the connected application acquires the Identity Vault values unless there is no value in the Identity Vault. If this is the case, the Identity Vault acquires the values from the connected application (if any).

      If an attribute is being synchronized in both channels and only one side can accommodate multiple values, the single-valued side’s value is added to the multi-valued side if it is not already there. If there is no value on the single side, you can choose the value to add to the single side.

      This is always valid behavior.

    • Identity Vault: Behaves the same way as the default behavior if the attribute is being synchronized on the Subscriber channel and not on the Publisher channel.

      This is valid behavior when synchronizing on the Subscriber channel.

    • Application: Behaves the same as the default behavior if the attribute is being synchronized on the Publisher channel and not on the Subscriber channel.

      This is valid behavior when synchronizing on the Publisher channel.

    • None: No merging occurs regardless of synchronization.

    Optimize Modification to Identity Manager

    • Yes: Changes to this attribute are examined on the Publisher channel to determine the minimal change made in the Identity Vault.

    • No: Changes are not examined.

  5. Click the Save icon to save the changes.

6.1.3 Testing Filters

Designer comes with a tool called the Policy Simulator, which allows you to test your policies without implementing them in a production environment. You can launch the Policy Simulator through the Filter editor to test your policy after you have modified it.

  1. Click the Launch Policy Simulator icon in the toolbar.

  2. Select Import to browse to a file that simulates an event.

    Policy Simulator

  3. Select the file, then click Open. This example uses the com.novell.designer.idm.policy\simulation\add\User.xml file, which simulates an Add event for a User object.

    Policy Simulator

    The Policy Simulator displays the input document of the user Add event.

  4. Click Next to begin the simulation.

    Policy Simulator

    The Policy Simulator displays the log of the Add event, the output document, and a comparison of the Input document to the Output document that is generated.

  5. Select the Trace tab display the results of the Add event as you see them in DSTRACE.

    Policy Simulator

  6. Select the Output tab to see the output document that is generated when the filter is executed against an input document. The input document is the user Add event.

    Policy Simulator

    You can edit the input and output documents. If you want to keep the changes, click Save As.

  7. Select the Compare tab to compare the text of the input document to the output document that is generated.

  8. Click Repeat to select a different input document and see the results of that event.

  9. When you have finished testing the filter, click Finish to close the Policy Simulator.

6.1.4 Viewing the Filter XML Source

Designer enables you to view, edit, and validate the XML by using an XML editor or text editor.

Viewing the XML Source

You can view the XML Source in XML or in the XML tree format.

To open the XML Source view:

  1. Click XML Source at the bottom of the Filter editor's workspace.

The XML editor displays line numbers. To see the line number, right-click in the left margin, then select Show Line Numbers.

Figure 6-2 Filter Show Line Numbers

The XML editor expands or collapses the XML by function. If there are functions that contain a large amount of XML, you can collapse the XML by clicking the minus icon in the top left corner. To expand all of the XML functions, click the plus icon in the top left corner.

Each element has its own plus or minus icon in the left margin.

Figure 6-3 Filter XML Plus or Minus

To view the XML in the tree format:

  1. Click XML Tree at the bottom of the Filter editor's workspace.

To see the entire tree view, expand each item listed.

Editing the XML Source

You can edit the XML through the XML editor. You can make changes here as well as through the GUI interface.

Figure 6-4 Editing the XML Source of the Filter

The default editor that is loaded is associated to . xml file types. If a default editor can't be found, the system text editor is loaded. The functionality of the XML Source view is based on the editor that loads.

Right-click to display the list of the functions the XML editor contains.

  • Undo: Undoes the last action.

  • Revert File: Reverts the file to the last version that was saved.

  • Save: Saves the file.

  • Cut: Cuts the selected information.

  • Copy: Copies the selected information to the Clipboard.

  • Paste: Pastes the information into the document.

  • Shift Right: Indents the line to the right.

  • Shift Left: Indents the line to the left.

  • Attache DTD or XML Schema: Attaches a DTD or XML schema file for validation of the policy.

  • Validate: Validates the XML code.

  • Preferences: Sets the preferences for the XML editor.

To choose a different XML editor for your XML Source view:

  1. From the Main menu, click Window > Preferences.

  2. Click General > Editor > File Associations.

  3. Select *xml from the list of file types.

  4. Select the editor you want (for example, Novell XML Editor) from the Associated editors. (If the editor you want isn't in the list, you can click Add, then add it to the list.)

  5. Click OK.

  6. Close and reopen the Filter editor. The default editor should be loaded in the XML Source view.

Validating the XML Source

The XML editor validates the XML code. Right-click, then select Validate. If there are errors, a red x is displayed on the line where the error occurs. An explanation at the bottom of the window gives more information about the problem.

Figure 6-5 Validate Filter

In this example, the beginning tag and the first letter of the <filter-attr> are missing.

6.1.5 Additional Filter Options

When you right-click on a filter object, there are multiple options presented in the Outline view, the Policy Flow view, and the Policy Set view.

Outline View Additional Options

  1. Right-click the filter object in the Outline view.

    • Live Operations > Deploy Filter: Deploys the filter into the Identity Vault.

    • Clear: Deletes all content from the filter policy, but leaves the object.

    • Edit: Launches the Filter editor. For more information, see Section 6.1.2, Editing the Filter.

    • Save As: Saves the Filter as a .xml file.

    • Simulate: Launches the Policy Simulator. For more information, see Section 6.1.3, Testing Filters.

Policy Flow View Additional Options

  1. Right-click the filter object in the Policy Flow view.

Policy Set View Additional Options

  1. Right-click the filter object in the Policy Set view.

    • Clear: Deletes all content from the filter policy, but leaves the object.

    • Edit: Launches the Filter editor. For more information, see Section 6.2.2, Editing the Filter.

    • Save: Saves the filter as a Xml file.

    • Simulate: Launches the Policy Simulator. For more information, see Section 6.1.3, Testing Filters.

    • Live Operations > Deploy Filter: Allows you to deploy the filter into the Identity Vault.