7.2 Editing the Filter

The Filter editor allows you to create and edit the filter. It provides the following primary tasks:

7.2.1 Removing or Adding Classes and Attributes

By removing or adding classes and attributes, you determine the objects that synchronize between the connected data store and the Identity Vault.

Removing a Class or Attribute

If you do not want a class or an attribute to synchronize, the best practice is to completely remove the class or the attribute from the filter. To remove attributes and classes from the filter, do one of the following:

  • Right-click the class or attribute you want to remove, then select Delete.

  • Select the class or attribute you want to remove, then click Delete Delete icon .

  • Click Clear Filter Clear Filter icon to delete all classes and attributes from the filter.

Adding a Class

  1. Click Add Classes Add Classes icon.

    You can also right-click in the Filter editor, then select Add Classes.

  2. Browse and select the class you want to add, then click OK.

  3. Change the options to synchronize the information.

  4. To save the changes, click File > Save.

Adding an Attribute

  1. Click Add Attributes Attribute icon.

    You can also right-click in the Filter editor, then select Add Attribute.

  2. Browse and select the attribute you want to add, then click OK.

  3. Change the options to synchronize the information.

  4. To save the changes, click File > Save.

7.2.2 Modifying Multiple Attributes

The Filter editor allows you to modify more than one attribute at a time. Press the Ctrl key and select multiple attributes; when the option changes, it is changed for all of the selected attributes.

7.2.3 Copying an Existing Filter

You can copy an existing filter from another driver and use it in the driver you are currently working with.

  1. Click Copy an Existing Filter Copy an Existing Filter.

    You can also right-click in the Filter editor, then select Copy an Existing Filter.

  2. Browse to and select the filter object you want to copy, then click OK.

    If you have more than one Identity Vault in your project, you can copy filters from the other Identity Vaults. When you are browsing to select the other object, you can browse to the other Identity Vault and use a filter stored there.

7.2.4 Setting Default Values for Attributes

You can define the default values for new attributes when they are added to the filter.

  1. Click Default Attribute Settings Set Default Values for New Attributes.

  2. Select the options you want new attributes to have, then click OK.

7.2.5 Changing the Filter Settings

The Filter editor gives you the option of changing how information is synchronized between the Identity Vault and the connected system. The filter has different settings for classes and attributes.

  1. In the Filter editor, select a class.

    Filter Editor Class options
  2. Change the filter settings for the selected class.

    See Table 7-2 for information on each of the class settings available in the Filter Editor.

  3. In the Filter Editor, select an attribute.

    Filter Editor Attribute options
  4. Change the filter settings for the selected attribute, then click Save Save icon (in the Designer toolbar) to save the changes.

    See Table 7-3 for information on each of the attribute settings available in the Filter Editor.

Table 7-2 Filter Editor Class Settings

Options

Definitions

Publish

  • Synchronize: Allows the class to synchronize from the connected system into the Identity Vault.

  • Ignore: Does not synchronize the class from the connected system into the Identity Vault.

Subscribe

  • Synchronize: Allows the class to synchronize from the Identity Vault into the connected system.

  • Ignore: Does not synchronize the class from the Identity Vault into the connected system.

Create Home Directory

Create Home Directory allows you to create a home directory for a User object in eDirectory. The option only works for eDirectory.

  • Yes: Automatically creates home directories.

  • No: Does not create home directories.

Track Member of Template

  • Yes: Determines whether or not the Publisher channel maintains the Member of Template attribute when it creates objects from a template.

  • No: Does not track the Member of Template attribute.

    When a User object is created using an eDirectory Template object, the eDirectory driver maintains the Member of Template attribute, if the Track Member of Template option is selected. The option only works for eDirectory.

Table 7-3 Filter Editor Attribute Settings

Options

Definitions

Publish

  • Synchronize: Changes to this object are reported and automatically synchronized.

  • Ignore: Changes to this object are neither reported nor automatically synchronized.

  • Notify: Changes to this object are reported, but not automatically synchronized.

  • Reset: Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher channel or Subscriber channel, not both.)

    The Reset option makes a data store the authoritative source of information. For example, if employee addresses should only be changed in the HR database, then set the Reset option in the filter for this attribute. When an address is changed in the e-mail system and sent to the HR database, the filter sends the information from the HR database back to the e-mail system and the employee’s address is not changed.

Subscribe

  • Synchronize: Changes to this object are reported and automatically synchronized.

  • Ignore: Changes to this object are neither reported nor automatically synchronized.

  • Notify: Changes to this object are reported, but not automatically synchronized.

  • Reset: Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher channel or Subscriber channel, not both.)

    The Reset option makes a data store the authoritative source of information. For example, if employee addresses should only be changed in HR database, then set the Reset option in the filter for this attribute. When an address is changed in the e-mail system and sent to the HR database, the filter sends the information from the HR database back to the e-mail system and the employee’s address is not changed.

Merge Authority

  • Default: If an attribute is not being synchronized in either channel, no merging occurs.

    If an attribute is being synchronized in one channel and not the other, then all existing values on the destination for that channel are removed and replaced with the values from the source for that channel. If the source has multiple values and the destination can only accommodate a single value, then only one of the values is used on the destination side.

    If an attribute is being synchronized in both channels and both sides can accommodate only a single value, the connected application acquires the Identity Vault values unless there is no value in the Identity Vault. If this is the case, the Identity Vault acquires the values from the connected application (if any).

    If an attribute is being synchronized in both channels and only one side can accommodate multiple values, the single-valued side’s value is added to the multi-valued side if it is not already there. If there is no value on the single side, you can choose the value to add to the single side.

    This is always valid behavior.

  • Identity Vault: Behaves the same way as the default behavior if the attribute is being synchronized on the Subscriber channel and not on the Publisher channel.

    This is valid behavior when synchronizing on the Subscriber channel.

  • Application: Behaves the same as the default behavior if the attribute is being synchronized on the Publisher channel and not on the Subscriber channel.

    This is valid behavior when synchronizing on the Publisher channel.

  • None: No merging occurs regardless of synchronization.

Optimize Modification to Identity Manager

  • Yes: Changes to this attribute are examined on the Publisher channel to determine the minimal change made in the Identity Vault.

  • No: Changes are not examined.

    When an operation is a Modify on the Publisher channel, the Metadirectory engine examines the current state of the object in the Identity Vault and changes the Modify to update only the values that are changing. For example, if an object has attributes of a, b, c, and d and the Publisher channel receives a Modify event to remove all existing values and add a, b, d, and e, the optimize process knows that the minimal change is to remove d and add e.

    Using this option can take a long time to process events on attributes that have more than 1,000 values.