Develop Custom Scripts for Database Application Tables (Oracle) Using Groovy
Custom Scripting for Database Application Tables (Oracle) Overview
When you provision accounts from Oracle Access Governance using the Database Application Tables integration, operations such as create, update, and delete are implemented using the default supplied code. On occasions where you wish to modify the default supplied operations, you can optionally provide your own custom scripts which implement your own specific provisioning operation requirements. This step is completely optional, you do not have to create custom scripts if the default operations provide you with what you need. You can add custom scripts to any operations supported. If you choose custom scripts, you only need to add them where you require the default operation to be modified, you can have a combination of custom and default scripts for the operations supported, though you can only have one or the other option for each specific operation. For example, the create operation might be implemented with a custom script that adds some functionality specific to your organization, while the delete operation is unchanged and uses default functionality.
Once you have implemented and configured your Database Application Tables to use a custom script then that script will be used when you next perform a
provisioning or data load operation.
Note:
Any custom script must be implemented using Groovy format. Other scripting formats are not supported.When you create a Database Application Tables
orchestrated system you can identify scripts to be run for a number of provisioning operations on the
database application containing account data. These operations are:
- Create
- Update
- Delete
- Dataload
- Add relationship data
- Remove relationship data
/app/<custom script> . You configure the
agent with the location of the scripts in the integration settings for your orchestrated system. You should ensure that the operating system user running the agent has
read/write permissions for any custom scripts.
When you perform a provisioning task, your script will be run as a
replacement to the standard processing associated with the task. The script must
handle the default provisioning task such as create or update, and can also have
custom tasks above and beyond the default provisioning process, such as:
- Perform custom table updates
- Custom auditing
- Send custom notifications
- Use the default logic provided with the Database Application Tables connector
- Use the custom logic implemented in scripts
You should also note that all custom script types are supported for an orchestrated system configured for managed system mode. The only script type supported for authoritative source mode is the Dataload type, which is supported for both modes.
Note:
Sample Database Schema
The samples provided in the following sections are based on the database tables described in this section.
MYDBAT_PERSON
CREATE TABLE MYDBAT_PERSON
(USERID VARCHAR2(50BYTE) NOT NULL ENABLE,
USERNAME VARCHAR2(50BYTE) NOT NULL ENABLE,
FIRSTNAME VARCHAR2(50BYTE),
LASTNAME VARCHAR2(50BYTE),
EMAIL VARCHAR2(50BYTE) NOT NULL ENABLE,
COUNTRYCODE VARCHAR2(20BYTE),
DESCRIPTION VARCHAR2(50BYTE),
SALARY NUMBER,
JOININGDATE DATE,
STATUS VARCHAR2(50BYTE),
LASTUPDATED TIMESTAMP (6),
PASSWORD VARCHAR2(50BYTE),
CONSTRAINT MYDBATPERSON_PK PRIMARY KEY (USERID));MYDBAT_GROUPS
CREATE TABLE MYDBAT_GROUPS
(GROUPID VARCHAR2(20BYTE) NOT NULL ENABLE,
GROUPNAME VARCHAR2(20BYTE) NOT NULL ENABLE,
CONSTRAINT MYDBATGROUPS_PK PRIMARY KEY (GROUPID));MYDBAT_ROLES
CREATE TABLE MYDBAT_ROLES
(ROLEID VARCHAR2(50BYTE) NOT NULL ENABLE,
ROLENAME VARCHAR2(50BYTE) NOT NULL ENABLE,
CONSTRAINT MYDBATROLES_PK PRIMARY KEY (ROLEID));MYDBAT_PERSON_GROUP
CREATE TABLE MYDBAT_PERSON_GROUP
(USERID VARCHAR2(20BYTE) NOT NULL ENABLE,
GROUPID VARCHAR2(20BYTE) NOT NULL ENABLE,
CONSTRAINT "MYDBATPERSONGROUP_PK"PRIMARY KEY (USERID, GROUPID));MYDBAT_PERSON_ROLE
CREATE TABLE MYDBAT_PERSON_ROLE
(USERID VARCHAR2(20BYTE) NOT NULL ENABLE,
ROLEID VARCHAR2(20BYTE) NOT NULL ENABLE,
FROMDATE DATE,
TODATE DATE,
CONSTRAINT "MYDBATPERSONROLE_PK"PRIMARY KEY (USERID, ROLEID));MYDBAT_COUNTRY
CREATE TABLE MYDBAT_COUNTRY
(COUNTRYCODE VARCHAR2(20BYTE) NOT NULL ENABLE,
COUNTRYNAME VARCHAR2(200BYTE) NOT NULL ENABLE,
CONSTRAINT MYDBAT_COUNTRY_PK PRIMARY KEY (COUNTRYCODE));Note:
Child tables such asmydbat_roles,
mydbat_groups, and
mydbat_country should have a
primary key constraint defined. If no primary key is defined
for child tables then your validate operation will fail and
you will see an error Key for table <tablename> are
not defined.
Trigger and Sequence For Auto-Increment
The following code will create a sequence and trigger which
will auto-assign a USERID when creating a user in the MYDBAT_PERSON
table.
CREATE SEQUENCE MYDBAT_PERSON_SEQ MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT
BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE;create or replace TRIGGER DBAT_PERSON_TRG
BEFORE INSERT ON MYDBAT_PERSON
FOR EACH ROW
BEGIN
<<COLUMN_SEQUENCES>>
BEGIN IF INSERTING AND :NEW.USERID IS NULL THEN
SELECT MYDBAT_PERSON_SEQ.NEXTVAL INTO :NEW.USERID FROM SYS.DUAL;
END IF;
END COLUMN_SEQUENCES;END;Groovy Script Arguments
The following arguments can be used in your Groovy scripts:
Table - Script Arguments
| Argument | Description |
|---|---|
| connector | The Database Application Tables connector object. |
| timing |
When the Groovy script is called. The timing attribute also explains the type of operation being performed. For example, if it is a search operation, then the object class being searched is also returned. The following is the format of the timing argument for lookup
field
synchronization:
OBJECT_CLASS is replaced with
the type of object being reconciled.
For example, for a lookup field synchronization scheduled job
that contains the object type Role, the value of the
timing argument will be as
follows:
|
| attributes | All attributes. |
| trace | Logger as a script trace bridge to the application |
| where | String where condition for execute query, or null. |
| handler | resultSetHandler or SyncResultsHandler for the connector objects produced by the execute query, sync operation or null return. |
| quoting | The type of table name quoting to be used in SQL. The default value is an empty string. The value of this argument is obtained from the integration settings. |
| nativeTimestamps | Specifies whether the script retrieves the timestamp data of the columns as java.sql.Timestamp type from the database table. This information is obtained from the integration settings. |
| allNative | Specifies whether the script must retrieve the data type of the columns in a native format from the database table. The value of this argument is obtained from the integration settings. The value of this argument specifies whether the script must throw exceptions when a zero (0x00) error code is encountered. |
| enableEmptyString | Specifies whether support for writing an empty string instead of a NULL value must be enabled. The value of this argument is obtained from the integration settings. |
| filterString | String filter condition for execute query, or null. |
| filterParams | List of filter parameters. Each parameter is present in the COLUMN_NAME:VALUE format. For example, FIRSTNAME:test. |
| syncattribute | Name of the database column configured for incremental reconciliation. This argument is available in the sync script, which is called during an incremental reconciliation run. |
| synctoken | Value of the sync attribute. This argument is available in the sync script. |
Sample Dataload Script
The data load script reads the data from all the tables for all the defined entities. In this scenario, the term data load refers to the full data load and the lookup data load.
This sample script reads user data from the MYDBAT_PERSON table, and the users' relationship data from the MYDABAT_PERSON_ROLE and MYDBAT_PERSON_GROUP tables. Entitlements data is read from the MYDBAT_GROUPS table, and lookup data is read from the MYDBAT_COUNTRY table. It also has support for a basic filter search on MYDBAT_PERSON table. All these data reads are done using stored procedures.
Dataload Script
import java.sql.CallableStatement;
import java.sql.Connection;
import java.math.*;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.identityconnectors.framework.common.objects.*;
import java.lang.reflect.*;
import java.lang.String;
import org.identityconnectors.common.security.GuardedString;
import java.text.*;
ResultSet rs = null;
CallableStatement st = null;
String ocName ;
try {
if( timing != "")
{
trace.info("[Execute Query] timing attribute value : "+ timing);
ocName = timing.split(":")[1]
}
trace.info("[Execute Query] for objectClass : "+ ocName);
if(ocName.equals("ACCOUNT") || ocName.equals("TARGETACCOUNT")){
if( filterString != "")
{
trace.info("[Execute Query] Performing Recon with Filter. Filter is::"+ filterString+" And Filer Params are::"+filterParams);
//[Execute Query] Performing Recon with Filter. Filter is::MYDBAT_PERSON.USERID = ? And Filer Params are::[MYDBAT_PERSON.USERID:21]
String[] filter = filterParams.get(0).split(":");
st = conn.prepareCall("{call EXECUTE_QUERY_WITH_FILTER(?,?,?)}");
st.setString(2, filter[0]);
st.setString(3, filter[1]);
}
else
{
trace.info("[Execute Query] Performing Full Recon.");
st = conn.prepareCall("{call EXECUTE_QUERY_PERSON(?)}");
}
st.registerOutParameter(1, oracle.jdbc.OracleTypes.CURSOR);
st.execute();
rs = (ResultSet) st.getObject(1);
SimpleDateFormat targetFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss z");
DateFormat df = new SimpleDateFormat("yyyy-MM-dd");
while (rs.next()) {
ConnectorObjectBuilder cob = new ConnectorObjectBuilder();
cob.setObjectClass(ObjectClass.ACCOUNT);
Attribute fname= AttributeBuilder.build(new String("FIRSTNAME"),rs.getString(2));
Attribute lname= AttributeBuilder.build(new String("LASTNAME"),rs.getString(3));
Attribute uid= AttributeBuilder.build(new String("__UID__"),rs.getString(1));
Attribute name= AttributeBuilder.build(new String("__NAME__"),rs.getString(10));
Attribute email= AttributeBuilder.build(new String("EMAIL"),rs.getString(4));
//Attribute salary= AttributeBuilder.build(new String("SALARY"),rs.getBigDecimal(6));
Attribute description= AttributeBuilder.build(new String("DESCRIPTION"),rs.getString(5));
Date dbDate = rs.getDate(7);
String joinDateStr = null;
Long joinDate = null;
if( null != dbDate)
{
java.util.Date date= df.parse(dbDate.toString());
joinDateStr = targetFormat.format(date);
joinDate = date.getTime()
trace.info("date : " +date +" ---- joinDate : "+ joinDate);
}
//Attribute joindate= AttributeBuilder.build(new String("JOININGDATE"),joinDateStr);
if(null != joinDate) {
trace.info("Setting joinDate : "+ joinDate);
Attribute joindate= AttributeBuilder.build(new String("JOININGDATE"),joinDate);
cob.addAttribute(joindate);
}
Attribute status= AttributeBuilder.build(new String("STATUS"),rs.getString(8));
Attribute countryCode= AttributeBuilder.build(new String("COUNTRYCODE"),rs.getString(9));
cob.addAttribute(fname);
cob.addAttribute(lname);
cob.addAttribute(uid);
cob.addAttribute(name);
cob.addAttribute(email);
//cob.addAttribute(salary);
cob.addAttribute(description);
cob.addAttribute(status);
cob.addAttribute(countryCode);
if(ocName.equals("TARGETACCOUNT")){
CallableStatement roleStmt = conn.prepareCall("{call GET_USERROLE(?,?)}");
roleStmt.registerOutParameter(1, oracle.jdbc.driver.OracleTypes.CURSOR);
roleStmt.setString(2, rs.getString(1));
roleStmt.execute();
ResultSet roleResultSet = (ResultSet) roleStmt.getObject(1);
java.util.List<EmbeddedObject> eoList = new ArrayList<EmbeddedObject>();
while (roleResultSet.next()) {
Attribute roleId= AttributeBuilder.build(new String("ROLEID"),roleResultSet.getString(2));
dbDate = roleResultSet.getDate(3);
String fromDateStr = null;
Long fromDate = null;
if( null != dbDate)
{
java.util.Date date= df.parse(dbDate.toString());
fromDateStr = targetFormat.format(date);
fromDate = date.getTime()
}
dbDate = roleResultSet.getDate(4);
String toDateStr = null;
Long toDate = null;
if( null != dbDate)
{
java.util.Date date= df.parse(dbDate.toString());
toDateStr = targetFormat.format(date);
toDate = date.getTime()
}
EmbeddedObjectBuilder roleEA = new EmbeddedObjectBuilder();
roleEA.addAttribute(roleId);
if(null != fromDate) {
trace.info("Setting roles fromDate : "+ fromDate);
Attribute fromdate= AttributeBuilder.build(new String("FROMDATE"),fromDate);
roleEA.addAttribute(fromdate);
}
if(null != toDate) {
trace.info("Setting roles toDate : "+ toDate);
Attribute todate= AttributeBuilder.build(new String("TODATE"),toDate);
roleEA.addAttribute(todate);
}
roleEA.setObjectClass(new ObjectClass("MYDBAT_ROLES"));
eoList.add(roleEA.build());
}
roleResultSet.close();
roleStmt.close();
EmbeddedObject[] roleEm = eoList.toArray(new EmbeddedObject[eoList.size()]);
cob.addAttribute(AttributeBuilder.build("MYDBAT_PERSON_ROLE", (Object[]) roleEm));
CallableStatement groupStmt = conn.prepareCall("{call GET_USERGROUP(?,?)}");
groupStmt.registerOutParameter(1, oracle.jdbc.driver.OracleTypes.CURSOR);
groupStmt.setString(2, rs.getString(1));
groupStmt.execute();
ResultSet groupResultSet = (ResultSet) groupStmt.getObject(1);
java.util.List<EmbeddedObject> geoList = new ArrayList<EmbeddedObject>();
while (groupResultSet.next()) {
Attribute groupId= AttributeBuilder.build(new String("GROUPID"),groupResultSet.getString(2));
EmbeddedObjectBuilder groupEA = new EmbeddedObjectBuilder();
groupEA.addAttribute(groupId);
groupEA.setObjectClass(new ObjectClass("MYDBAT_GROUPS"));
geoList.add(groupEA.build());
}
groupResultSet.close();
groupStmt.close();
EmbeddedObject[] groupEm = geoList.toArray(new EmbeddedObject[geoList.size()]);
cob.addAttribute(AttributeBuilder.build("MYDBAT_PERSON_GROUP", (Object[]) groupEm));
}
if(!handler.handle(cob.build())) return;
}
}else if(ocName.equals("MYDBAT_COUNTRY")){
trace.info("[Execute Query] for Lookup : "+ ocName);
CallableStatement groupStmt = conn.prepareCall("{call GET_COUNTRIES(?)}");
groupStmt.registerOutParameter(1, oracle.jdbc.driver.OracleTypes.CURSOR);
groupStmt.execute();
ResultSet groupResultSet = (ResultSet) groupStmt.getObject(1);
while (groupResultSet.next()) {
ConnectorObjectBuilder cob = new ConnectorObjectBuilder();
cob.setObjectClass(new ObjectClass("MYDBAT_COUNTRY"));
Attribute groupId= AttributeBuilder.build(new String("__UID__"),groupResultSet.getString(1));
Attribute groupName= AttributeBuilder.build(new String("__NAME__"),groupResultSet.getString(2));
cob.addAttribute(groupId);
cob.addAttribute(groupName);
if(!handler.handle(cob.build())) return;
}
groupResultSet.close();
groupStmt.close();
}else if(ocName.equals("MYDBAT_GROUPS")){
trace.info("[Execute Query] for Entitlement : "+ ocName);
CallableStatement groupStmt = conn.prepareCall("{call GET_GROUPS(?)}");
groupStmt.registerOutParameter(1, oracle.jdbc.driver.OracleTypes.CURSOR);
groupStmt.execute();
ResultSet groupResultSet = (ResultSet) groupStmt.getObject(1);
while (groupResultSet.next()) {
ConnectorObjectBuilder cob = new ConnectorObjectBuilder();
cob.setObjectClass(new ObjectClass("MYDBAT_GROUPS"));
Attribute groupId= AttributeBuilder.build(new String("__UID__"),groupResultSet.getString(1));
Attribute groupName= AttributeBuilder.build(new String("__NAME__"),groupResultSet.getString(2));
cob.addAttribute(groupId);
cob.addAttribute(groupName);
if(!handler.handle(cob.build())) return;
}
groupResultSet.close();
groupStmt.close();
}
} finally {
if( null != rs)
rs.close();
if( null != st)
st.close();
}Stored Procedure: Load Users
create or replace PROCEDURE EXECUTE_QUERY_PERSON
(user_cursor OUT SYS_REFCURSOR) AS
BEGIN
OPEN user_cursor FOR
SELECT USERID,
FIRSTNAME,
LASTNAME,
EMAIL,
DESCRIPTION,
SALARY,
JOININGDATE,
STATUS,
COUNTRYCODE,
USERNAME
FROM MYDBAT_PERSON;
END EXECUTE_QUERY_PERSON;Stored Procedure: Filtered User Search
create or replace PROCEDURE EXECUTE_QUERY_WITH_FILTER
(user_cursor OUT SYS_REFCURSOR,
filter IN VARCHAR2,
filterValue IN VARCHAR2) AS
BEGIN
OPEN user_cursor FOR
SELECT USERID,
FIRSTNAME,
LASTNAME,
EMAIL,
DESCRIPTION,
SALARY,
JOININGDATE,
STATUS,
COUNTRYCODE,
USERNAME
FROM MYDBAT_PERSON
WHERE filter=filterValue;
END EXECUTE_QUERY_WITH_FILTER;Stored Procedure: Get Roles
create or replace PROCEDURE GET_ROLES
(user_cursor OUT SYS_REFCURSOR) AS
BEGIN
OPEN user_cursor FOR
SELECT ROLEID,
ROLENAME
FROM MYDBAT_ROLES;
END GET_ROLES;Stored Procedure: Get User Roles
create or replace PROCEDURE GET_USERROLE
(user_cursor OUT SYS_REFCURSOR,
userin IN VARCHAR2) AS
BEGIN
OPEN user_cursor FOR
SELECT USERID,
ROLEID,
FROMDATE,
TODATE
FROM MYDBAT_PERSON_ROLE
WHERE USERID=userin;
END GET_USERROLE;Stored Procedure: Get Groups
create or replace PROCEDURE GET_GROUPS
(user_cursor OUT SYS_REFCURSOR) AS
BEGIN
OPEN user_cursor FOR
SELECT GROUPID,
GROUPNAME
FROM MYDBAT_GROUPS;
END GET_GROUPS;Stored Procedure: Get User Groups
create or replace PROCEDURE GET_USERGROUP
(user_cursor OUT SYS_REFCURSOR,
userin IN VARCHAR2) AS
BEGIN
OPEN user_cursor FOR
SELECT USERID,
GROUPID
FROM MYDBAT_PERSON_GROUP
WHERE USERID=userin;
END GET_USERGROUP;Stored Procedure: Get Lookups (Country)
create or replace PROCEDURE GET_COUNTRIES
(user_cursor OUT SYS_REFCURSOR) AS
BEGIN
OPEN user_cursor FOR
SELECT COUNTRYCODE,
COUNTRYNAME
FROM MYDBAT_COUNTRY;
END GET_COUNTRIES;Sample Create Script
This script is invoked during provisioning of a new account from Oracle Access Governance. Here we are inserting data into the MYDBAT_PERSON table.
Create Script
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.text.*;
import java.util.Date.*;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.objects.*;
import java.text.*;
// START HERE
trace.info("[Create-Groovy] Attributes::"+attributes);
//USERID,PASSWORD,USERNAME,STATUS,EMAIL,FIRSTNAME,LASTNAME,ORGANIZATION,CITY,EMPLOYEE_NUMBER,joiningdate,ENDDATE,LONGVALUE,FLOATVALUE,CHARVALUE
//Get all the attributes from script argument
// This shows how to read arrtibures
String uid = attributes.get("__NAME__")!=null? attributes.get("__NAME__").getValue().get(0):null;
GuardedString pass = attributes.get("__PASSWORD__")!=null? attributes.get("__PASSWORD__").getValue().get(0):null;
String uname = attributes.get("__NAME__")!=null? attributes.get("__NAME__").getValue().get(0):null;
enableValue = attributes.get("__ENABLE__")!=null? attributes.get("__ENABLE__").getValue().get(0):true;
String email=attributes.get("EMAIL")!=null? attributes.get("EMAIL").getValue().get(0):null;
String first=attributes.get("FIRSTNAME")!=null? attributes.get("FIRSTNAME").getValue().get(0):null;
String last=attributes.get("LASTNAME")!=null? attributes.get("LASTNAME").getValue().get(0):null;
String org=attributes.get("ORGANIZATION")!=null? attributes.get("ORGANIZATION").getValue().get(0):null;
String countryCode=attributes.get("COUNTRYCODE")!=null? attributes.get("COUNTRYCODE").getValue().get(0):null;
joiningdate = attributes.get("JOININGDATE")!=null? attributes.get("JOININGDATE").getValue().get(0):null;
PreparedStatement createStmt = null;
String ret =null;
try {
//Call Target API to create a user
createStmt = conn.prepareStatement("INSERT INTO MYDBAT_PERSON(USERID,PASSWORD,USERNAME,STATUS,EMAIL,FIRSTNAME,LASTNAME,COUNTRYCODE,JOININGDATE) VALUES(?,?,?,?,?,?,?,?,?)");
createStmt.setString(1, uid);
if(pass!=null)
{
pass.access(new GuardedString.Accessor(){
public void access(char[] clearChars) { createStmt.setString(2, new String(clearChars));}
});
}
else
createStmt.setString(2,null);
createStmt.setString(3, uname);
if(enableValue)
createStmt.setString(4,"Enabled");
else
createStmt.setString(4,"Disabled");
createStmt.setString(5, email);
createStmt.setString(6, first);
createStmt.setString(7, last);
createStmt.setString(8, countryCode);
DateFormat formatter = new SimpleDateFormat("dd-MMM-yy");
if (joiningdate!=null)
{
if (joiningdate == 0){
createStmt.setString(9,null);
}
else
{
Date da=new Date(joiningdate);
st=formatter.format(da);
createStmt.setString(9,st);
}
}
createStmt.executeUpdate();
} finally{
//close the sql statements
if (createStmt != null)
createStmt.close();
}
trace.info("[Create] Created User::"+uid);
//Return Uid from the script
return new Uid(uid);Sample Add Child Script
This script is invoked during provisioning of entitlements/permissions to users from Oracle Access Governance. Here we are inserting data into the MYDBAT_PERSON_GROUP and MYDBAT_PERSON_ROLE tables.
Add Child Script
import org.identityconnectors.framework.common.objects.*;
import java.text.*;
trace.info("[addMultiValuedAttributeScript-Groovy] Adding Child data::"+ attributes);
childst =null;
try {
//Adding Group data
childDataEOSet = null;
//The child attributes are returned as a set of embedded objects. Each Embedded object
// will provide a row of data in the child table.
// Logic for handling simple multi valued attributes
if(attributes.get("MYDBAT_PERSON_GROUP")!=null)
{
childDataEOSet=attributes.get("MYDBAT_PERSON_GROUP").getValue();
childst=conn.prepareStatement("INSERT INTO MYDBAT_PERSON_GROUP VALUES (?,?)");
String id = attributes.get("__UID__").getValue().get(0);
if(childDataEOSet !=null){
//Iterate through child data and insert into table
trace.info("[addMultiValuedAttributeScript] Adding Group data.");
for( iterator = childDataEOSet.iterator(); iterator.hasNext(); )
{
eo = iterator.next();
attrsSet=eo.getAttributes();
grpattr=AttributeUtil.find("GROUPID",attrsSet);
if(grpattr!=null){
// You are iterating simple multi valued attributes here, Call target APIs here
//conn object is available here
groupid=grpattr.getValue().get(0);
childst.setString(1, id);
childst.setString(2, groupid);
childst.executeUpdate();
childst.clearParameters();
}
};
}
}
} finally {
if (childst != null)
childst.close();
};
try {
childDataEOSet = null;
// Logic for handling Complex multi valued attributes
if(attributes.get("MYDBAT_PERSON_ROLE")!=null)
{
childDataEOSet=attributes.get("MYDBAT_PERSON_ROLE").getValue();
childst=conn.prepareStatement("INSERT INTO MYDBAT_PERSON_ROLE VALUES (?,?,?,?)");
String id = attributes.get("__UID__").getValue().get(0);
if(childDataEOSet !=null)
{
trace.info("[addMultiValuedAttributeScript] Adding Role data.");
for( iterator = childDataEOSet.iterator(); iterator.hasNext(); )
{
eo = iterator.next();
attrsSet = eo.getAttributes(); // Get all the attributes of child object
roleattr=AttributeUtil.find("ROLEID",attrsSet);
// You are iterating complex multi valued attributes here, Call target APIs here
//conn object is available here
if(roleattr!=null){
// You are iterating simple multi valued attributes here, Call target APIs here
//conn object is available here
roleid=roleattr.getValue().get(0);
fromDate=AttributeUtil.find("FROMDATE",attrsSet).getValue().get(0);
toDate=AttributeUtil.find("TODATE",attrsSet).getValue().get(0);
childst.setString(1, id);
childst.setString(2, roleid);
Date from_date=new Date(fromDate);
SimpleDateFormat formatter = new SimpleDateFormat("dd-MMM-yy");
String from_date_st=formatter.format(from_date);
childst.setString(3, from_date_st);
Date to_date=new Date(toDate);
String to_date_st=formatter.format(to_date);
childst.setString(4, to_date_st);
childst.executeUpdate();
childst.clearParameters();
}
};
}
}
} finally {
if (childst != null)
childst.close();
};Sample Remove Child Script
This script is invoked during deprovisioning of entitlements/permissions from users from Oracle Access Governance. Here we are removing data from MYDBAT_PERSON_GROUP and MYDBAT_PERSON_ROLE tables using stored procedures.
Remove Child Script
import org.identityconnectors.framework.common.objects.*;
trace.info("[removeMultiValuedAttributeScript] Removing Child data::"+ attributes);
try {
childDataEOSet = null;
delSt = null;
//Get UID
String id = attributes.get("__UID__").getValue().get(0);
if(attributes.get("MYDBAT_PERSON_GROUP")!=null)
{
childDataEOSet=attributes.get("MYDBAT_PERSON_GROUP").getValue();
//Delete child data using stored procedure
delSt= conn.prepareCall("{call DELETE_USERGROUP(?,?)}");
if(childDataEOSet !=null){
trace.info("[removeMultiValuedAttributeScript] Removing Group data.");
//Iterate through child data and delete
for( iterator = childDataEOSet.iterator(); iterator.hasNext(); )
{
eo = iterator.next();
attrsSet = eo.getAttributes();
grpattr=AttributeUtil.find("GROUPID",attrsSet);
if(grpattr!=null){
groupid=grpattr.getValue().get(0);
delSt.setString(1, id);
delSt.setString(2, groupid);
delSt.executeUpdate();
trace.info("[removeMultiValuedAttributeScript] Deleted Group::"+ grpattr);
}
};
}
}
} finally {
if (delSt != null)
delSt.close();
};
try {
childDataEOSet = null;
delSt = null;
String id = attributes.get("__UID__").getValue().get(0);
if(attributes.get("MYDBAT_PERSON_ROLE")!=null)
{
childDataEOSet=attributes.get("MYDBAT_PERSON_ROLE").getValue();
delSt= conn.prepareCall("{call DELETE_USERROLE(?,?)}");
if(childDataEOSet !=null){
trace.info("[removeMultiValuedAttributeScript] Removing Role data.");
for( iterator = childDataEOSet.iterator(); iterator.hasNext(); )
{
eo = iterator.next();
attrsSet = eo.getAttributes();
roleattr=AttributeUtil.find("ROLEID",attrsSet);
if(roleattr!=null){
rolename=roleattr.getValue().get(0);
delSt.setString(1, id);
delSt.setString(2, rolename);
delSt.executeUpdate();
trace.info("[removeMultiValuedAttributeScript] Deleted Role::"+ rolename);
}
};
}
}
} finally {
if (delSt != null)
delSt.close();
};Stored Procedure: Remove Child
create or replace PROCEDURE DELETE_USERGROUP
(user_id MYDBAT_PERSON_group.USERID%TYPE,
group_id MYDBAT_PERSON_group.GROUPID%TYPE ) AS
BEGIN
DELETE FROM MYDBAT_PERSON_group
WHERE groupid=group_id
AND userid=user_id;
END DELETE_USERGROUP;
create or replace PROCEDURE DELETE_USERROLE
(user_id MYDBAT_PERSON_ROLE.USERID%TYPE,
role_id MYDBAT_PERSON_ROLE.ROLEID%TYPE) AS
BEGIN
DELETE FROM MYDBAT_PERSON_ROLE
WHERE userid=user_id and roleid=role_id;
END DELETE_USERROLE;Sample Delete Script
This script is invoked during revocation of an account from Oracle Access Governance. Here we are deleting the data user relationship tables, MYDBAT_PERSON_ROLE and MYDBAT_PERSON_GROUP, as well as data from the MYDBAT_PERSON table
Delete Script
import java.sql.PreparedStatement;
import org.identityconnectors.framework.common.objects.*;
//Get the UID from the input map 'attributes'
String uid = attributes.get("__UID__").getValue().get(0);
trace.info("[Delete-Groovy] Deleting user:: "+ uid);
try {
//Delete data from child tables and then, main table
//Delete user roles
st = conn.prepareStatement("DELETE FROM MYDBAT_PERSON_ROLE WHERE USERID=?");
st.setString(1, uid);
st.executeUpdate();
st.close();
//Delete user groups
st = conn.prepareStatement("DELETE FROM MYDBAT_PERSON_GROUP WHERE USERID=?");
st.setString(1, uid);
st.executeUpdate();
st.close();
//Delete user account
st = conn.prepareStatement("DELETE FROM MYDBAT_PERSON WHERE USERID=?");
st.setString(1, uid);
st.executeUpdate();
} finally {
if (st != null)
st.close(); };
trace.info("Deleted user:: "+ uid);Sample Update Script
This script is invoked during provisioning operations when account is updated from Oracle Access Governance. Here we are updating the data in MYDBAT_PERSON table
Update Script
import org.identityconnectors.framework.common.objects.*;
import java.text.*;
import org.identityconnectors.framework.common.exceptions.*;
trace.info("[Update-Groovy] Atrributes::"+ attributes);
/** During an Update operation,AGCS sends the UID attribute along with updated attributes.
Get all the values of attributes **/
String id = attributes.get("__UID__")!=null? attributes.get("__UID__").getValue().get(0):null;
String firstName=attributes.get("FIRSTNAME")!=null? attributes.get("FIRSTNAME").getValue().get(0):null;
String lastName=attributes.get("LASTNAME")!=null? attributes.get("LASTNAME").getValue().get(0):null;
String email=attributes.get("EMAIL")!=null? attributes.get("EMAIL").getValue().get(0):null;
String description=attributes.get("DESCRIPTION")!=null? attributes.get("DESCRIPTION").getValue().get(0):null;
salary=attributes.get("SALARY")!=null? attributes.get("SALARY").getValue().get(0):null;
joindate = attributes.get("JOININGDATE")!=null? attributes.get("JOININGDATE").getValue().get(0):null;
enableValue = attributes.get("__ENABLE__")!=null? attributes.get("__ENABLE__").getValue().get(0):true;
//Throw exception if uid is null
if(id==null) throw new ConnectorException("UID Cannot be Null");
stmt = null;
try {
//Create prepared statement to update the MYDBAT_PERSON table
stmt = conn.prepareStatement("UPDATE MYDBAT_PERSON SET FIRSTNAME=COALESCE(?, FIRSTNAME),LASTNAME =COALESCE(?, LASTNAME), EMAIL= COALESCE(?, EMAIL),SALARY=COALESCE(?, SALARY),JOININGDATE=COALESCE(to_date(?,'dd-Mon-yy'), JOININGDATE),STATUS=COALESCE(?, STATUS) WHERE USERID =?");
//Set sql input parameters
stmt.setString(1, firstName);
stmt.setString(2, lastName);
stmt.setString(3, email);
stmt.setBigDecimal(4, new BigDecimal(salary));
dateStr = null;
//Convert the joindate into oracle date format
if( joindate != null) {
Date date=new Date(joindate);
DateFormat targetFormat = new SimpleDateFormat("dd-MMM-yy");
dateStr = targetFormat.format(date);
}
stmt.setString(5,dateStr);
if(enableValue)
stmt.setString(6,"Enabled");
else
stmt.setString(6,"Disabled");
stmt.setString(7, id);
stmt.executeUpdate();
} finally {
if (stmt != null)
stmt.close();
};
trace.info("[Update] Updated user::"+ id);
return new Uid(id);For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customer access to and use of Oracle support services will be pursuant to the terms and conditions specified in their Oracle order for the applicable services.