Transcription
RSA Identity Governance and Lifecycle ConnectorData SheetforGeneric DatabaseInternal Use - Confidential
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseTable of ContentsPurpose4Supported ngs5For Oracle5For MySQL5For Sybase6For DB26Capabilities6Commands6Command Input Parameters1. CreateAccount2. DeleteAccount3. ResetPassword4. UpdateAccount5. AddAccountToGroup6. RemoveAccountFromGroup7. AddUserToRole8. RemoveUserFromRole9. emoveGroupFromGroup30.AddAppRoleToAppRoleRSA Identity Governance and LifecycleInternal Use - 1111122
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic romRoleChangeDataResource1212121212131313Stored Procedures13Optional 17RSA Identity Governance and Lifecycle3Internal Use - Confidential
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabasePurposeThis data sheet provides the configuration information required to create a new Generic Database connector.Supported SoftwareRSA IMG Version: 7.2.1 and abovePrerequisites To Connect to Oracle DatabaseOne file must be downloaded from the chnologies/appdev/jdbc-ucp-19c-downloads.html):1. ojdbc8-19.3.0.0.0.jarUpload JAR files in Generic Database Connector Template:2. Go to AFX Connector Templates Generic Database Connector template3. Upload JAR file: ojdbc8-19.3.0.0.0.jar To Connect to MySQL DatabaseOne file must be taken/procured from the end-point vendor:1. mysql-connector-java-8.0.20.jarUpload JAR files in Generic Database Connector Template:2. Go to AFX Connector Templates Generic Database Connector template3. Upload JAR file: mysql-connector-java-8.0.20.jar To Connect to Sybase DatabaseOne file must be taken from the end-point vendor:1. jconn3.jarUpload JAR files in Generic Database Connector Template:1. Go to AFX Connector Templates Generic Database Connector template2. Upload JAR file: jconn3.jar. To Connect to IBM DB2 DatabaseTwo files must be taken from the end-point vendor:1.db2jcc.jar2.db2jcc license cu.jarUpload JAR files in Generic Database Connector Template:1. Go to AFX Connector Templates Generic Database Connector templateRSA Identity Governance and LifecycleInternal Use - Confidential4
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic Database2. Upload JAR files: db2jcc.jar,db2jcc license cu.jar.ConfigurationGeneralField NameValueNameGeneric DatabaseDescriptionGeneric Database ConnectorServerAFX ServerConnector TemplateGeneric DatabaseStateActiveExport As TemplateN/ASettingsFor OracleField NameValueDriver Classoracle.jdbc.driver.OracleDriverDriver r NameUsernamePasswordPasswordFor MySQLField NameValueDriver Classcom.mysql.jdbc.DriverDriver URLjdbc:mysql://[host]:[port]/[database]User NameUsernamePasswordPasswordRSA Identity Governance and LifecycleInternal Use - Confidential5
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseFor SybaseField NameValueDriver Classcom.sybase.jdbc3.jdbc.SybDriverDriver URLjdbc:sybase:Tds:[host]:[port]/[database]User NameUsernamePasswordPasswordFor DB2Field NameValueDriver r URLjdbc:db2://[host]:[port]/[database]User NameUsernamePasswordPasswordCapabilitiesCommands CreateAccount DeleteAccount ResetPassword UpdateAccount AddAccountToGroup RemoveAccountFromGroup CreateGroup DeleteGroup CreateRole DeleteRole EnableRoleRSA Identity Governance and LifecycleInternal Use - Confidential6
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic Database DisableRole AddAppRoleToRole RemoveAppRoleFromRole ChangeRoleProfile EnableAccount DisableAccount AddAppRoleToAccount RemoveAppRoleFromAccount AddEntitlementToAccount RemoveEntitlementFromAccount AddEntitlementToGroup RemoveEntitlementFromGroup AddAppRoleToGroup RemoveAppRoleFromGroup AddGroupToGroup RemoveGroupFromGroup AddAppRoleToAppRole RemoveAppRoleFromAppRole AddEntitlementToAppRole RemoveEntitlementFromAppRole AddEntitlementToRole RemoveEntitlementFromRole AddGroupEntitlementToRole RemoveGroupEntitlementFromRole ChangeDataResourceCommand Input Parameters1. CreateAccountoMap Account to {Account.Name}oMap Name to {User.Name}oMap Password to {AccountTemplate.Password}oSample SQL Command: INSERT INTO TESTAFX ACCOUNT (ACCOUNT,NAME,PASSWORD)VALUES ( {Account}, {Name}, {Password})2. DeleteAccountoMap Account to {Account.Name}RSA Identity Governance and LifecycleInternal Use - Confidential7
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseoSample SQL Command: DELETE FROM TESTAFX ACCOUNT WHERE ACCOUNT {Account}3. ResetPasswordoMap Account to {Account.Name}oMap Password to {AccountTemplate.Password}oMap Caller PasswordoSample SQL Command: UPDATE TESTAFX ACCOUNT SET Password {Password},ACCOUNT CURRENT PASSWORD {AccountCurrentPassword} WHERE ACCOUNT {Account}4. UpdateAccountoMap Account to {Account.Name}oMap Name to {User.First Name} {User.Last Name}oSample SQL Command: UPDATE TESTAFX ACCOUNT SET NAME {Name} WHEREACCOUNT {Account}5. AddAccountToGroupoMap Account to {Account.Name}oMap Group to {Group.Name}oSample SQL Command: INSERT INTO TESTAFX ACCOUNT GROUP (ACCOUNT,GROUPNAME)VALUES ( {Account}, {Group})6. RemoveAccountFromGroupoMap Account to {Account.Name}oMap Group to {Group.Name}oSample SQL Command: DELETE FROM TESTAFX ACCOUNT GROUP WHEREACCOUNT {Account} AND GROUPNAME {Group}7. AddUserToRoleoMap User to {User.User Id}oMap Role to {Role.Name}oSample SQL Command: INSERT INTO TESTAFX USER ROLE (USER ID,ROLE) VALUES( {User}, {Role})8. RemoveUserFromRoleoMap User to {User.User Id}oMap Role to {Role.Name}oSample SQL Command: DELETE FROM TESTAFX USER ROLE WHERE USER ID {User} ANDROLE {Role}RSA Identity Governance and LifecycleInternal Use - Confidential8
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic Database9. CreateGroupoMap Group to {Group.Name}oSample SQL Command: INSERT INTO TESTAFX GROUP (GROUPNAME) VALUES ( {Group})10. DeleteGroupoMap Group to {Group.Name}oSample SQL Command: DELETE FROM TESTAFX GROUP WHERE GROUPNAME {Group}11. CreateRoleoMap Role to {Role.Name}oSample SQL Command: INSERT INTO TESTAFX ROLE (ROLE) VALUES ( {Role})12. DeleteRoleoMap Role to {Role.Name}oSample SQL Command: DELETE FROM TESTAFX ROLE WHERE ROLE {Role}13. EnableRoleoMap Role to {Role.Name}oSample SQL Command: UPDATE TESTAFX ROLE SET ENABLED 1 WHERE ROLE {Role}14. DisableRoleoMap Role to {Role.Name}oSample SQL Command: UPDATE TESTAFX ROLE SET ENABLED 0 WHERE ROLE {Role}15. AddAppRoleToRoleoMap Role to {Role.Name}ooMap AppRole to {ApplicationRole.Name}Sample SQL Command: INSERT INTO TESTAFX ROLE APPROLE (ROLE,APPROLE) VALUES( {Role}, {AppRole})16. RemoveAppRoleFromRoleoMap Role to {Role.Name}oMap AppRole to {ApplicationRole.Name}oSample SQL Command: DELETE FROM TESTAFX ROLE APPROLE WHERE ROLE {Role} ANDAPPROLE {AppRole}17. ChangeRoleProfileoMap Role to {Role.Name}oMap ProfileRSA Identity Governance and LifecycleInternal Use - Confidential9
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseoSample SQL Command: MERGE INTO TESTAFX ROLE PROFILE USING dual ON ( ROLE {Role} )WHEN MATCHED THEN UPDATE SET PROFILE {Profile} WHEN NOT MATCHED THEN INSERT("ROLE","PROFILE") VALUES ( {Role} , {Profile} )18. EnableAccountoMap Account to {Account.Name}oSample SQL command: UPDATE TESTAFX ACCOUNT SET ENABLED 1 WHEREACCOUNT {Account}19. DisableAccountoMap Account to {Account.Name}oSample SQL command: UPDATE TESTAFX ACCOUNT SET ENABLED 0 WHEREACCOUNT {Account}20. AddAppRoleToAccountoMap Account to {Account.Name}oMap AppRole to {ApplicationRole.Name}oSample SQL command: INSERT INTO TESTAFX ACCOUNT APPROLE (ACCOUNT,APPROLE)VALUES ( {Account}, {AppRole})21. RemoveAppRoleFromAccountoMap Account to {Account.Name}oMap AppRole to {ApplicationRole.Name}oSample SQL command: DELETE FROM TESTAFX ACCOUNT APPROLE WHEREACCOUNT {Account} AND APPROLE {AppRole}22. AddEntitlementToAccountoMap Account to {Account.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: INSERT INTO TESTAFX ACCOUNT ENT(ACCOUNTNAME,RESOURCENAME,ACTION) VALUES ( {Account}, {Resource}, {Action})23. RemoveEntitlementFromAccountoMap Account to {Account.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}RSA Identity Governance and LifecycleInternal Use - Confidential10
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseoSample SQL command: DELETE FROM TESTAFX ACCOUNT ENT WHEREACCOUNTNAME {Account} AND RESOURCENAME {Resource} AND ACTION {Action}24. AddEntitlementToGroupoMap Group to {Group.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: INSERT INTO TESTAFX GROUP ENT (GROUPNAME,RESOURCENAME,ACTION) VALUES ( {Group}, {Resource}, {Action})25. RemoveEntitlementFromGroupoMap Group to {Group.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: DELETE FROM TESTAFX GROUP ENT WHERE GROUPNAME {Group}AND RESOURCENAME {Resource} AND ACTION {Action}26. AddAppRoleToGroupoMap Group to {Group.Name}oMap AppRole to {ApplicationRole.Name}oSample SQL command: INSERT INTO TESTAFX GROUP APPROLE (GROUPNAME,APPROLE)VALUES ( {Group}, {AppRole})27. RemoveAppRoleFromGroupoMap Group to {GroupName}oMap AppRole to {ApplicationRole.Name}oSample SQL command: DELETE FROM TESTAFX GROUP APPROLE WHEREGROUPNAME {Group} AND APPROLE {AppRole}28. AddGroupToGroupoMap Group to {Group.Name}oMap Group2 to new group to be addedoSample SQL command: INSERT INTO TESTAFX GROUP GROUP(GROUPNAME,GROUPNAME2) VALUES ( {Group}, {Group2})29. RemoveGroupFromGroupoMap Group to {GroupName}oMap Group2 to new group to be removedRSA Identity Governance and LifecycleInternal Use - Confidential11
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseoSample SQL command: DELETE FROM TESTAFX GROUP GROUP WHEREGROUPNAME {Group} AND GROUPNAME2 {Group2}30. AddAppRoleToAppRoleoMap AppRole to {ApplicationRole.Name}oMap SubAppRole to Application role to be addedoSample SQL command: INSERT INTO TESTAFX APPROLE (APPROLE,SUBAPPROLE) VALUES( {AppRole}, {SubAppRole})31. RemoveAppRoleFromAppRoleoMap AppRole to {ApplicationRole.Name}oMap SubAppRole to Application role to be removedoSample SQL command: DELETE FROM TESTAFX APPROLE WHERE APPROLE {AppRole}AND SUBAPPROLE {SubAppRole}32. AddEntitlementToAppRoleoMap AppRole to {ApplicationRole.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command : INSERT INTO TESTAFX APPROLE ENT(APPROLE,RESOURCENAME,ACTION) VALUES ( {AppRole}, {Resource}, {Action})33. RemoveEntitlementFromAppRoleoMap AppRole to {ApplicationRole.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: DELETE FROM TESTAFX APPROLE ENT WHEREAPPROLE {AppRole} AND RESOURCENAME {Resource} AND ACTION {Action}34. AddEntitlementToRoleoMap Role to {Role.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: INSERT INTO TESTAFX ROLE ENT (ROLE,RESOURCENAME,ACTION)VALUES ( {Role}, {Resource}, {Action})35. RemoveEntitlementFromRoleoMap Role to {Role.Name}RSA Identity Governance and LifecycleInternal Use - Confidential12
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseoMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: DELETE FROM TESTAFX ROLE ENT WHERE ROLE {Role} ANDRESOURCENAME {Resource} AND ACTION {Action}36. AddGroupEntitlementToRoleoMap Role to {Role.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: INSERT INTO TESTAFX ROLE GROUPENT(ROLE,RESOURCENAME,ACTION) VALUES ( {Role}, {Resource}, {Action})37. RemoveGroupEntitlementFromRoleoMap Role to {Role.Name}oMap Resource to {Entitlement.Resource Name}oMap Action to {Entitlement.Action Name}oSample SQL command: DELETE FROM TESTAFX ROLE GROUPENT WHERE ROLE {Role}AND RESOURCENAME {Resource} AND ACTION {Action}38. ChangeDataResourceoMap ResourceoSample SQL command: INSERT INTO TESTAFX RESOURCE (RESOURCENAME) VALUES( {Resource})Stored ProceduresStored procedures may be called to execute any of the AFX generic database connector capabilities such asCreateAccount, DeleteAccount, etc. The format of the Stored Procedure call is:Call name of Stored Procedure ( {parameter name1}, {parameter name2},. {parameter nameN})The Call command is universal across all databases and AFX database connectors, both the AFX generic databaseconnector and the AFX database-specific connectors.NOTE: The AFX database-specific connectors have been enhanced to allow the use of the Execute command to callstored procedures. However, to execute a stored procedure from the AFX generic database connector,the Call command must be used.The following table lists the parameters on the CreateAccount screen:RSA Identity Governance and LifecycleInternal Use - Confidential13
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseField NameValueParameter NameAccountTypeSTRINGDefault Value-Is the parameter required?YesIs the parameter encrypted?NoDisplay NameAccount NameMapping {AccountTemplate.AccountName}DescriptionAccount NameField NameValueParameter NameNameTypeSTRINGDefault Value-Is the parameter required?YesIs the parameter encrypted?NoDisplay NameUser Full NameMapping {AccountTemplate.UserFullName}DescriptionUser Full NameField NameValueParameter NamePasswordTypeSTRINGDefault Value-Is the parameter required?YesIs the parameter encrypted?YesDisplay NameInitial password to reset toMapping {AccountTemplate.Password}DescriptionInitial password to reset toThe SQL command to CreateAccount is:Field NameValueSample SQL commandINSERT INTO TESTAFX ACCOUNT(ACCOUNT,NAME,PASSWORD) VALUES( {Account}, {Name}, {Password})Instead of using a SQL command, a stored procedure may also be used. The syntax for calling a stored procedure toexecute a SQL command is:RSA Identity Governance and LifecycleInternal Use - Confidential14
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseField NameValueSample SQL commandCALL sp CreateAccount( {Account}, {Name}, {Password})sp CreateAccount is a stored procedure name and the parameters are separated by a comma () and enclosed insidethe brackets.An example of a stored procedure for creating an account on SQL Server is shown below:PROCEDURE [dbo].[ sp CreateAccount]@account as varchar(25),@name as varchar(25),@password as varchar(25)asInsert into TESTAFX ACCOUNT (account,name,password) values(@account,@name,@password)Optional ConfigurationThe Generic Database Connectors use JDBC connection pooling from 7.2.1 onwards. This provides better throughputin deployments. The connection pool is implemented using HikariCP, a well-known JDBC connection poolingframework. The HikariCP connection pool’s default configuration itself provides a sensible set of default parameters,so that in a typical deployment setup, no customizations are needed (for example the default maximumPoolSize is10). In case one needs to tweak the same, the following set of properties files can be used. Please note theconfiguration parameters should confirm to what is available from HikariCP. Also please note the followingconfiguration is optional and none of them are needed to be done for default configuration to work.1. hikari-default-pool.properties. This is the global configuration file which will be applicable for all the connectorswhich are created using the Generic Database Template. The file should be kept in AFX HOME/esb/lib/user directoryand should have the same permissions as the other files in the directory, so that the AFX processes can read from thefile. if the file is found it will be used as the configuration parameter while configuring the connection pool.An example for hikari-default-pool.propertiesmaximumPoolSize 202. A Connector specific file can be created per connector (again optional), such a file can be used to configure anyoverrides of the configuration in the hikari-default-pool.properties, on a per connector basis. The file has to be createdwith the name connector name -pool.properties in AFX HOME/esb/lib/user directory and should have the samepermissions as the other files in the directory, so that the AFX processes can read from the file.RSA Identity Governance and LifecycleInternal Use - Confidential15
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseAn example of a connector specific file ORACLEGENERIC-pool.properties for a connector with the name.ORACLEGENERIC may have the following contents.maximumPoolSize 40maxLifetime 60So if either hikari-default-pool.properties or connector specific connector name -pool.properties is configuredthe values in those files will be used while configuring the connection pool. If both are configured, the configurationswill be merged with connector specific values overriding the default values if any.More information of all the standard and frequently used configuration properties can be found herehttps://github.com/brettwooldridge/HikariCPThe Generic Database Template based connectors will have Connection pool based Datasources by default now. Ifcustomer wishes to not use the connection pool and need to switch back to the previous implementation for somereason, they can change this by having another file cp-overrides.properties in AFX HOME/esb/lib/user directoryand having the same permissions as the other files in the directory, so that the AFX processes can read from the file.This file may have an entry against each connector for which connection pools should not be created, with key beingconnector name, and value "true".For ex. to not use the connection pool based Datasources for ORACLEGENERIC connector, make an entry in this fileORACLEGENERIC trueThere can be multiple lines in this file, against each connector for which this is needed.Note: These files may not be preserved for future upgrades, once you create these files, one may have a backup ofthese files somewhere safe.Limitations As of now, there is no mapping supported for Roles and Profiles by ACM.RSA Identity Governance and LifecycleInternal Use - Confidential16
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic DatabaseCOPYRIGHTSCopyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.TRADEMARKSDell, RSA, the RSA Logo, EMC and other trademarks, are trademarks of Dell Inc. or its subsidiaries. Othertrademarks may be trademarks of their respective owners. For a list of RSA trademarks, go rks.htm#rsaRSA Identity Governance and LifecycleInternal Use - Confidential17
RSA Identity Governance and Lifecycle Connector Data Sheet for Generic Database RSA Identity Governance and Lifecycle 5 Internal Use - Confidential 2. Upload JAR files: db2jcc.jar,db2jcc_license_cu.jar. Configuration General Field Name Value Name Generic Database Description Generic Database Connector Server AFX Server
