Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:virtual_system_-_adding_or_deleting_managed_extended_attributes [2019/06/19 13:18]
doischert [Step 3: modify scheme and mapping]
+++ tutorial:adm:virtual_system_-_adding_or_deleting_managed_extended_attributes [2020/03/03 13:20]
poulm logické členění
@@ Line 16: / Line 16: @@
 {{ :tutorial:adm:formattr.png?direct&1200 |}}
-===== Step 2: add the attribute to configuration =====
+===== Step 2: add the attribute to VS configuration =====
 Click Virtual systems in the left panel and select List. Open you virtual system and select Configuration. Add your attribute (building) to the list of attributes and click on save.
@@ Line 23: / Line 23: @@
 ===== Step 3: modify scheme and mapping =====
+==== 3a - scheme ====
 Click Scheme in your virtual system. You should only see ACCOUNT; open it with the magnifying glass. In Scheme attributes, click the green Add button. In here, fill out the name of the attribute (building), its data type (java.lang.String in this case), and check boxes for Able to read, Able to create, Able to edit, and Returned by default. Click save.
@@ Line 29: / Line 31: @@
 {{ :tutorial:adm:attr_det.png?direct&1200 |}}
+==== 3b - mapping ====
 After that, we have to add the attributes to the mapped attributes. Click Mapping and open Provisioning where you will see the list of mapped attributes. Click Add. Select the Attribute in schema (building). Check the box Extended attr. and fill out the desired IdM key. Click Save.
@@ Line 57: / Line 61: @@
 If you want to stop provisioning an attribute which is present in other systems you have to do even fewer changes. This can be relevant in the above mentioned phone number case. In this case, undo only steps 2 and 3.
+<note tip>
+If you want to remove an attribute from a virtual system which was already used, so it has existing virtual accounts with this attribute filled, you have to remove the values of the accounts' attributes first. This can now (as of v. 10) be done only in DB. So make sure you have an access to the IdM database.
+</note>
 First, remove the mapping of the attribute. Click Virtual systems, List, Mapping, and Provisioning. Check the checkbox next to the attribute you want to remove. Above the list, a new dialog should appear, Operation with selected record. Click and choose Remove. Click Yes.
@@ Line 77: / Line 85: @@
 {{ :tutorial:adm:screenshot_from_2019-06-12_08-35-22.png?direct&1200 |}}
+If this operation fails with the message that there are already some values, you must go to the IdM database and delete those values by SQL. It's strongly recommended to make a backup of the database prior to this action.
+<code sql>
+-- Check the values you are about to delete - change the code of your attribute and your system name --
+SELECT * FROM vs_account_form_value WHERE attribute_id IN (SELECT id FROM idm_form_attribute WHERE code='building' AND definition_id IN (SELECT id FROM idm_form_definition WHERE name LIKE 'Virtual system for %NewVirtualSystem%')
+-- Delete the values
+DELETE FROM vs_account_form_value WHERE attribute_id IN (SELECT id FROM idm_form_attribute WHERE code='building' AND definition_id IN (SELECT id FROM idm_form_definition WHERE name LIKE 'Virtual system for %NewVirtualSystem%'));
+</code>
+Then you can remove the attribute from the Form Attributes as written above.
 The attribute is still present in the detail of the user; however, it is no longer connected to the virtual system and the implementer will not be notified when the attribute's value changes.