Monday, June 13, 2011

The Tao of IDM

The best soldier does not attack. The superior fighter succeeds without violence. The greatest conqueror wins without struggle. The most successful manager leads without dictating. This is intelligent non aggressiveness. This is called the mastery of men. 
So why would I lead an Identity Management blog entry with a quote from the Tao Te Ching? Basically it sums up a recent issue I had in my current project.


As a part of this project, I am helping to get a young engineer familiar with IDM.  Working together we needed to create a query that would return only specific types of users for an IDM export Job.  I explained the basic process for executing the export and watched him work on various queries to return the correct users, while advising him about database structures and useful techniques. As an elaborate query began to take shape it was starting to look way too complicated.  I started thinking that there had to be a better way to accomplish our task.


Then I remembered that since we were doing a "To Database" task we could specify the Identity Store as the source and used the built in editor to build the correct query.  It took seconds to build and we quickly checked the query by doing a copy/paste to Microsoft SQL Server.  It worked perfectly and we were up and running.


Here's an example of the query that we created:




So what's the takeaway on this?  Look to see what the system can do rather than build something from the outside. At the very least, use the tools to build the query and then customize it (just remember that using an external query editor on the edited query make using the built in tool not work). 


And here's how easy it was to generate the query:



There's no need to reinvent the wheel



2 comments:

Kuba said...

Hi Matt,

Does it have any deeper meaning to have .... WHERE ... (attrname = 'MSKEYVALUE' or attrname = 'MSKEYVALUE').... as a query condition? Or is it just a buggy result of using the query builder?

Best Regards
Kuba

Matt Pollicove said...

Kuba, very nice catch. It's an artifact from the query generator. The duplicate should be removed for maximum efficiency.