Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID's core functionality relies on a central repository known as the Identity Warehouse, alternatively referred to as the Identity and Entitlement Warehouse. This centralized database houses essential data, including:

  • Configuration settings and policies

  • Core EmpowerID objects such as Person and Roles

  • Queues for inbound and outbound changes (Inbox and Outbox)

  • Data tables for inventoried objects sourced from external systems

In EmpowerID terminology, these external systems are labeled as "Account Stores" and "Resource Systems."

Identity Warehouse Metrics

  • Tables: Approximately 1,200

  • Views: Over 700

  • Stored Procedures: Around 20,000

Understanding the specifics of these tables, views, and stored procedures is not required since most are designated for internal functionality. Key elements relevant to user interfaces can be identified by accessing the browser's network tab using the F12 key.

EmpowerID Components and API Integration

EmpowerID Components serve as programmable objects that expose the Identity Warehouse’s underlying structure for API usage. These components enable:

  1. Data retrieval for user interfaces

  2. Create, update, or delete operations via workflows or custom code

Each SQL table or view column translates into a property of the corresponding component. Schema extensions involve the addition of new virtual properties or methods to these component objects.

RBAC Objects

Within the schema management user interface, these components are tagged as "RBAC Objects." An entry corresponding to each SQL table or view exists in the RBACObject table for display. Their associated SQL stored procedures can be inspected under the "RBAC Object Methods" tab.

API Accessibility

  • The Account component, corresponding to the SQL account table, is not exposed via the API.

  • The AccountView component, with enhanced security features, is available through the API.

Key Takeaways

  1. EmpowerID relies on a central repository known as the Identity and Entitlement Warehouse.

  2. This warehouse functions as a relational database that stores configurations, core EmpowerID objects, and inventoried data from external systems.

  3. Programmable objects, referred to as components, expose the Identity Warehouse's underlying SQL tables and views for API interaction.

  4. Views in EmpowerID generally feature built-in security and data filtering, making them the preferred choice for user interface exposure.

  5. Components are also tagged as RBAC Objects, and their API accessibility can be toggled via a checkbox in the schema management user interface.

https://youtu.be/GosLFTXY5Is

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue