Identity Warehouse

One of the core concepts in EmpowerID is the Identity Warehouse, also known as the Identity and Entitlement Warehouse. This is the central database of EmpowerID that stores all critical data, including configuration and policies, major EmpowerID objects like Person and Roles, inbox and outbox queues used to stage detected changes and outbound changes between EmpowerID and managed systems, as well as the tables holding the inventoried objects and their data from external managed systems. External managed systems are referred to as Account Stores and Resource Systems in EmpowerID terminology.

High-Level Stats for the Identity Warehouse:

  • >1,200 tables

  • >700 views

  • >20,000 stored procedures

It is not essential to learn the specifics of these tables, views, and stored procedures as most are used for internal purposes. Key views and stored procedures used by the user interfaces can be identified by hitting F12 in your browser and seeing which is being called on the network tab.

EmpowerID Components

EmpowerID's "components" are programmable objects that expose the Identity Warehouse's tables, views, and stored procedures for use in the API. The user interface retrieves data from these objects, while workflows and code create, update, or delete them. Each column in the SQL tables and views becomes a property of its corresponding programmable component object, and extending the schema involves adding new virtual properties or methods to these objects.

While the list of components is extensive, many are disabled by default and not visible in the user interfaces or available to custom applications and developers. For example, the Account component, which represents the SQL account table, is not available in the API, but the more secure AccountView component is. These components are labeled as "RBAC Objects" in the schema management user interface, and an entry for each table or view is stored in the RBACObject table for display purposes. The SQL stored procedures for these components can be seen on the RBAC Object Methods tab.

Account Component not available in API
AccountView component available in API
https://youtu.be/GosLFTXY5Is

 

Key Takeaways:

  1. EmpowerID is built on what is called an Identity and Entitlement Warehouse

  2. The Identity and Entitlement Warehouse is a highly relational database storing configuration, EmpowerID IAM objects, and objects inventoried from external managed systems.

  3. Tables and views are made into programmable objects with an API called components.

  4. Views have built-in security and data filtering and are, therefore, what is usually exposed in the user interfaces.

  5. Components are also known as RBAC Objects and can be made accessible or inaccessible via API by checking a checkbox.

     

Â