Description:

This provides more detailed information on the individual SQL queries and the actions that are undertaken by the Policy Server.

Solution:

Each of the actions outlined in the SQL Query Schema dialog corresponds to a specific action undertaken by the policy server, as follows:

Enumerate: Fetches object from the user directory when the SiteMinder admin clicks "View" in the Admin UI's User Directory Dialogue's "Directory Properties" tab.

Lookup: Called by the Admin UI, when the administrator clicks on the User Directory's binoculars symbol, for user and group lookups; also sometimes when the admin enters a search value without specifying any users or groups.

Lookup Users: activated when the admin, in the policy server admin UI, clicks on the binoculars symbol and selects the Users criteria set.

Lookup Groups: activated when the admin, in the policy server admin UI, clicks on the binoculars symbol and selects the Groups criteria set.

GetUser/Group Info: called to determine the class of an object, first during authentication, seeking the objectclass of a given user. Also used to validate new entries added to a policy - when a user or group is added to a SiteMinder policy object, this query ascertains the objectclass for that entity.

Init User: called to determine if a user exists in an RDBMS Authorization Directory when directory mapping is employed.

Authenticate User: called to validate user credentials

Is Group Member: used to determine user membership within each group specified in the relevant SiteMinder policy object; if the query returns a value, the user is a member of that group.

Get User Groups: called to return group names of all groups that have the specified user as a member

Get User Properties - a comma-delimited list of fields in the user table, treated as user attributes

Get User Property - query to fetch value of a user attribute for a specified attribute. Also used by password services to determine the disabled and password data fields for the user, prior to authentication.

Set User Property - SQL update statement called to update the of a user property, as specified in the Get User Properties list. The user connecting to the database, as specified in the credentials tab of the directory object, must have write access to the relevant table.

Set User Password - updated statement used by Password Services to set a user's password

Get Group Properties - coma-delimited list of field sin the group table to be treated as valid group attributes. Policy Serer verifies that all attribute names are valid fields

Get Group Property - query to fetch the value of a group attribute for a given group name. For multiple values, the query must be executed multiple times

Set Group Property - normally a SQL update statement called to update the value of Group Properties listed in the Get Group Properties list.