6.5 Understanding Data Sources

To certify that your users have the appropriate levels of access to resources and applications, you need to populate the Identity Governance catalog with the identities, applications, application accounts, and application permissions that exist in your environment.

Data sources are data repositories located on-premises or on the cloud from which Identity Governance collects data using collector templates. Identity Governance uses these sources to collect and merge data from a variety of sources and adds them to the catalog to facilitate governance operations.

Identity Governance supports the following types of data sources:

  • Identity data sources to collect, merge, and publish identities and groups.

  • Application data sources to collect and publish accounts and permissions from a single application source using one or more collector templates.

  • Application definition sources to collect application entities. Application definition data sources collect application records, but do not collect application data such as accounts and permissions. When you publish an application definition data source, the associated applications appear in the catalog. The application definition data source itself does not appear in the catalog. To collect and publish the associated applications’ data (accounts and permissions), you will need to configure collectors on the application source.

Before collecting from the data source, you might need to prepare your data. If a date attribute in your data source uses a non-Java format, Identity Governance does not recognize the data as a date. For example, if the StartDate attribute uses “YYYY/MM/DD” fixed-length format and you want to collect it in date format, the collection will show an error. Identity Governance uses only the default format for Oracle Java for date attributes. In this scenario, you might “clean” the data by converting the attribute values to Java’s default date format, which uses the number of milliseconds that have elapsed since midnight, January 1, 1970. Alternately, you could collect the date value in string format so that you will be able to see the native value. This method also guarantees that the data does not have to be “clean” to be collected.