Courion Tip – Deconstructing the Request

Another update – I have basically abandoned this, for the reason below. So, if it reads like I have stopped in the middle before completing it, I did.


Update – there’s a table called Serialization, which contains some binary data. For a real request, this table has 13 rows. For my ‘fake’ request I have been trying to submit, there are no entries. I believe this is the heart of the matter.


The scenario is this… Requests for SAP accounts, where the user requests more than one SAP role, should ideally be submitted as separate requests. Seems like an understanding of the tables should make this possible.
The default RequestView and AttributesView contains the details of the request, obviously, but not in the format that is needed. So, as a first step,  where is the raw data stored? The AttributesView is defined as

SELECT c1.AttributeID, c2.AttributeName, c1.AttributeValue, c1.AttributeSecure,
c1.AttributeHidden, c3.AccountName, c4.TargetName,c5.ExternalName AS UserName,
c6.RequestID, c8.UserUniqueID, c7.TargetID, c1.Mode, dbo.StatusDict.StatusName
dbo.Requests AS c6 INNER JOIN
dbo.Accounts AS c3 INNER JOIN
dbo.Targets AS c7 INNER JOIN
dbo.TargNameDict AS c4
ON c7.TargetNameID = c4.TargetNameID ON c3.TargetUniqueID = c7.TargetUniqueID RIGHT OUTER JOIN
dbo.Users AS c8
dbo.ExternalName AS c5
ON c8.ExternalNameID = c5.ExternalNameID ON c7.UserUniqueID = c8.UserUniqueID ON
c6.RequestID = c8.RequestID LEFT OUTER JOIN
dbo.StatusDict ON c3.StatusID = dbo.StatusDict.StatusID LEFT OUTER JOIN
dbo.Attributes AS c1 INNER JOIN
dbo.AttributeDict AS c2 ON c1.AttributeNameID = c2.AttributeNameID ON c3.AccountUniqueID = c1.AccountUniqueID

So, the tables that we are interested in are

  • c1 = Attributes
  • c2 = AttributeDict
  • c3 = Accounts
  • c4 = TargNameDict
  • c5 = ExternalName
  • c6 = Requests
  • c7 = Targets
  • c8 = Users

Looking at Attributes table, it looks like the raw data for the request:

Attribute Attribute Attribute Attribute Attribute Account Attest Attest
ID Value Secure Hidden NameID UniqueID Mode OptionID Comments
1795 duser N N 44 419 C NULL NULL
1796 Pa55w0rd N N 45 419 C NULL NULL
1797 User N N 46 419 C NULL NULL
1798 off N Y 47 419 C NULL NULL
1799 off N Y 48 419 C NULL NULL
1800 N Y 1 419 C NULL NULL
1801 Dummy N N 49 419 C NULL NULL
1802 N N 50 419 C NULL NULL
1803 W10T N N 51 419 C NULL NULL
1804 EST N N 52 419 C NULL NULL
1806 10/10/2011 N N 54 419 C NULL NULL
1808 N N 56 419 C NULL NULL
1809 p:dummy.user@DOMAIN.COM N N 57 419 C NULL NULL

So, the details of request 419 are here, and AttributeNameID 55 is the SAP Roles requested.
Now, what are the attributes? Here’s the contents of the AttributeDict table:

AttributeDict Table – partial
Attribute Attribute
NameID Name
9 Employee ID
10 First Name
11 Full Name
12 Last Name
28 Manager
29 Office Locations
43 Group Membership
44 Account – User name
45 Account – User password
46 Account : Last name
47 Account : Lock the User
48 Account: Deactivate the User Password
49 Address – First name
50 Address : Internet mail (SMTP)
51 Defaults – Start Menu
52 Logon data – Personal time zone
53 Logon data – User group
54 Logon data – Valid from
55 Roles
56 SNC – Unsecure communication permitted
57 SNC Name
58 From
59 Message
60 Subject
61 To

Next issue – what is the request ID number for this?
The AttributesView shows this as request ID 197
the select shows this as c6.RequestID, and c6 is from the Requests table
So…. to manually create a request, entries need to be made in the Requests table, and the Attributes table.
However, the RequestID also exists in the Users table:

And we need the AccountStatusView to convert from “AccountUniqueID” to “RequestID”


Posted October 10, 2011 by mmdmurphy in Courion Tip

Tagged with

%d bloggers like this: