Secure Data Share Identity ER Diagram

Diagram Loading ...

erDiagram IDENTITY_ACCOUNTS { text TENANT_ID "Unique Id for an Organization tenant" text ID PK "unique ID of the identity this account is correlated to" text DISPLAY_NAME "Human-readable display name of the object" timestamp_ntz CREATED_DATE "date when the Identity was created" timestamp_ntz UPDATED_DATE "date when the identity was modified" text ACCOUNT_ID PK "unique ID of the account" text NATIVE_IDENTITY "unique ID of the account generated by the source system" text ACCOUNT_DISPLAY_NAME "Human-readable display name of the Account" text SOURCE_ID "unique ID of the source this account belongs to" text SOURCE_DISPLAY_NAME "display name of the source this account belongs to" text SOURCE_TYPE "Type of the Source Ex: Azure Active Directory, Okta etc." timestamp_ltz SYNC_DATE "When the row is last synced" } IDENTITY_ENTITLEMENTS { text TENANT_ID "Unique Id for an Organization tenant" text ID PK "Unique Id for the identity" text DISPLAY_NAME "Human-readable display name of the object" timestamp_ntz CREATED_DATE "date when the Identity was created" timestamp_ntz UPDATED_DATE "date when the identity was modified" text ENTITLEMENT_ID PK "unique ID of the entitlement" text SOURCE_DISPLAY_NAME "display name of the source this entitlement belongs to" text ENTITLEMENT_ATTRIBUTE "entitlement attribute name" text ENTITLEMENT_VALUE "value of the entitlement" timestamp_ltz SYNC_DATE "When the row is last synced" } IDENTITY { text TENANT_ID "Unique Id for an Organization tenant" text ID PK "Unique Id for the identity" text NAME "Name of the Object" timestamp_ntz CREATED_DATE "date when the identity was created" timestamp_ntz UPDATED_DATE "date when the identity was modified" timestamp_ntz DELETED_DATE "date when the identity was deleted" text DISPLAY_NAME "Human-readable display name of the object" text JOB_TITLE "Job Title assigned to the Identity" text LOCATION "Location of the Identity" text LOCATION_CODE "Location code of the Identity" text DEPARTMENT "Department of the identity" text EMAIL "The email address of the identity" text MANAGER "manager of the identity" text LIFECYCLE_STATE "name of the lifecycle state Ex: Active, leaver, dormant etc." timestamp_ntz SYNC_DATE "When the row is last synced" } IDENTITY_ROLES { text TENANT_ID "Unique Id for an Organization tenant" text ID PK "Unique Id for the identity" text DISPLAY_NAME "Human-readable display name of the object" timestamp_ntz CREATED_DATE "date when the Identity was created" timestamp_ntz UPDATED_DATE "date when the identity was modified" text ROLE_ID PK "Unique Id for the Role" text ROLE_NAME "Name of the Role Object" text ROLE_DISPLAY_NAME "Human-readable display name of the role" timestamp_ntz SYNC_DATE "When the row is last synced" } IDENTITY_ACCESS_PROFILES { text TENANT_ID "Unique Id for an Organization tenant" text ID PK "Unique Id for the identity" text DISPLAY_NAME "Human-readable display name of the object" timestamp_ntz CREATED_DATE "date when the Identity was created" timestamp_ntz UPDATED_DATE "date when the identity was modified" text ACCESS_PROFILE_ID PK "Unique Id for the Access Profile" text ACCESS_PROFILE_NAME "Name of the Access Profile Object" text ACCESS_PROFILE_DISPLAY_NAME "Human-readable display name of the Access Profile" timestamp_ntz SYNC_DATE "When the row is last synced" } IDENTITY_APPS { text TENANT_ID "Unique Id for an Organization tenant" text ID PK "Unique Id for the identity" text DISPLAY_NAME "Human-readable display name of the object" timestamp_ntz CREATED_DATE "date when the Identity was created" timestamp_ntz UPDATED_DATE "date when the identity was modified" text APP_ID PK "Unique Id for the APP" text APP_DISPLAY_NAME "Human-readable display name of the APP" timestamp_ntz SYNC_DATE "When the row is last synced" } ACCESS_PROFILE { text TENANT_ID "Unique Id for an Organization tenant" text ID "Unique Id for the Access Profile" text NAME "Name of the object in ISC" text DISPLAY_NAME "Human-readable display name of the object" text DESCRIPTION "Description of the object" timestamp_ntz CREATED_DATE "date when the object was created" timestamp_ntz UPDATED_DATE "date when the object was modified" timestamp_ntz DELETED_DATE "date when the object was deleted" text SOURCE_ID "Unique Id of the source or application" boolean IS_ASSIGNABLE "To check if the object can be assigned to an Identity" array ENTITLEMENTS "List of entitlements associated with the Access Profile" text OWNER_IDENTITY_ID "Identity that owns the object" timestamp_ltz SYNC_DATE "When the row is last synced" } ACCESS_REQUEST { text TENANT_ID "Unique Id for an Organization tenant" text ID "Unique Id for the Access Profile" text NAME "Name of the object in ISC" timestamp_ntz CREATED_DATE "date when the object was created" timestamp_ntz UPDATED_DATE "date when the object was modified" timestamp_ntz DELETED_DATE "date when the object was deleted" text TARGET_ID "Identity ID whose access is getting updated" text REQUESTER_ID "Identity ID who raised this access request" timestamp_ntz END_DATE "date when the access request was completed" text EXECUTION_STATUS "Execution status at ISC Ex: Completed, Terminated etc." text COMPLETION_STATUS "Completion status Ex: Success, Failure etc." text PRIORITY "one of low, Normal and high" text TYPE " type of access item or Identity items requested" timestamp_ltz SYNC_DATE "When the row is last synced" } CERTIFICATION { text TENANT_ID "Unique Id for an Organization tenant" text ID "Unique Id for the Certification" text NAME "Name of the object in ISC" timestamp_ntz CREATED_DATE "date when the object was created" timestamp_ntz DELETED_DATE "date when the object was deleted" text SOURCE_ID "Unique Id of the source or application" text SIGNER_ID "Signer assigned to the certification" text MANAGER_ID "Manager - reviewing the certification" text CAMPAIGN_ID "Campaign the certification is Spawned from" text ORIGINAL_CERTIFICATION_ID "original certification before reassignment" boolean COMPLETE "Status of the certification" text PHASE "Current Phase like Active, Staged ,end etc." boolean IS_BULK_REASSIGNMENT "Whether the certification is part of a bulk reassignment" timestamp_ntz DUE_DATE "when the certification needs to be reviewed" timestamp_ntz SIGNED_DATE "when the certification was actually signed" timestamp_ntz FINISHED_DATE "when the certification was actually finished" timestamp_ntz EXPIRATION_DATE "When the certification will expire" timestamp_ltz SYNC_DATE "When the row is last synced" } ENTITLEMENT { text TENANT_ID "Unique Id for an Organization tenant" text ID "Unique Id for the Entitlement" text DISPLAY_NAME "Human-readable display name of the object" text DESCRIPTION "Description of the object" timestamp_ntz DELETED_DATE "date when the enitlement was deleted from the source" text SOURCE_ID "Unique Id of the source or application" text ATTRIBUTE "Attribute name that defines the entitlement" text VALUE "Value of the attribute" text TYPE "Group, customRole, PermissionSet etc." text IS_REQUESTABLE "To check if the object can be requested by other access items" text OWNER_IDENTITY_ID "Identity that owns the object" timestamp_ltz SYNC_DATE "When the row is last synced" } ROLE { text TENANT_ID "Unique Id for an Organization tenant" text ID "Unique Id for the Role" text NAME "Name of the object in ISC" timestamp_ntz CREATED_DATE "date when the object was created" timestamp_ntz UPDATED_DATE "date when the object was modified" timestamp_ntz DELETED_DATE "date when the object was deleted" text DISPLAY_NAME "Human-readable display name of the object" text DESCRIPTION "Description of the object" boolean IS_ASSIGNABLE "To check if the object can be assigned to an Identity" array INHERITING_ROLES "List of Inheriting roles" array ACCESS_PROFILES "List of Access Profiles associated with the Role" array ENTITLEMENTS "List of entitlements associated with the Role" text OWNER_IDENTITY_ID "Identity that owns the object" timestamp_ltz SYNC_DATE "When the row is last synced" } CERTIFICATION_ITEM { text TENANT_ID "Unique Id for an Organization tenant" text ID "Unique Id for the certification item" timestamp_ntz CREATED_DATE "date when the object was created" timestamp_ntz UPDATED_DATE "date when the object was modified" timestamp_ntz DELETED_DATE "date when the object was deleted" text IDENTITY_ID "Identity to which the access is reviewed for" text REVIEWER_ID "Identity who is reviewing the access" text ENTITLEMENT_ID "Entitlement that is being reviewed" text ROLE_ID "Role that is being reviewed" text CERTIFICATION_ID "certification from where the item spawned" text ACCOUNT_ID "Account corresponding to the Identity" text SOURCE_ID "source or application related to account/entitlement" text REVIEWED_ID "Who actually reviewed the access item" text REVIEWED_TYPE "What type of access item was reviewed Ex: Account, Role, Entitlement etc." text TYPE "Type of certification item Ex: Bundle, Exception, Account Etc." text SUB_TYPE "Assocaited Sub_type for each of the type" timestamp_ntz COMPLETED_DATE "time the access item certification was completed" timestamp_ntz DECISION_DATE "time the decision was submitted on ISC" number APPROVED "Whether the item was approved(1) or rejected(0)" text STATUS "Status of the certification item" text DECISION "Decision taken by reviewer on the access item Ex: Approved, Mitigated, remediated etc." boolean BULK "decision made was part of bulk selection" boolean REMEDIATED "True when the decision was remediated" boolean PRIVILEGED "if any of the access items are privileged" text REMEDIATION_ACTION "Assocaited action on remediation" timestamp_ntz MITIGATION_EXPIRATION "Time when the decision to mitigate was set to expire" text NATIVE_IDENTITY "Identity from the source" text INSTANCE "instance" boolean ACCOUNT_ONLY "if only account is reviewed without any access items" boolean NEW_ACCESS "if the access item is new" text POLICY_NAME "Policy if any" text CONSTRAINT_NAME "Constraint if any" timestamp_ltz SYNC_DATE "When the row is last synced" } IDENTITY_REQUEST_ITEM { text TENANT_ID "Unique Id for an Organization tenant" text IDENTITY_REQUEST_ITEM_ID "Unique Id for the identity request item" text IDENTITY_REQUEST_ITEM_DISPLAY_NAME "Human-readable display name of the object" text IDENTITY_REQUEST_ITEM_NAME "Name of the access item or account" text IDENTITY_REQUEST_ITEM_VALUE "Value of corresponding access item or account" text OPERATION "What type of operation was performed on the Identity or account" number APPROVED "Whether the item was approved(1) or rejected(0)" number REJECTED "Whether the item was approved(1) or rejected(0)" text PROVISIONING_STATE "Provisioning state Ex: Committed, Pending etc." text EXPANSION_CAUSE "Role or ProvisioningPolicy that gets added" number RETRIES "Number of retries" timestamp_ntz IDENTITY_REQUEST_ITEM_START_DATE "date request has started" timestamp_ntz IDENTITY_REQUEST_ITEM_END_DATE "date request has ended" timestamp_ntz IDENTITY_REQUEST_ITEM_CREATED_DATE "Initial date when the item is created" text APPROVER_ID "Identity ID who approved the item" text INSTANCE "specific instance where the account exists" text NATIVE_IDENTITY "Identity from the source" text ACCESS_REQUEST_ID "unique identifier of the access request" text SOURCE_ID "Unique Id of the source or application" text ENTITLEMENT_ID "Unique Id for the Entitlement" text ROLE_ID "Unique Id for the Role" text PROVISIONING_ENGINE "Source or connector used to provision" timestamp_ltz SYNC_DATE "When the row is last synced" } SOURCE { text TENANT_ID "Unique Id for an Organization tenant" text ID "Unique Id for the Source or application" text NAME "Name of the Source or application" timestamp_ntz DELETED_DATE "date when the object was deleted" text DISPLAY_NAME "Human-readable display name of the object" text TYPE "Type of the Source or Application" text CONNECTOR "Connector from where the source is created" timestamp_ltz SYNC_DATE "When the row is last synced" } IDENTITY ||--|{ IDENTITY_ACCOUNTS: "has and owns" IDENTITY ||--o{ IDENTITY_ENTITLEMENTS: "associated to and owns" IDENTITY ||--o{ IDENTITY_ROLES: "associated to and owns" IDENTITY ||--o{ IDENTITY_ACCESS_PROFILES: "associated to and owns" IDENTITY ||--o{ IDENTITY_APPS: "assocaited with" ACCESS_PROFILE ||--o{ IDENTITY_ACCESS_PROFILES: "associated to" ACCESS_PROFILE }o--|| IDENTITY: "Owned by" ENTITLEMENT ||--o{ ACCESS_PROFILE: "assocaited with" ENTITLEMENT ||--o{ IDENTITY_ENTITLEMENTS: "associated to" ENTITLEMENT }o--|| IDENTITY: "Owned by" ENTITLEMENT ||--o{ ROLE: "assocaited with" ROLE ||--o{ IDENTITY_ROLES: "associated to" ROLE }o--|| IDENTITY: "Owned by" ACCESS_REQUEST ||--|| IDENTITY: "contains - requested by and for" CERTIFICATION ||--|{ IDENTITY: "contains" CERTIFICATION_ITEM ||--|| IDENTITY: "contains" CERTIFICATION_ITEM ||--o| ROLE: "contains" CERTIFICATION_ITEM ||--o| ENTITLEMENT: "contains" CERTIFICATION ||--|{ CERTIFICATION_ITEM: "contains" IDENTITY_REQUEST_ITEM ||--|| IDENTITY: "contains - requested for, reviewed or approved by" IDENTITY_REQUEST_ITEM ||--o| ROLE: "contains - add or remove" IDENTITY_REQUEST_ITEM ||--o| ENTITLEMENT: "contains - add or remove" ACCESS_REQUEST ||--|{ IDENTITY_REQUEST_ITEM: "contains" SOURCE ||--|{ IDENTITY_ACCOUNTS: "contains" SOURCE ||--|{ ENTITLEMENT: "contains"