Skip to main content

Listing information from target systems

Connector programs connect to target systems and extract information about users (accounts) and other objects from those systems. Each connector is designed to target a specific type of system. Depending on how Bravura Security Fabric is configured and the capabilities of the connector, Bravura Security Fabric may extract information about: computer objects on the domain, service accounts, group memberships, per-user attributes, unassigned tokens, and OrgChart information.

Connector programs write the extracted information to SQLite database files in the <instance>\psconfig\ directory. In Bravura Security Fabric these files are referred to as list files . A SQLite database list file is saved for each target system.

The following is the schema for the connectors to use when writing discovered objects:

discobj ( stableid TEXT, type TEXT, longid TEXT, shortid TEXT, displayid TEXT, sd TEXT ) 
discobjattr ( stableid TEXT, type TEXT, attrkey TEXT, attrval TEXT, seqno INTEGER ) 
discobjrel ( parent_stableid TEXT, parent_type TEXT, reltype TEXT, child_stableid TEXT, child_type TEXT,

All data for a target system is stored according to the schema listed above.

  • Groups, accounts, computers and subscribers are listed in the discobj table.

  • Attributes for each of these objects are listed in the discobattr table.

  • Group members (both group and account) are listed in the discobjrel table.

  • Subscriber account associations are listed in the discobjrel table.

  • During discovery, all data is loaded into generic Bravura Security Fabric tables (targetobj, targetobjattr and targetobjrel).

  • Computer objects and subscriber data are loaded into the new generic tables above, as well as foundcomputer, foundcompattr, foundaccountmgnobj and foundobjattr tables for use by import rules.

Note the following about listing:

  • Connectors are only run for target systems that are configured to list accounts or other objects.

  • Account IDs and group IDs must be no longer than 200 characters.

  • When infrastructure auto discovery options are configured, SQLite list files for discovered target systems are placed within a <instance>\psconfig\discovered \ directory, with sub-directories for each discovered system. Each sub-directory is named after the first three characters of the discovered system. The discovered directory is not replicated by the file replication program (updinst).

Normally, if a user has an account on a target system and that account has an <accattr> value that is empty, Bravura Security Fabric will attempt to get an associated attribute value from another system. You can change this by enabling the Manage the system > Maintenance > Options > LOADDB NULL IS VALUE setting. When this is enabled, Bravura Security Fabric considers the associated profile attribute value empty; it does not attempt to get an attribute value from another system.

All operations triggered during target listing (Connect, serverinfo, listobj) must be supported by the connectors that runs the list operations, and all have to succeed in order for the newly listed target data to be loaded and processed during discovery.

In this section: