Tracking Historical Changes In NetIQ Identity Vault

It is important to audit data and changes. Sometimes though access to this information is needed for other reasons. If there is a need for complex matching rules, it may be necessary to look at historical data.

An example of this would be when matching accounts in the Identity Vault with a potential account that has past data values that may be searched on to uniquely identify an account.

A sample rule that could be written in a Null or loopback driver would be as follows:
If operation attribute idvMobilePhone is changing then set the local variable “lv-MobilePhone” to the removed value of idvMobilePhone.

If the lcoal variable lv-MobilePhone does not match an empty value or a value with white space, then add a source attribute (in the vault) of hist-idvMobilePhone to the value of the local variable lv-MobilePhone.

It is important to only do this with data values that wouldn’t be changed often, but that you need a historical record of.

Don’t do this for data values that might change more than 100 times in an account’s lifetime.

You may want to set the historical value to have delimiters such to also include time stamp, value, what driver wrote out the change, etc. For example: 20180228#<old phone number>#BusinessLogicDriver