Source: projects/identity-management/oim-kb-update/runs/2026-04-27-12.md

> Source: projects/identity-management/oim-kb-update/runs/2026-04-27-12.md

OIM KB Update — Run 2026-04-27 (12)

What changed in sandbox?

• Sandbox DB: SELECT-only (no DML).
• Sandbox host: read-only WinRM file inspection (no changes).

New sandbox DB evidence captured

• ITShopOrg required columns (NOT NULL): Ident_Org, UID_ITShopOrg, UID_OrgRoot, XObjectKey.
• AccProduct links to service categories via AccProduct.UID_AccProductGroup (direct column); in this sandbox 10/20 products have a category.
• Trigger enforcement:
• ITShopInfo may only be set when UID_OrgRoot in ('QER-V-ITShopOrg','QER-V-ITShopSrc').
• On insert into the IT Shop structure: ITShopInfo in ('SC','SH','BO','PR') causes QER-K-ShoppingRack-All DBQueue enqueue.
• Insert validation includes: predecessor must exist in the same role class.

Evidence file:

• sandbox-db/2026-04-27-itshoporg-columns-and-service-categories-db-evidence.md

New sandbox host evidence captured (install media)

• BaseTree trigger script: C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTree.sql
• Service item/category triggers:
• ...\050Triggers\QER_TAccProduct.sql (enqueues QER-K-ShoppingRackProductNode)
• ...\050Triggers\QER_TAccProductGroup.sql (enqueues QER-K-AccProductGroupCollection and refreshes product nodes)

Host evidence note updated:

• sandbox-host/2026-04-27-itshop-file-hints.md

Notes updated

• projects/identity-management/knowledge-base/oim-it-shop-structure-and-availability.md

Open questions / next experiments

• Clarify semantics of ITShopInfo='SC' (present in BaseTree trigger allow-list, not yet observed in live IT Shop subtree rows).
• Identify the supported “Manager/Designer/API” sequence that sets IsForITShop + creates/links the AccProduct for a synced ADSGroup once QER\\ITShop\\AutoPublish\\ADSGroup is enabled and the DB is compiled.