Source: projects/identity-management/oim-kb-update/sandbox-host/2026-04-27-itshop-file-hints.md

> Source: projects/identity-management/oim-kb-update/sandbox-host/2026-04-27-itshop-file-hints.md

Sandbox Host Evidence — IT Shop DB Scripts (2026-04-27)

Evidence from file inspection on im.sandbox.local (WinRM), focusing on installed product / module database scripts that explain IT Shop placement and “IsForITShop” flag behavior.

Method

• WinRM via Invoke-Command using scripts/sandbox/_Common.ps1 + Resolve-SandboxCredential -Role AdAdmin.
• Searched in:
• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database
• C:\Dev\OneIdentityManager.10.0\Modules\QBM\database
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database
• C:\Dev\OneIdentityManager.10.0\Modules\RMS\database
• Search patterns: PITShopProductNodeCreate, AccProductInBaseTree, IsForITShop, IsITShopOnly, ITShopInfo, QER-K-ShoppingRack-All.

Findings (file hits)

Auto-Publish for ADSGroup is shipped via ADS module (config parameter + script references)

Evidence that the QER\ITShop\AutoPublish\ADSGroup configuration parameter is part of the shipped ADS content (not just a local customization):

• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\Dump\ModuleContent.xml
• contains parameter FullPaths like:
• QER\ITShop\AutoPublish\ADSGroup
• QER\ITShop\AutoPublish\ADSGroup\AutoFillDisplayName
• QER\ITShop\AutoPublish\ADSGroup\ExcludeList
• Select-String hits (sandbox host, WinRM):
• ModuleContent.xml:20919 → QER\ITShop\AutoPublish\ADSGroup
• ModuleContent.xml:17993 → QER\ITShop\AutoPublish\ADSGroup\AutoFillDisplayName
• ModuleContent.xml:27707 → QER\ITShop\AutoPublish\ADSGroup\ExcludeList
• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\Dump\StartupContent.xml
• contains script fragments referencing:
• Connection.GetConfigParm("QER\ITShop\AutoPublish\ADSGroup\AutoFillDisplayName")
• Connection.GetConfigParm("QER\ITShop\AutoPublish\ADSGroup\ExcludeList")
• Select-String hits (sandbox host, WinRM):
• StartupContent.xml:3480 → Connection.GetConfigParm("QER\ITShop\AutoPublish\ADSGroup\AutoFillDisplayName")
• ModuleContent.xml:31356 → Connection.GetConfigParm("QER\ITShop\AutoPublish\ADSGroup\ExcludeList")
• excerpt (AutoFillDisplayName logic; note the use of UID_AccProduct if present):
• StartupContent.xml:3480 → Connection.GetConfigParm("QER\ITShop\AutoPublish\ADSGroup\AutoFillDisplayName")
• StartupContent.xml:3491-3494:
• if UID_AccProduct is set → display name uses FK(UID_AccProduct).Ident_AccProduct
• else → falls back to cn

Evidence that the root QER\ITShop\AutoPublish parameter is introduced via QER migration:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Migration\V82\2021.0006.0017.0000.sql
• includes a row describing 'AutoPublish' / 'QER\ITShop\AutoPublish' as a “General configuration parameter defining automatically assignments of system entitlements to IT shop.”

ShoppingRack tasks + BaseTree triggers are shipped in QER/QBM DB scripts

• DBQueue task dependency definition references QER-K-ShoppingRack-All:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\041DBQueueTaskDepend\DBQueueTaskDepend.sql (e.g. near line ~118)
• The BaseTree trigger script contains the enqueue call for ShoppingRack recalculation:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTree.sql (e.g. near line ~43)
• IT Shop-related trigger scripts exist for other affected relations (examples):
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTreeHasPWODecisionmethod.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TPWODecisionMethod.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TPWODecisionSubmethod.sql

Product node creation / IT Shop procedures

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\ITShop.xml references QER_PITShopProductNodeCreate.sql.
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_PITShopProductNodeCreate.sql contains create or alter procedure QER_PITShopProductNodeCreate(...).
• Additional related procedures in the same folder were detected:
• QER_PITShopProductNodeMove.sql
• QER_PITShop_PRNodesMove.sql
• QER_ZITShopProductNodeCheck.sql
• Module dump also contains references:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml

Quick semantics hint (from QER_PITShopProductNodeCreate.sql)

• The shipped QER_PITShopProductNodeCreate_b procedure:
• works with ObjectKey elements (entitlements) and BaseTreeAssign metadata to derive the “right table” and relation tables,
• computes a UID_ACCProduct in a temporary #Struktur table,
• creates PR nodes by inserting into BaseTree with ITShopInfo='PR',
• creates BaseTreeHasObject entries for the PR node and the entitlement ObjectKey,
• and uses QBM_PJobCreate_HOUpdate to set ITShopOrg.UID_AccProduct on the PR node.
• Notably (based on string search + the DB copy inspected in this run), it does not reference AccProductInBaseTree at all, which suggests “placement” is modeled via BaseTree + “BaseTreeHas<type>” relation tables rather than via AccProductInBaseTree in this environment.

Concrete excerpt pointers in the shipped SQL file (useful for line-accurate reconciliation):

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_PITShopProductNodeCreate.sql:52-56
• join to BaseTreeAssign with IsITShopEnabled = 1 to derive the right/middle tables.
• ...QER_PITShopProductNodeCreate.sql:125-128
• insert into BaseTree(... ITShopInfo ... ) ... 'PR' ...
• ...QER_PITShopProductNodeCreate.sql:152-162
• insert into BaseTreeHasObject ... select ..., s.ObjectKeyElement ...

AccProductInBaseTree table definition / relation metadata

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERTableDef.sql includes a Create Table AccProductInBaseTree (...) statement.
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERHandleRelation.sql contains MDK_PRelationshipDefine entries involving AccProductInBaseTree.
• Module bootstrap content references AccProductInBaseTree:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml

Service categories (AccProductGroup) + hide flag (AccProduct.IsToHideFromITShop)

Evidence that service-category metadata and the “hide from IT Shop” flag are first-class, shipped schema elements (not local custom columns):

• AccProduct.IsToHideFromITShop is defined with a default in the generated table definition:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERTableDef.sql:36-38
• contains: IsToHideFromITShop bit default 0 NULL
• The same flag is introduced via migration for older installations:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Migration\V90\2022.0004.0012.0000.sql:26
• contains: exec QBM_PColumnAdd 'ACCProduct', 'IsToHideFromITShop', 'bit'
• Service category maintenance + collection jobs exist in QER scripts:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TAccProductGroup.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\QER_GDBQueueTasks\QER_ZAccProductGroupCollection.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\030ViewDefinitionPostStuff\ViewsForTec\QER_VACCProductGroupCollection.sql

“IsForITShop” / “IsITShopOnly” flag combine + enforcement logic (QER + RMS)

• QER flag-check procedures/functions:
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\Base\QER_PIsForITShopFlagCheck.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\Base\QER_FGIITShopFlagCombineValid.sql
• QER triggers mentioning combined flags (examples):
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTreeHasQERAssign.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTreeHasQERResource.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTreeHasQERReuse.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTreeHasQERReuseUS.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TPersonHasQERAssign.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TPersonHasQERResource.sql
• RMS triggers mentioning combined flags (system roles / ESet):
• C:\Dev\OneIdentityManager.10.0\Modules\RMS\database\MSSQL\050Triggers\RMS_TBaseTreeHasESet.sql
• C:\Dev\OneIdentityManager.10.0\Modules\RMS\database\MSSQL\050Triggers\RMS_TESet.sql
• C:\Dev\OneIdentityManager.10.0\Modules\RMS\database\MSSQL\050Triggers\RMS_TESetHasEntitlement.sql

ADS module triggers explicitly enforce IT Shop flag combinations

Examples of shipped ADS triggers that reference IT Shop flag enforcement helpers:

• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\050Triggers\ADS_TBaseTreeHasADSGroup.sql
• raises #LDS#Assignment is not permitted due to the combination of IT Shop flags.| when QER_FGIITShopFlagCombineValid(...) fails.
• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\050Triggers\ADS_TAdsGroup.sql
• contains logic around updates of isITShopOnly / assignment constraints.
• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\Generate\00000000ADSTableDef.sql
• shows ADSGroup.IsForITShop bit default 0.

ITShopInfo in shipped view logic (PWO-related)

Detected ITShopInfo-based joins/filters in:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\020ViewDefinitionManual\ViewsForPWO\QER_VPWOProductNodeAndRule.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\020ViewDefinitionManual\ViewsForPWO\QER_VPWOProductNodes.sql
• Several other ViewsForPWO SQL files in the same directory.

Next extraction

• Pull additional targeted excerpts of:
• QER_PIsForITShopFlagCheck.sql
• QER_FGIITShopFlagCombineValid.sql
• QER_TUAccProduct.sql (ShoppingRackProductNode enqueue)
• RMS_TESetHasEntitlement.sql
• QER_VPWOProductNodes.sql

and reconcile their logic with the live sandbox DB observations.

---

Addendum (2026-04-27 run 7): module dumps and MDK helper hints

Module dump evidence: IsToHideFromITShop and “no category” clauses are shipped

Select-String hits on the sandbox host (installed product media):

• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\Dump\ModuleContent.xml:38587
• contains: <C Name="IsToHideFromITShop">
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml:100955
• contains: <C Name="IsToHideFromITShop">
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml:8648
• contains: <V Id="DEC6573B">IsToHideFromITShop</V>
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml:31945
• contains: <V Id="588CEFFB">AccProductWhereClause=isnull(UID_AccProductGroup,'')=''[F]</V>

Interpretation: install media includes explicit logic paths for AccProduct “without category” and carries the IsToHideFromITShop column metadata, but DB-side stored procedures/triggers in this sandbox do not actively reference IsToHideFromITShop.

MDK helper hints: ITShopInfo codes used beyond BO/PR

MDK search hits worth reconciling with live sandbox ITShopInfo observations:

• C:\Dev\OneIM10.0.0-MDK\MDK\database\MSSQL\005Helper\180DefineQEREntitlementSource.sql:58
• contains: and b.ITShopInfo = 'PR'
• C:\Dev\OneIM10.0.0-MDK\MDK\MMM\Database\MSSQL\040Procedures\MMM_ZBaseTreeHasGroup.sql:159
• contains: and b.ITShopInfo in ( 'BO', 'PR', 'BG', 'BT')

---

Addendum (2026-04-27 run 8): category closure + legacy tables + BG/BT reconciliation

AccProductInBaseTree appears shipped but “quiet” (no strong runtime wiring)

Select-String file hits in installed product media for AccProductInBaseTree are limited to schema/metadata artifacts:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERHandleRelation.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERTableDef.sql

Interpretation (sandbox-specific): the table is shipped, and views reference it, but the core PR-node placement logic (ShoppingRack + QER_PITShopProductNodeCreate) does not appear to populate it in this environment.

IsToHideFromITShop is shipped but not referenced by IT Shop procedures here

File hits for IsToHideFromITShop on the sandbox host:

• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\Dump\ModuleContent.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERTableDef.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Migration\V90\2022.0004.0012.0000.sql

Interpretation (sandbox-specific): in this sandbox, the IT Shop/ShoppingRack database procedures do not appear to reference this column; the flag is likely evaluated in application/UI logic.

Service category closure + DBQueue maintenance is explicitly shipped

Key shipped artifacts for AccProductGroupCollection / QER_VACCProductGroupCollection:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\030ViewDefinitionPostStuff\ViewsForTec\QER_VACCProductGroupCollection.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\QER_GDBQueueTasks\QER_ZAccProductGroupCollection.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\QER_GDBQueueTasks\QER_GDBQueueTasks.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TAccProductGroup.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\041DBQueueTaskDepend\DBQueueTaskDepend.sql
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml

MDK BG/BT references are module-specific (MMM), not observed in live QER IT Shop data

MDK MMM procedures reference ITShopInfo BG/BT (see run 7). Live sandbox DB query returns 0 rows for BaseTree.ITShopInfo IN ('BG','BT'), so in this sandbox these codes currently do not apply to the QER IT Shop subtree.

---

Addendum (2026-04-27 run 10): BaseTreeAssign + DB compile/DBQueue task metadata sources

BaseTreeAssign table definition is shipped (QER module)

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERTableDef.sql
• contains Create Table BaseTreeAssign (...) including UID_DialogTableElement, UID_DialogTableMN, and IsITShopEnabled.

DBQueue task metadata tables are shipped (QBM module)

• C:\Dev\OneIdentityManager.10.0\Modules\QBM\database\MSSQL\Generate\00000000QBMTableDef.sql
• contains:
• Create Table QBMDBQueueTask (...) (UID_Task, ProcedureName, QueryForRecalculate, …)
• Create Table QBMDBQueueTaskDepend (...) (UID_TaskPredecessor, UID_TaskFollower, …)

“Recompile database” procedure is shipped (QBM module)

• C:\Dev\OneIdentityManager.10.0\Modules\QBM\database\MSSQL\010FunctionsPreView\QBM_GCommon\QBM_PRecompileAll.sql
• defines QBM_PRecompileAll (used as a concrete anchor when docs mention “compile the database”).

MDK helper scripts show how BaseTreeAssign is defined/extended

• C:\Dev\OneIM10.0.0-MDK\MDK\database\MSSQL\005Helper\050DefineBaseTreeAssign.sql
• shows explicit insert into BaseTreeAssign (...) patterns (with UID_DialogTableElement and UID_DialogTableMN set to *-T-* identifiers).

MDK helper scripts confirm PR-node semantics via ITShopInfo='PR'

---

Addendum (2026-04-27 run 14): System roles (ESet) are shipped as IT Shop link targets

Read-only file inspection on im.sandbox.local shows the ESet IT Shop link artifacts are part of shipped QER content (even though the sandbox currently has no BaseTreeHasESet rows under the IT Shop subtree):

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\ModuleContent.xml
• contains ITShopOrgHasESet references (view metadata)
• contains BaseTreeHasESet references (table metadata)
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml
• contains BaseTreeHasESet references (schema metadata)

Quick negative finding (scanned files listed above): no QER\ITShop\AutoPublish\ESet config-parameter path hit. This suggests that system-role publication may be driven via generic/other mechanisms (or via different parameter names), not a dedicated ESet AutoPublish subtree (to be verified with a full repo-wide host search if needed).

Additional shipped artifact hint (QER triggers folder):

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TESet.sql
• defines update triggers for ESetHasEntitlement, PersonHasESet, WorkDeskHasESet, and BaseTreeHasESet
• in this install media, these triggers are *stubs* (no logic), implying runtime consistency logic is implemented in other triggers/procedures (or by compiled script logic) rather than in these trigger bodies.

• C:\Dev\OneIM10.0.0-MDK\MDK\database\MSSQL\005Helper\180DefineQEREntitlementSource.sql
• queries PR nodes using BaseTree.ITShopInfo = 'PR' and joins to the parent shelf (BaseTree bo on b.UID_ParentOrg = bo.UID_Org).

---

Addendum (2026-04-27 run 11): “IT Shop Source” (ITShopSrc*) shipped but disabled via ITSHOPSOURCE

StartupContent confirms ADS AutoPublish scripts reference QER config parms (under ITSHOP)

From C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\Dump\StartupContent.xml:3480 (context snippet):

#If ITSHOP Then
  If Connection.GetConfigParm("QER\ITShop\AutoPublish\ADSGroup\AutoFillDisplayName")="1"
  Then
    ...

Module dump references the ITShopSrcHasADSGroup view + job chain

Select-String hits (examples) in:

• C:\Dev\OneIdentityManager.10.0\Modules\ADS\database\MSSQL\Dump\ModuleContent.xml
• references ADS-T-ITShopSrcHasADSGroup
• references job chain JobChain_VI_ESS_ITShopSrcHasADSGroup_Public_BoardTemplate_Allocation

Why it is disabled in this sandbox (live DB cross-check)

In the sandbox DB, DialogTable.TableName='ITShopSrcHasADSGroup' has PreProcessorCondition='ITSHOPSOURCE' and IsDeactivatedByPreProcessor=1, and the compiled SQL view definition is where 1 = 0 (see DB evidence note for the exact query/output).

---

Addendum (2026-04-27 run 12): BaseTree trigger enforcement + service-category wiring

BaseTree trigger script location + key snippets

Install media trigger script that matches the live QER_TIBaseTree / QER_TUBaseTree behavior:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TBaseTree.sql

High-signal excerpts (captured via WinRM Select-String):

• Enqueue ShoppingRack when IT Shop nodes change:
• ... uid_OrgRoot = 'QER-V-ITShopOrg' and ... itshopinfo in ('SC', 'SH', 'BO', 'PR') ... exec QBM_PDBQueueInsert_Bulk 'QER-K-ShoppingRack-All', ...
• Guard rail:
• ... ITShopInfo > ' ' and UID_OrgRoot not in ('QER-V-ITShopOrg', 'QER-V-ITShopSrc') ... raiserror('...Cannot set IT Shop information...')
• Predecessor validation:
• ... raiserror('...Cannot insert node, because predecessor does not exist in the same role class...')

Service-item/category triggers and DBQueue tasks (product-node refresh)

Install media:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TAccProduct.sql
• Enqueues QER-K-ShoppingRackProductNode when AccProduct changes (including UID_AccProductGroup updates).
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\050Triggers\QER_TAccProductGroup.sql
• Enqueues QER-K-AccProductGroupCollection when the category hierarchy changes.
• Enqueues QER-K-ShoppingRackProductNode to refresh affected product nodes based on QER_VACCProductGroupCollection.

---

Addendum (2026-04-27 run 13): ITShopInfo='SC' is “shopping center” (shipped) even if not present in this sandbox

Shipped QER procedures reference ITShopInfo='SC' and explicitly treat it as a shopping center node:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_PITShop_ShopMove.sql:35
• ... ITShopInfo = 'SC' ... raiserror( '#LDS#The given target node is not a shopping center.|', ... )
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_ZITShopCheckStructure.sql:33
• checks the “SC → SH → BO” pattern (o.ITShopInfo='SC', s.ITShopInfo='SH', b.ITShopInfo='BO') when enqueuing QER-K-ShoppingRackMethod.
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_ZITShopDecisionMakerFill.sql:55
• uses bo.ITShopInfo='SC' when filling decision-makers via org mappings.

Additional shipped description text includes “shopping center template” phrasing:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml:2300
• contains a value text describing shelf templates including “shopping center template”.

---

Addendum (2026-04-27 run 17): Service categories influence PR-node decision method resolution

This is the strongest concrete “service categories matter” example found so far (beyond portal grouping):

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_FTMethodForPRNode.sql
• Computes the UID_PWODecisionMethod for PR nodes by precedence:

1) BaseTree.UID_PWODecisionMethod (PR node)

2) AccProduct.UID_PWODecisionMethod

3) Walk up the AccProductGroup parent chain using QER_VACCProductGroupCollection (closure table) and take the first parent with AccProductGroup.UID_PWODecisionMethod

4) Fallback: PWOHelperBoardMethod (board/shelf-level helper decision method)

• The query explicitly joins AccProduct -> AccProductGroup -> QER_VACCProductGroupCollection -> AccProductGroup (parent) and iterates CountSteps from 0..max.

Related DBQueue glue:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_ZITShopCheckMethodPR.sql
• Calls QER_FTMethodForPRNode(@PRNodes) and updates BaseTree.UID_PWODecisionMethod for changed PR nodes.
• Enqueues QER-K-ShoppingRackPWODecisionMaker if it updated any PR nodes.

AccProductInBaseTree is still shipped (schema + relationships), even if unused in this sandbox

WinRM Select-String hits show that AccProductInBaseTree remains a shipped QER artifact:

• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERTableDef.sql
• contains Create Table AccProductInBaseTree (...) (UID_Org, UID_AccProduct, XObjectKey, …)
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERHandleRelation.sql
• defines the BaseTree -> AccProductInBaseTree relationship via MDK_PRelationshipDefine
• C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Dump\StartupContent.xml
• includes the table metadata identifier AccProductInBaseTree.