Source: projects/identity-management/oim-kb-update/sandbox-host/2026-04-27-itshop-productnodecheck-and-prnodecreate-shipped-sql-evidence.md

> Source: projects/identity-management/oim-kb-update/sandbox-host/2026-04-27-itshop-productnodecheck-and-prnodecreate-shipped-sql-evidence.md

Sandbox Host Evidence — IT Shop ProductNodeCheck + PR node creation (QER SQL, 2026-04-27)

Goal: capture shipped SQL artifacts on the sandbox host that explain how the IT Shop maintains BO/PR nodes and the assignment tables behind ITShopOrgHas*.

Note: These are local vendor files under C:\Dev\OneIdentityManager.10.0 on the sandbox VM.

This note records paths + summarized behavior (not verbatim vendor code).

Evidence (paths + summarized behavior)

1) Product node maintenance uses BaseTreeAssign dynamically

• File: C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_ZITShopProductNodeCheck.sql
• Procedure: QER_PITShopProductNodeCheck(@UID_OrgBO, @GenProcID)

Observed behavior (high level):

• Builds dynamic SQL via string_agg(...) across all BaseTreeAssign rows where IsITShopEnabled=1.
• It uses BaseTreeAssign → DialogTable to iterate all BaseTreeHas<Element> “MN” tables.
• Detects missing/invalid inherited assignments under a BO node (@UID_OrgBO) and performs cleanup.
• Calls QER_PITShopProductNodeCreate_b for object keys that require (re-)creating PR nodes.
• Enqueues DBQueue task QER-K-OrgAutoChild when a run hits the configured limit or needs a re-run.

Why this matters:

• This is the clearest shipped explanation of why “IT Shop availability” can look eventual:
• Changes in BaseTreeHas<Element> can require DBQueue-driven maintenance before PR nodes fully reflect them.
• It also explains why the set of enabled entitlement types is data-driven:
• BaseTreeAssign.IsITShopEnabled=1 is effectively the “list of tables to consider”.

2) PR node creation sets BaseTree.ITShopInfo='PR' and links products + object keys

• File: C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\ITShop\QER_PITShopProductNodeCreate.sql
• Procedure: QER_PITShopProductNodeCreate (and _b bulk variant)

Observed behavior (high level):

• Creates PR nodes under a BO node (BaseTree.UID_ParentOrg = <BO>) with:
• BaseTree.ITShopInfo = 'PR'
• BaseTree.UID_AccProduct = <service item>
• Fills/derives UID_PWODecisionMethod for PR nodes using a chain that includes:
• AccProduct.UID_PWODecisionMethod
• AccProductGroup.UID_PWODecisionMethod
• helper-board method (PWOHelperBoardMethod)
• Inserts rows into BaseTreeHasObject for PR nodes, using the element object key as the payload (ObjectKey).
• Contains an explicit guard for preprocessor-deactivated columns:
• PR-node population of uid_ACCProduct is conditional on DialogColumn.IsDeactivatedByPreProcessor = 0.

Why this matters:

• Confirms that the “product node” concept is literally BaseTree rows with ITShopInfo='PR' + UID_AccProduct set.
• Explains why PR nodes appear to be connected to entitlements via BaseTreeHasObject / object keys.

3) AccProductInBaseTree exists in shipped schema, but not referenced here

• File: C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERTableDef.sql
• Contains CREATE TABLE AccProductInBaseTree (UID_Org, UID_AccProduct, ...).
• File: C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\Generate\00000000QERHandleRelation.sql
• Defines relationships BaseTree → AccProductInBaseTree and AccProduct → AccProductInBaseTree via MDK_PRelationshipDefine.

Open question:

• Which shipped procedure/DBQueue task is responsible for populating AccProductInBaseTree (it is empty in the current sandbox DB), and which OIM feature consumes it.

4) Service-category closure task (reference)

• File: C:\Dev\OneIdentityManager.10.0\Modules\QER\database\MSSQL\040Procedures\QER_GDBQueueTasks\QER_ZAccProductGroupCollection.sql
• Purpose: maintains AccProductGroupCollection (transitive closure over service-category hierarchy).