Skip to main content

2024.3

· 63 min read

The 2024.3 release of the Thinkwise Platform introduces Personal Access Tokens (PATs) as an option to enhance security. PATs are a secure way for users to allow external parties to connect with your application. Some advantages of PATs are that user credentials are not shared, access can be limited to specific resources, and access can be revoked without changing the user's password.

Customized reports are now possible thanks to a new parameter property in the Software Factory and the ability to override the default report file in IAM.

Other highlights in IAM include environment interaction logs (to monitor the configuration of your environment), and security checks (to verify the data accessibility of your application).

We also made quite a number of quality-of-life improvements, including performance enhancements, better merging capabilities, UI/UX updates for unit tests, and new options in code search.

This release includes 16 Community ideas, representing 221 votes.

tip

Questions or suggestions about the release notes? Let us know in the Thinkwise Community!

Contents

Upgrade notes

System requirements

For a full overview, see the System requirements

  • The Thinkwise Platform requires SQL Server 2019.

  • For AI-powered enrichments, use the latest AI models for the best results. For OpenAI, we recommend ChatGPT 4 or up.

  • .NET Framework requirements:

    ComponentMinimum .NET version
    Windows GUI4.7
    Indicium8.0
    Indicium Basic4.7.2

Breaking

Access control - Role name standardization

change

With the introduction of Personal Access Tokens, role names must now adhere to the standards set by OAuth2. The following standards must be followed:

  • Use underscores - When multiple words are needed, use underscores (_) to separate them, such as read_messages.
  • Avoid special characters - Avoid special characters that might cause issues in URLs or other contexts; stick to alphanumeric characters, hyphens, underscores, colons, and periods.

When you enter a role name, illegal characters are replaced automatically.

We also advise:

  • Use lowercase - Using lowercase characters is a common convention to maintain consistency and readability.
Check your code

During the upgrade, the existing role names will be updated to comply with these standards. After the upgrade, check if you need to adjust any logic.

Authorization - Changed start objects sorting

change

In your end-user applications, the sorting of start objects may have changed. Previously, the user group preferences were not always executed first. In some situations, this could cause issues.

Now, the user group preferences are executed before the individual preferences. In addition, the GUI shows the start object that was last executed by the user first.

Example

In the previous situation, the order of the start objects could be, for example:

  1. Start object 1 (individual): Open employees - sequence number 10
  2. Start object 2 (group): Open dashboard - sequence number 10
  3. Start object 3 (individual): Open hours - sequence number 20

Now, the order would be:

  1. Start object 1 (group): Open dashboard - sequence number 10
  2. Start object 2 (individual): Open employees - sequence number 10
  3. Start object 3 (individual): Open hours - sequence number 20
Check the sequence numbers of start objects in IAM

This change may impact your current start object order. In IAM, check the sequence numbers for the start objects for users and user groups:

  • Users: menu Authorization > Users > tab User preferences > tab Start objects
  • User groups: menu Authorization > User groups > tab Group preferences > tab Start objects

Models - Archived branches and history data

new

Over time, the database can grow in size due to a growing list of archived branches and their history data. This can become a problem in terms of storage, backup, and restoration. In Thinkwise Platform version 2024.1, we introduced the task Clean up model history (menu Advanced > Master data > Software Factory). This task removes the history data of deleted branches, deleted models, and archived branches

Now, we have automated this process for archived branches. You can change the retention period for its schedule in a new setting: Archived branch retention (menu Maintenance > Configuration).

Check the retention period
  • Upon upgrading to platform version 2024.3, the default value for the setting Archived branch retention is set to 60 days. An upgrade validation is in place to remind you to verify this retention period and adjust it if necessary.
  • A system flow cleans up any archived branch and its history that exceeds the retention period, starting after the upgrade on the first Sunday at 21:00 UTC. You can set up your own custom schedule in IAM (menu Authorization > Applications (SQLSERVER_SF) > General settings > Scheduled system flows) for the system flow system_flow_clean_archived_branch_history.

Archived branch retention setting

User Interface - Form layout for Universal GUI

change Universal GUI

The Universal GUI has changed the way it interprets the model to show a form. This change is operational from this version onwards. It affects the form layout for columns, task parameters, and report parameters.

Fields are no longer automatically grouped for the checkboxes Field in next column and Field on next tab page. If you want to group fields, you must select Next group.

The checkboxes now function as follows:

  • Field on next tab page: Fields are placed in a new section
  • Field on next tab page + Next group: Fields are placed over the full width
  • Field on next tab page + (halfway the fields) Field in next column: Fields are placed in two columns
warning

If you use the Universal GUI for your end application, check the form layout in your application, especially the forms with multiple columns.

The checkboxes are available in the following locations:

  • menu User interface > Subjects > Default/Variants > Components > Form
  • menu Processes > Tasks > Default/Variants > Task parameters > Form
  • menu Processes > Reports > Default/Variants > Report parameters > Form

Authorization - Personal access tokens

Personal access tokens

new Universal GUI

Security is a key aspect of any system, and this is no different for the Thinkwise Platform. To further enhance security, we are introducing Personal Access Tokens (PATs).

Personal Access Tokens are a secure way for users to allow external parties to connect with their application. They can create their own tokens and assign a limited set of application permissions to them. Or, from a technical point of view: they are a way for external parties to log in to the Indicium API with a token instead of basic authentication.

When to use PATs

(Click the image to enlarge)

When to use PATs When to use PATs

Some examples

With a PAT, users can achieve features in an application without waiting for others to implement them.

Examples for applications:

  • Set up webhooks (for example, with a service like If This Then That (IFTTT)) that perform actions on the user's behalf or poll the user's data in a Thinkwise application, such as:

    • Synchronizing appointments between a Thinkwise application and their personal Google or Apple calendar
    • Synchronizing data between a Thinkwise application and another application, such as a Finance or CRM application, on behalf of the user
    • Setting up an automated process to receive an email or text message when the status of a task, order, invoice, transaction, project, or ticket changes
    • Starting a long-running process flow at night, such as importing data or generating invoices on behalf of the user
    • Setting up an AI Assistant to answer questions about the data in a Thinkwise application

Examples for Indicium administration:

  • Integrating Indicium health checks into load balancer decision making
  • Verifying Indicium and database health after running a CI/CD pipeline

Examples where a PAT token could be used instead of a Client Application with grant type Client credentials:

  • The third-party application does not support OAuth
  • You want to configure a specific end date for the integration
  • You want to use a single IAM user for multiple integrations with slightly differing permission sets
  • You want to use a single IAM user for multiple identical integrations but have the freedom to change permission sets for individual integrations later

How users create PATs

Universal GUI

Users can create PATs in the application in their profile menu. They need to select an application, add a name, and select the permissions they want to assign to the token. The expiration date can be set from one day to one year. It is not yet possible to be notified when a PAT is about to expire, so users will need to set a reminder themselves or regularly check and extend their PATs.

After creation, the token is shown only once, so users need to copy and save it in a secure location, for example, a password manager. This token needs to be used in the connection to another application.

PATs can be edited later, for example, to extend the expiration date or to add or remove permissions. Users can also delete a PAT if it is no longer needed.

Create a Personal Access Token for an application

Benefits

Without PATs, users can only allow delegated access to full applications by providing their credentials. It is only possible to provide access to a subset by creating a new user with limited roles. You could use the OAuth2 grant flow to prevent sharing credentials, but this requires a lot more set-up and also provides access to full applications. The only way to revoke this access is by changing a user's credentials. For example, to revoke access to administrative tasks, you would have to create a new user with different roles.

With PATs, you still have to configure in IAM how users should be able to automate access to parts of your application, and an IAM administrator still needs to assign which users are allowed to do so. However, it standardizes the process of providing access to users, instead of having to manage users specifically created for a certain purpose. If a PAT is leaked or if access is no longer needed, access to the resources can be revoked by the user or an IAM administrator without changing the user's password or creating a new user. And if a user needs to change their password for whatever reason, the PAT will keep working.

Configuration of PATs

To allow users to create PATs, you need the following configuration in the Software Factory and IAM:

  • In the Software Factory, roles must be allowed to be used in PATs. To users, these roles are visible as permissions when they create PATs in their application, so add a good translation that they can understand.
  • In IAM, the rights to create and manage PATs are by default not available to users or applications. Administrators must configure these:
    • user administrator To allow users to create PATs: menu Authorization > Users > tab Form > field Allow PAT creation.
    • main administrator application administrator To allow the creation of PATs in an application: menu Authorization > Applications > tab Form > field Allow PAT.
    • application owner To make roles available as permissions to be used in PATs: menu Authorization > Applications > tab Authorization settings > tab Personal access token roles > field Available for PAT. This option requires that PATs are allowed for the application.
note

To allow execution of administrative tasks in Indicium with a PAT, users need specific roles:

  • Health check (advanced): main administrator or developer mode
  • Licensing: main administrator

PAT management in IAM

new

Administrators are not allowed to create PATs in IAM but they can manage the tokens that have been created by users. An overview of these PATs is available in the menu Analysis > Personal access tokens. If necessary, administrators can revoke a token, for example, when it is compromised (task Revoke personal access token ).

Personal Access Tokens overview

Access control - Role improvements for PATs

Community idea new change

To facilitate the use of personal access tokens, the roles created in the Software Factory can now be translated (menu Access control > Roles). The translations are synchronized to IAM and shown on the screens with roles there.

When users create a PAT, they see the translated roles as permissions they can select for use in the PAT.

Breaking change

The role names must now adhere to the standards set by OAuth2. For more information, see the breaking change Role name standardization.

Access control - Role groups for PATs

new

To facilitate the use of personal access tokens, it is now possible to group roles in the Software Factory. The role groups are synchronized to IAM and shown on screens with roles. Using role groups can help you organize roles more effectively for PATs, as they add context to the permissions in the screen for creating a PAT. For other purposes, you can also use a different organization method if you prefer.

You can create and edit role groups in the menu Access control > Roles > tab Role groups. Role group names need to adhere to the same naming standards as roles:

  • Use underscores - When multiple words are needed, use underscores (_) to separate them, such as read_messages.
  • Avoid special characters - Avoid special characters that might cause issues in URLs or other contexts; stick to alphanumeric characters, hyphens, underscores, colons, and periods.

When you enter a role group name, illegal characters are replaced automatically.

We also advise:

  • Use lowercase - Using lowercase characters is a common convention to maintain consistency and readability.

You can use the task rename to rename the role group.

To assign a group to a role, you can use the field Role group in the menu Access control > Roles > tab Role > tab Form. If groups have at least one role, you can use drag/drop to move roles to another group and to change the order of the roles within a group.

Translations for PATs

new

Global translations for PATs are available in Dutch and English. You can change and add global translations in the menu Settings > Global translations.

The translations for roles and role groups are synchronized to IAM. Users who create PATs see those as grouped permissions in their own language. The synchronization makes roles and role groups also available to IAM administrators in their own language. For these reasons, it is important to add good translations to roles and role groups in the Software Factory.

  • If no translation is available for the role group in their language, the system falls back to the default IAM language.
  • If no translation is available at all, the IDs of the role groups are shown.

New and changed in the Software Factory

Generative AI - Switch Generative AI provider type

3-tier new

We have added a new task: Switch generative AI provider type . You can use it to switch between different providers and to deviate from the default generative AI provider type. After execution, you will be prompted to encrypt the provided API key. This behavior is consistent with, for example, the existing task for switching to another Email provider type.

tip

At the moment, we support OpenAI and Azure OpenAI. Feel free to create a Community idea if you want to use another provider.

You can set the default generative AI provider type in the menu Integration & AI > Generative AI. The task to switch the provider is available in the following locations:

  • In the Software Factory for runtime configurations (menu Maintenance > Runtime configurations > tab Generative AI provider). Changes in the default runtime configuration directly modify the branche. Changes in the other runtime configurations only affect that runtime configuration.
  • In IAM for applications (menu Authorization > Applications > tab General settings > tab Generative AI providers)

Merging - View errors in a merge session

new

It is now easier to view errors, if any, in the latest merge session. This is especially useful for scheduled merge sessions. You can find the errors in the menu Models > Merging > tab Merging > tab Execute merge session log.

Merge session result

Merging - Prevent execution of stale merge sessions

new

When merging branches, it is important to ensure the merge session data is up-to-date. Changes made to branches after the initial comparison analysis can lead to incorrect situations, such as applying updates to objects that no longer exist.

To facilitate this, we have added the task Check merge session to the screen Merging (menu Models > Merging). It compares the changes between the merge session's last refreshed date and the current point in time, using the new column Last refreshed on.

If anything has changed in any of the involved branches, you are prompted to refresh the merge session, which will redo the comparison analysis. If possible, any previously resolved conflicts will be reapplied. This requires that both sides of the conflict are still exactly the same, based on the primary key.

The check is performed automatically after creating a merge session. This way, the merge session is always based on the branches' latest state even if someone changed something in de branch during the creation of the merge session. The check is also performed right before executing a merge session, so merge sessions that are not up-to-date can never be merged incorrectly.

Check if the merge session is still up-to-date

Merging - Exclude merge actions

change

Usually, you want to merge everything from a branch to the main model, solve conflicts, and then execute the merge. However, sometimes you want to exclude an action from the merge execution. For example, when a specific table is not yet finalized, but you want to merge the rest of the changes.

In that case, you can now exclude delta actions within a merge session with the new task Exclude merge action (menu Models > Merging > tab Merge impact or Advanced). It excludes the action and its dependencies from the merge execution. If a merge session is outdated and refreshed, manually excluded actions will still be excluded, unless they cause a conflict.

It is no longer possible to edit a merge action. Merge actions can only be solved with conflict resolutions or excluded (using this new task). This minimizes the possibility of creating contradictory actions.

note

You can only exclude merge actions that are not involved in a conflict. Merge actions that are involved in a conflict must be resolved through regular conflict resolution. We recommend resolving conflicts first, then check the merge impact, and finally exclude any merge actions that should not impact the branch(es).

To re-apply the action, you need to go to the excluded merge action in the tab Advanced and execute the task Re-apply merge action . The merge action will then be applied in the merge execution.

Models - Export now includes base data

change

When exporting a model, Software Factory base data is now included by default. This change prevents issues with missing base data when importing the model into another model or into another Software Factory instance.

Processes - Changed adding tasks or reports to a menu

change

Previously, it was possible to add a task or a report to a menu through the tabs in the following menus:

  • menu Processes > Tasks
  • menu Processes > Reports

However, if you wanted to add the same task to two different types of menus, the option to select a menu was no longer available, which was confusing.

Now, the tab Menu is fully read-only; it is meant as an overview of the menu items to which a task or a report is connected. To update the menu, you should now use the tasks Go to menus . These tasks allow you to quickly navigate to the corresponding tree view, list bar, or tile menu item.

tab menu The tab Menu is read-only and contains a Go to menus task

Processes - Custom report with parameter property

new

Previously, when a report was stored in the file storage, it was not possible to show a different report based on the data. For example, if you wanted to use different reports for large orders and for small orders. To solve this, we have added a new report property: Report file (menu Processes > Reports > tab Reports > tab Report parameters).

With this property, you can store report files in your storage location and supply them in a report parameter with the required data using a default procedure. To be able to use this property, you need a storage location and also the domain of the property needs to have a storage location. A validation is in place to verify this.

note
  • The previous property Report file has been renamed to Report file (non-file storage)
  • The combination of the properties Report file (non-file storage) and Report file is not allowed
  • For each report, only one report property can be used, either Report file or Report file (non-file storage)

Processes - Process flow description synchronized to IAM

change

If you create a system flow for your application and add a description to it (menu Processes > Process flows), this description is now synchronized to IAM. This helps main administrators and application administrators understand the purpose of your system flow. In IAM, the description is visible in the system flow schedules at the following locations:

  • menu Authorization > Applications > General settings - The scheduled system flows for the application
  • menu Analysis - Analysis of the scheduled system flows for all applications

Processes - 'Entire day' option for system flow schedules

Community idea new

Setting up a system flow schedule to recur the entire day could be confusing. When a time range from 00:00 AM to 00:00 AM was used, the system flow would not run.

To address this, we have added a new option to the system flow schedules called Entire day (menu Processes > Process flows > tab Process schedules). When you select this option, the fields for Starting at and Ending at are automatically filled with 12:00:00 AM and 11:59:59 PM, respectively. These values cannot be changed. For a different schedule, you can still select the options Once or Between (previously: Recurring).

To improve consistency with IAM, the options Occurs and Occurs every are now automatically set to Daily and Hours, respectively.

The new option Entire day is also available in IAM, see Authorization - Entire day option added to system flow schedules for more details.

All day option in process schedule

User interface - Generate prefilters based on domain elements

Community idea new

We have made it possible to Generate prefilters based on domain elements (menu User interface > Subjects > Data > Prefilters).

You are prompted to enter the column for which you want to generate the prefilters. By default, the first column that uses a domain with elements is selected, but you can change this. You can also link the generated prefilters to a prefilter group. New groups can be created in the lookup.

generate prefilter Generate prefilters based on domain elements

The same task can be used to generate prefilters for elements that have not yet resulted in a prefilter, or to update existing ones when the icon or sort order changes. For example, when you add new statuses to your domain element list, you can use this task to add new prefilters based on these elements. After execution, all elements of the given domain have a corresponding prefilter.

tip

Because this task is an enrichment, you can also run it for all your tables and columns using the given domain (menu Enrichments > Model enrichments).

This task makes the enrichment Create prefilter for image combos redundant, so it has been removed.

prefilter screen Prefilter screen

User interface - Setup initial sort order

new

We have added a new task: Set up initial sort order . You can use it to quickly set the Sort order for a selected subject based on its primary key and the table's lookup display column (menu User interface > Subjects > tab Data > tab Sort). This is especially useful when you need to set up sorting for multiple tables. The sort order is based on all primary key columns, or, if a look-up display column is defined, on all but the last primary key column and the look-up display column.

The task is disabled when a sort order is already set up for the table.

Set up Sort order based on primary key

User Interface - Changed accessibility of Filter and Find tabs

change

The tabs Filter and Find (menu User Interface > Subjects > Data) are no longer always accessible. They are only accessible if the corresponding Filter and Find settings are enabled in the menu User interface > Subjects > tab Settings > tab Permissions.

User Interface - Renumber tasks for variants

new

Previously, renumber tasks for ordering objects in the grid, form, card list, etc. were only available for the main tables. Now, these tasks are also available for variants in the following locations in the menu User Interface > Subjects > Variants:

  • tab Components > tabs Grid, Form, and Card list
  • tab Data > tabs Sort and Filter
  • tab Links > tab Details

User interface - Changed prefilter type clears columns

change

Previously, when switching the Prefilter type from Query to Prefilter columns or vice versa, the previous data would be retained, leading to a validation. Now, when switching, the data that no longer corresponds with the prefilter type will be emptied:

  • Switching from Prefilter columns to Query clears the previously set prefilter columns
  • Switching from Query to Prefilter columns clears the previously set query

Data - Support for system version retention

Community idea new SQL server

Version control in the Software Factory is managed using temporal tables containing historical data. However, historical data can grow significantly over time, especially when data is retained for a long period or when heavy data modifications are executed regularly. To prevent potential issues related to storage costs and performance, we have introduced a new setting.

In the field System versioning (menu Data > Data model > Tables), you can now specify a retention period for historical data. The default option is Indefinitely, but you can also choose to retain historical data for a specific number of days, weeks, months, or years.

The specified retention period is applied to the table when creating the database or when executing an upgrade. During an upgrade, only historical data within the specified retention period will be copied.

System version retention

Data - Lenient prefilter queries

change

The Windows GUI does not support expression fields in prefilter queries. To ensure smoke tests fail for prefilters containing expression fields, we previously introduced the setting Mimic Windows GUI (classic). This setting has now been converted to Lenient prefilter queries. It informs Indicium whether to expect consistent use of the t1. alias. We recommend keeping this setting deactivated and ensuring the t1. alias is used in all prefilter queries. This allows Indicium to optimize prefilter queries and improve performance. See also Prefilter type for more information.

During the upgrade, the new setting takes over the value of the previous setting. If you previously activated Mimic Windows GUI (classic), the new setting Lenient prefilter queries will be activated. If you previously deactivated the setting, the new setting will be deactivated.

note

To support you in this transition, we have added a validation that checks if the setting Lenient prefilter queries is activated.

  1. If the setting Lenient prefilter queries is activated, deactivate it (menu Models > Model content > Model settings).
  2. Then, run the smoke tests for your branch to verify that all prefilter queries work as intended.
  3. Fix failed smoke test steps by adding the t1. alias in front of all columns used in the prefilter query and run the smoke tests again.

Data - Formalized extender 'Use detail null comparison'

change 3-tier

We have added a checkbox Use detail null comparison to the menu Data > Data model > tab References > Reference columns. It allows references to have one or more reference columns set to NULL, which is useful when you want to filter on a given value or return all records if the value is empty.

Ths checkbox replaces the extender Use detail null comparison.

note

Only if you have used the extender Use detail null comparison in your models, it will be converted to the formalized feature in your models during the upgrade. The extender and any usage of it in your models will be removed.

Data - Domain settings

Community idea change

If you changed the domain of an existing column, task parameter, or report parameter, the settings were overwritten. For example, a non-mandatory task parameter could become mandatory after changing the domain. This was not the desired behavior.

Now, when you change the domain, the settings are no longer overwritten. Only when you add a new object, the domain's default settings are applied.

This change applies to the following locations:

  • menu Data > Data model > tab Tables > tab Columns
  • menu Processes > Tasks > tab Task parameter
  • menu Processes > Reports > tab Report parameter

Business logic - Template description always up-to-date in program object code

change

If a program object is in some way affected, the generated code is set as 'stale' to indicate it needs to be generated again. Now, if a template description is part of a program object, and if you change the template description, the program object is also marked as 'stale'. This is only applicable if the specific code group is configured to include template descriptions in the program object.

Business logic - Code search results in hierarchical tree

change

Code search results are now displayed in a hierarchical tree format. This is especially beneficial when you are dealing with objects that have numerous matches. Previously, each match would redundantly show the object alongside its line number. Now, each object is displayed once within its group, with all related matches nested.

The tree view makes it easier to manage your search results. You can collapse items in which you are not interested to enhance clarity.

code search results in tree Code search results in hierarchical tree format

Business logic - Hide results in code search

new

We have introduced a new task Hide search result in the menu Business logic > Code search. It allows you to hide specific items from the code search results that are of no interest to you. You can hide individual lines, objects, or even entire groups.

You can make hidden results visible by disabling the new prefilter Hide hidden search results . As long as results are hidden, they are displayed in italic. With the new task Show search result you can include hidden results in the search results again.

When you execute a new code search, any previously hidden items that match the search string will be shown again.

Hide search results in code search

Business logic - Improved error message for Oracle

Oracle change

In the Software Factory, Oracle (PL/SQL) logic is not deployed as a single item but in packages. The package program object headers are generated in a separate control procedure. However, the Software Factory does not generate the control procedure that creates the package headers because packages can contain a number of different logic types.

So, when you create new logic, such as a Layout control procedure, the package header is not yet generated, resulting in an error during generation (menu Business logic > Functionality > tab Control procedure).

We have improved the error message so it informs you to resolve this situation by regenerating the definitions (menu Deployment > Creation > tab Generate definition). Once regenerated, the package headers are present. The same Layout control procedure can now be generated successfully.

Business logic - Support for Oracle output-only parameters

new Oracle

Oracle supports output-only parameters for procedures. We have added this support to tasks and subroutines in the Software Factory. Since SQL Server does not support output-only parameters, a validation has been introduced to handle this situation.

Enrichments - New and improved models in the Thinkstore

change

In the Thinkwise Community, you can find the release notes for the new and improved models in the Thinkstore. See the Thinkstore release notes.

Integration & AI - PKCE for OAuth Server

Community idea new

PKCE (Proof Key for Code Exchange) is an extension to the OAuth 2.0 authorization framework that enhances security, particularly for mobile and single-page applications (SPAs). It helps protect the authorization code flow from certain attacks, such as the authorization code interception attack. It adds an extra layer of security to the authorization code flow by ensuring that the client that receives the authorization code is the same client that requested it.

We advise you to always use PKCE in your applications, unless the OAuth server does not support it. If that is the case, you can now deactivate the requirement for PKCE for an OAuth server with the new setting Require PKCE (menu Integration & AI > OAuth servers). You can override the default setting:

  • For runtime configurations in the Software Factory: menu Maintenance > Runtime configurations > tab OAuth servers.
  • For applications in IAM: menu Authorization > Applications > tab OAuth servers.

Quality - UI/UX updates for unit tests

change

Unit tests have received a mostly visual but partly functional update. This concerns the unit test screens in the following locations:

  • menu Quality > Unit tests
  • menu Business logic > Functionality > tab Unit tests

The following changes have been implemented:

  • Adding a new unit test is now possible by using the regular form instead of a task. The task has been removed.
  • The field Object has been added to the grid, allowing for easier recognition which model object is covered by the corresponding unit test.
  • The field Description has been moved to the last position in the grid, to make space for more valuable information.
  • The lookup screen type of the mock data set (tab Form > tab Mock data) has been updated, making it identical to the regular screen Mock data. By using the shortcut CTRL + L you can quickly set up a new mock data set and immediately connect it to the unit test you are working in.
  • When importing mock data into a unit tests (tab Form > tab Mock data > task Import mock data), only unit tests that include mock data are now shown by default.

Quality - Unit test support for table-valued functions

Community idea new

Unit test support for scalar-valued functions was already available in the Software Factory. Now, unit tests also support table-valued functions (menu Quality > Unit tests). The setup is similar to scalar functions, only the unit test code is put together differently and executed in the background.

Keep in mind that no output is available for this type of unit test. This means that you need to verify the outcome of the unit test with an assertion query.

Quality - Additional information in the mock data

Community idea new

We have improved the screen Mock data by adding additional information about the data (menu Quality > Unit tests > tab Mock data > tab Tables > tab Column selection). The tab Column selection now includes information about the datatype of the column. This should give you a better understanding of what type of value should be added as a mock column value.

Additional information about the datatype of the column in the mock data

Quality - Check on specific messages in unit tests

new

In unit tests, you can now not only check your own messages, but also if the special messages clear_panel or add_separator have been triggered in your functionality (menu Quality > Unit tests > Form > Expected messages).

These messages are used to clear the panel from old messages or to add a separator between messages. Therefore, they should only be used in code, not as confirmation messages in a task or as messages in a process action.

Check on specific messages in unit tests

Quality - Manual test improvements

changed

We made the following improvements to manual tests (menu Quality > Manual tests):

  • tab Test scenarios

    • All columns in the form group Assignment are now available again, allowing you to see to which part of your development process the test scenario is linked.
    • To improve grid readability, the columns ID, Description, Last run model, and Last run branch have been removed.
    • A new prefilter, Failed , has been added to quickly get an overview of failed test scenarios.

  • tab Test scenarios > Test steps

    • To improve grid readability, the columns Description and Outcome have been removed.

  • tab Test scenarios > Attachments

    • A new badge has been added to indicate whether, and how many, attachments are linked to each test scenario.

  • tab Test runs

    • A new task, Assign a test run , has been added to assign a test run to a user. You can assign a user directly when creating a test run or use the task for an already created run.
    • New filters have been added to filter test runs assigned to you or unassigned .

    Assign a test run to a user

    • The tab Test steps has been renamed to Test run steps.
    • The tab Test findings has been renamed to Test run findings.
    • The tab container Test run has been removed, and its underlying tabs Test run steps and Test run findings are now shown directly as tabs.

  • tab Test runs > Test run steps

    • A disapproved test run step now gets a test finding that is linked to the test run step.
    • You can now create multiple test findings per step using the task Create test run step finding .

    Create a test run step finding

    • The test step status can now only be changed using the task Change status , which also updates the last run data at the test scenario level.
    • Resetting a test step now clears the outcome of the test step.
    • If a test step is approved or disapproved, the task parameter Outcome is now filled with the outcome on the screen. This ensures that any text already typed in the form is not overwritten automatically. The outcome can still be changed in the task.
    • If a test run step is disapproved, the parameter Outcome is used instead of Description as input for the new test finding. The parameter Description has been removed.

  • tab Specification > Work overview

    • A new column Test scenario step has been added to show to which test run step a test finding belongs.
    • A new detail tab Test step has been added to show additional information about the test run step.
    • The manual test-related tabs have been optimized to make the best use of the available space.

  • tab Specification > Taskboard

    • It is now possible to view all types of work items simultaneously on the taskboard; the Type prefilter is disabled by default, and the prefilter group has been changed to filter mode 'match any (OR)'.

Deployment - Performance improvement in synchronization

change

During the synchronization to IAM (menu Deployment > Synchronization to IAM > tab Current), the Software Factory calculates the effective rights for each table column with role rights. These effective rights determine whether or not the column is synchronized to IAM. If a column is unauthorized, it is not synchronized to IAM for that role. The duration of this process can vary depending on the model.

We improved the performance of the effective rights calculation process when generating the synchronization scripts. The process now caches the effective rights and calculates them in sets, rather than per occurrence.

Deployment - Separate synchronization

change

Over time, models can grow large and may reach the limit in the synchronization process (menu Deployment > Synchronization to IAM). To prevent this, binary data for reports and themes are now separated from their original BLOBs: report file data, theme background images (Windows GUI), and theme background images for dark and light modes (Universal GUI) are synchronized separately.

Deployment - New checks on upgrade

Community idea new

When you upgrade your end product database, the Software Factory automatically creates new or modified user-defined data types in the database (menu Deployment > Creation > tab Execute source code). We have added two checks to this step: one to see if the new domain already exists in the database, and another to check that the data type configuration matches the model.

note

Manually creating data types is not common practice, nor is it recommended. The Software Factory does that for you when you execute the source code.

If you still decide to create data types manually, the configuration may differ from the model. When a difference is detected, an error will be raised, as this can lead to data loss. For example, storing a field of 100 characters in a database column that only allows 50 characters.

Deployment - Prefilters for debugging

Community idea new

To help you debug jobs that ended with warnings or unsuccessfully, we have added 2 new prefilters to all screens in the menu group Deployment containing a tab History:

  • Warning and unsuccessful (ALT + W) - Only show jobs that ended with warnings or unsuccessfully
  • Unsuccessful (ALT + U ) - Only show jobs that ended unsuccessfully

The prefilters are available on the following screens:

  • menu Deployment > Creation > tab Generate definition > tab History
  • menu Deployment > Creation > tab Generate source code > tab History
  • menu Deployment > Synchronization to IAM > tab History
  • menu Deployment > Deployment package > tab History

Generic - Add object groups through tab instead of lookup pop-up

change

The Software Factory has several screens where you can add an object to a group. Previously, you had to open the lookup pop-up and add the group there. This process was not very user-friendly, as pop-ups offer limited space and are not ideal for data entry. Now, you can add these groups through dedicated tabs displayed next to the object itself in the following locations:

  • Prefilters: menu User interface > Subjects > tab Data > tab Prefilters > tab Prefilter groups
  • Cube views: menu User interface > Business Intelligence > tab Tables > tab Cube views > tab Cube view groups
  • Icons: menu User interface > Icons > tab Icon groups
  • Tasks: menu Processes > Tasks > tab Table tasks > tab Task groups
  • Reports: menu Processes > Reports > tab Table reports > tab Report groups
  • Validations: menu Quality > Validations > tab Maintenance > tab Validations > tab Validation groups
  • Roles: menu Access control > Roles > tab Role groups
  • Enrichments: menu Enrichment > Model enrichments > tab Maintenance > tab Enrichment groups

Generic - Improved handling of generated objects

change

We have improved the handling of generated objects in the following ways:

  • Previously, it was not possible to unlink (Ctrl + U) an object that was generated by a base model. You can recognize these objects by the Copied from base model characteristic. Now, it is possible to unlink these objects. This prevents the object from being wrongly deleted in the Creation process.
  • When you copy an object that was generated by a base model, the copied object and all its copied children will no longer be identified as generated by the base model. Instead, it will be available and editable like a new object. If an object was generated by your own control procedure, the copy will still be identified as generated by that control procedure.

Generic - Extended length password fields

change

We have expanded the length of password and input fields for encrypting passwords. They now support a length of 512 characters instead of 100. This extension exceeds the usual support of most password managers and is necessary for developers and APIs that use longer passwords. It is also suitable for basic authentication for Web connectors.

Generic - Extended length API keys and bearer tokens

change

In both the Software Factory and IAM, we have extended the length of API keys and bearer tokens from 128 to 2048 characters. The reason is that some providers recently started using longer keys and tokens.

Generic - 'Description' field in several places

Community idea new

We have added a Description field to several screens so you can enter a clear explanation of the purpose of parameters and variables. The field is available in the following places:

  • menu Processes > Process flows > tab Process variables
  • menu Processes > Subflows > tab Process variables
  • menu Processes > Tasks > tab Task parameters
  • menu Processes > Reports > tab Report parameters
  • menu Business logic > Subroutines > tab Subroutine parameters

Fixed in the Software Factory

Generic - Exclude alias columns from copy

When copying an object that contains a column [object] alias, the value will now be excluded, as aliases should be unique. When specifically copying tables, aliases for underlying references and indexes will also be excluded.

Processes - Process flow variables for Web connection endpoint

When you assign a Web connection endpoint input parameter to a process variable, the value will now automatically be filled if a process variable with the same name exists.

Processes - Web connection endpoint input

Using the same name for a Web connection parameter and an endpoint parameter caused an error when setting up the endpoint input in a process flow. This has been fixed.

Processes - Linked objects in process actions

When you changed a key object in a process action, for example a task, the system tried to re-link the input and output to the corresponding task parameters. In some situations, these were not properly updated, leaving the old links intact. As a result, you were unable to add the new link, as it caused a primary key error. This has been fixed.

Data - Improved validation for domain element translations

The validation Domain element translations have a different sort sequence than the database values has been improved. It used to return an error when the domain Sort order was set to Order no. Now it only returns an error when the domain Sort order is set to Translation. You can configure the sort order in the menu Data > Domains > tab Form > tab Domain > field Sort order of elements.

Enrichments - Create a sample data model with AI

When executing the enrichment Create a sample data model with AI (menu Enrichments > Model enrichments), an error could occur related to the creation of the reference columns. Another error could occur when the data returned by the AI contained values that were not supported by the data model in the Software Factory. This has been changed. Now, when the AI returns double data, only the source/target column combination that is encountered first will be included in the reference. In addition, only supported datatypes will be used.

User interface - Prefilter query returned to Indicium

When changing the Prefilter type to Prefilter columns (menu User interface > Subjects > tab Data > tab Prefilters > tab Prefilter > tab Form) and the query was not empty, the query was previously sent to Indicium. This behavior has been fixed, and the query is ignored. For IAM, it already worked this way.

User interface - Duplicate table variant applied for variants

We have fixed an issue where a table variant linked in the menu was displayed twice in the tab Applied to (menu User interface > Subjects > tab Variants > tab Applied to).

New and changed in the Intelligent Application Manager

Authorization - Custom report for applications (override)

new

The default file for a report is configured in the Software Factory, in the menu Processes > Reports > tab Reports > tab Settings > tab General.

It is now possible to override this default file for an application in IAM, similar to how you can override the file storage or printer settings, in the menu Authorization > Applications > tab General settings > tab Reports. Here, you can upload a different file or change the file path for the selected application. You can use this, for example, to use a different logo in the report for a specific application. Previously, you would have had to switch the logo within the report itself.

Note that the report type must be the same as the default report type in the Software Factory.

Override report file for applications

Authorization - 'Entire day' option for system flow schedules

Community idea new main administrator application administrator

Setting up a system flow schedule to recur the entire day could be confusing. When a time range from 00:00 AM till 00:00 AM was used, the system flow would not run.

To address this, we have added a new option to the system flow schedules called Entire day (menu Authorization > Applications > tab General settings > tab Scheduled system flows). When you select this option, the fields for Starting at and Ending at are automatically filled with 12:00:00 AM and 11:59:59 PM, respectively. You cannot change these values, but you can still select the options Once or Recurring to specify different times.

In addition, the screen has been revised to provide a better overview when using IAM in the Universal GUI. The details about Scheduled runs were moved to create more space, so all the form fields now fit on one tab.

The new option Entire day is also available in the Software Factory, see Processes - Entire day option added to system flow schedules for more details.

Authorization - Monitor your environment

new 3-tier main administrator application administrator

You now have access to environment interaction logs in your production environments. The primary goal of these logs is to detect malfunctioning external services, disks and printers, application landscape connectivity problems, and misconfiguration of providers.

The logs are created when the Indicium service tier interacts with the application environment. Interaction done by the 2-tier Windows GUI will not generate any logs.

Available log sources

The following log sources are available for each application (menu Authorization > Applications > Environment monitoring):

  • Application related logging
    • Application database logs - These do not log all actions to access the database but can be used to detect application database connectivity problems
  • Provider-related logging
    • Web connection logs
    • Email provider logs
    • File storage provider logs
    • OAuth server logs
    • Generative AI provider logs
    • Printer logs
  • Process action related logging
    • HTTP connector logs
    • SMTP connector logs
    • Disk file logs (non-file storage)
    • FTP connector logs (non-file storage)
    • Application connector logs
    • Database connector logs (not yet supported)

A log item is considered an error when the resulting status code is negative. However, in some cases, a negative status code is part of the expected behavior of the interaction. In these situations, you can Dismiss the error. Then, the status code for the process action is considered a success for this log item and any previous and future log items, both in this overview and in any analysis based on the logs. You can also Restore the error if it was dismissed by accident.

The following settings are available for environment interaction logs:

  • Application log retention - By default, logs are retained for 60 days. You can change this in the menu Settings > Global settings. This new setting replaces the setting Log retention (items). It also affects system flow logs, OpenID audit logs, and agent check-in logs.
  • Deactivate - You can turn off logs per application, per log source, in the menu Authorization > Applications > Environment monitoring > Settings.

Monitor your environment with environment interaction logs

Log analyses are available in the following locations:

  • Globally (menu Analysis > Environment Interaction)
  • Per application (menu Authorization > Applications > Environment monitoring > tab Analysis)

These analyses are based on the last 30 days, as this is the minimum log retention time.

Analyze the environment interaction logs

Authorization - Moved detail tab 'Modules' to 'General settings'

change

We made some visual changes to the way modules are shown within an application (menu Authorization > Applications).

We have renamed the tab Module authorization to Modules and moved it from tab Authorization settings to tab General settings. This better reflects the purpose of the screen, as it pertains to the application's authorization within IAM itself rather than end-user authorization.

This is also reflected in the task Copy application (tab List), where the checkbox has been moved to its new form group.

Modules moved to General settings

Authorization - Session log retention

new

User session logs are available in the menu Authorization > Users > Session log. To prevent these logs from growing too large, we have introduced a new setting: Session log retention. It can be found in the menu Settings > Global settings. You can select a retention period of 1 year, 5 years, or Indefinitely.

  • For new IAM environments, the default value is 1 year.
  • For existing IAM environments, the value is set to indefinitely when upgrading to this version.
note

After the upgrade, change this for your existing IAM environments to your preferred retention period, preferably 1 year or 5 years, to prevent the session log from growing too large.

Old session log data is removed automatically by a recurring system flow, based on the selected retention period.

Authorization - Session expiration

Community idea new 3-tier

By default, sessions in the Thinkwise Platform expire after 30 minutes of user inactivity. If a user selects the option Stay signed in, the session expires after 14 days of inactivity. This is called the Extended session expiration. When the session expires, the user must re-authenticate to access the Thinkwise environment.

You can now configure these values in 3-tier IAM in the following locations:

  • Global: menu Settings > Global settings > tab Form
  • For a tenant: menu Authorization > Tenants > tab Form. You can choose to create a Custom session expiration or not. If not, the Global settings are used.
  • For an OpenID provider (single sign-on): menu Authorization > OpenID Providers > tab Form. You can only set the default expiration value here. In an SSO login process, the option Stay signed in is not available.

If you have single sign-on (SSO) enabled, the expiration of a user session in the Thinkwise environment is determined by the session expiration settings of the OpenID provider in IAM. An OpenID provider, such as Microsoft Entra ID, may also have its own authentication session expiration settings and Stay signed in settings. These only affect the user's session with the OpenID provider, such as the ability to quickly re-authenticate with this OpenID provider.

Authorization - Descriptions in language dropdowns

Community idea change Universal GUI

The language dropdown in the Universal GUI now displays language descriptions instead of codes. This makes it easier for users to select their preferred language in their profile menu: User preferences > Language.

This change is also visible in all lookups in IAM, such as the menus:

  • Authorization > Users > tab Language
  • Authorization > Applications > tab General settings > tab Translations > tab Language

Language descriptions in the dropdown

Settings - IAM system flows

Community idea new

IAM itself uses system flows for various supporting processes. Previously, these system flows were scheduled and could not be changed, nor was it possible to create custom schedules.

This has been changed. To make the system flows more transparent and manageable, we have added a new menu item IAM system flows to the menu group Settings. Here, main administrators can see and manage the system flows that have been set up and scheduled for IAM.

The overview is similar to the existing Scheduled system flow screens:

  • menu Authorization > Applications > General settings - The scheduled system flows for your application
  • menu Analysis - Analysis of the scheduled system flows for your applications

We have also added a description to the system flows so that main administrators can understand the purpose of each system flow.

Available system flows

Process flowDescription
system_flow_clean_upClears old entries (including process flow schedules log, agent check-ins, OpenID audit, environment interaction data and session logs) based on the application log retention and session log retention settings in the menu Settings > Global settings.
system_flow_clean_usr_notificationClears in-app and email notifications that are sent or expired.
system_flow_download_available_hotfixes_list_scheduledPeriodically refreshes the list of hotfixes in the menu group Settings.
system_flow_export_branch_metricsThinkwise collects anonymized metrics regarding the usage of the Thinkwise Platform. This feature is optional and you can opt-out by deactivating the schedule.
system_flow_send_email_notificationPeriodically sends pending email notifications to users.
system_flow_security_scanPeriodically runs security scans. If any check fails, email to configured administrators.

Manage the system flows that have been set up and scheduled for IAM

Settings - Run tsf_optimize via system flow

Community idea new SQL Server

In addition to the other system flows that we added for IAM, we have also added a system flow for tsf_optimize. It is called tsf_system_flow_run_tsf_optimize.

What is tsf_optimize?

tsf_optimize is a procedure inside the SQLSERVER_DB base model. It can speed up the performance of SQL Server when many indexes are fragmented and statistics outdated. Running this procedure does two things:

  • It collects all indexes of the database that have an average fragmentation of 15% or higher and have over 1000 pages. Each index is reorganized if the fragmentation is lower than 30% to minimize system resource usage. When the fragmentation is 30% or higher, the index will be rebuilt.
  • It collects all statistics of all user-created tables that have been modified at least once. These collected statistics will then be updated using FULLSCAN.

You can run this system flow for IAM, the Software Factory, and your end applications to improve efficiency by rebuilding indexes and updating statistics where necessary. It is part of the base model SQLSERVER_DB. This system flow makes the subroutine tsf_optimize that was previously used in SQL Server jobs redundant.

You can use it in two ways:

  • Activate a schedule or define a custom schedule. When scheduling this system flow, consider other running processes and their impact on large amounts of data and indexes. Determine whether the indexes should be rebuilt before or after any major data manipulations. Schedules are available in:
    • menu Authorization > Applications > General settings - The scheduled system flows for your application or the Software Factory
    • menu Analysis > Scheduled system flows - Analysis of the scheduled system flows for your application
    • menu Settings > IAM system flows - The scheduled system flows for IAM
  • Add tsf_optimize_indexes as a task to the Software Factory menu to trigger the optimization manually. Create a separate role for this task.

We recommend the following schedules:

  • For the Software Factory:
    • Every night (based on your time zone, when no developers are working).
  • For IAM and end applications:
    • A moment when the application has downtime or the least number of active users
    • If you are running major data manipulations during the night, try to schedule tsf_optimize afterward, not before.

Check the index fragmentation to decide the appropriate frequency. For example, every night or every weekend.

Analysis - Security checks

new main administrator

Which data is accessible to an end user depends on the configuration of various actors and settings, such as:

  • In IAM:
    • The account status of the user
    • The set of user groups to which the user has been added
    • The user group status
    • The roles which have been granted to each application
    • The application status
  • In the Software Factory:
    • The configuration of authorization prefilters
    • The configuration of rights granted by the roles
  • In the end application data:
    • The settings in operational data that determine the outcome of authorization prefilters

To ensure all actors and settings are aligned, IAM now offers security checks to assert the correct configuration. These assertions are called Security checks (menu Analysis > Security checks).

A security check is configured for a user and revolves around the tables using a certain domain in an application. The checks are verified by simulating the user with the application data and the current configured rights.

Examples of security checks:

  • The user b.hanssen may never see columns with value j.vandyk@competitor.com using the domain email in application 395 - myproduct.
  • The user s.harris may only see records with values 5, 6, and 7 for columns using the domain customer_id in application 395 - myproduct.
  • The user s.harris may not see records with values concept or null for columns using the domain invoice_status in application 395 - myproduct.

You can schedule security checks to be executed a number of times per day but you can also run them manually with the task Start security scan . In the tab Email notifications you can configure notifications to be sent when a security check turns up with results. An email provider and email template need to be configured for this (menu Settings > Global settings > tab Email provider/Email templates).

Security checks Security check configuration

Fixed in the Intelligent Application Manager

SAS token copied when copying application

If you have overridden the SAS token for Azure Files in IAM (menu Authorization > Applications > tab File storage locations), the token would not be copied with the task Copy application . This has been fixed.

Data model changes

Data model changes for the Software Factory and IAM meta-models are listed here. This overview can be used as a reference to fix dynamic control procedures, dynamic model code or custom validations after an upgrade.

Changes Software Factory

Table changes

Changes
SF - From tableSF - To table
-role_grp
-sync_cache_role_col
-sync_cache_role_col_look_up
-sync_cache_role_report_parmtr
-sync_cache_role_report_variant_parmtr
-sync_cache_role_tab_variant_col
-sync_cache_role_task_parmtr
-sync_cache_role_task_variant_parmtr

Column changes

Changes
SF - TableSF - From columnSF - To columnMandatoryDefault value
business_process_attachmentbusiness_process_attachment_namebusiness_process_attachment_name--
business_process_attachmentbusiness_process_attachment_name_databusiness_process_attachment_name_data--
code_search_history-result_label0-
code_search_result-id1-
code_search_result-parent_id0-
code_search_result-show_result01
code_search_resultcode_search_result_id---
code_search_resultinsert_user---
code_search_resultinsert_date_time---
code_search_resultupdate_user---
code_search_resultupdate_date_time---
delta_action-original_apply0-
domdefault_filter_order_no---
domdefault_search_order_no---
domdefault_alias_col_id---
merge_session-last_refresh_utc1-
merge_session_execution_log-error_msg0-
model_settings-allow_lenient_prefilter_query10
model_settingssmoke_test_mimic_gui_classic---
msg_optionstatus_codemsg_option_status_code--
oauth_server-require_pkce11
oauth_server_configuration-require_pkce0-
process_flow_schedulerecurrence_typerecurrence_type10
process_variable-alias_process_variable_id0-
process_variable-process_variable_description0-
process_variableprocess_variable_alias_id---
ref_col-use_detail_null_comparison10
report_parmtr-report_parmtr_description0-
requirement_attachmentrequirement_attachment_namerequirement_attachment_name--
requirement_attachmentrequirement_attachment_name_datarequirement_attachment_name_data--
role-role_grp_id0-
role-use_for_ai_assistant10
role-allow_for_pat10
role-order_no1-
role-abs_order_no10
sf_configuration-archived_branch_retention160
sf_configurationjob_retentionjob_retention114
sf_configurationunit_test_result_retentionunit_test_result_retention114
subroutine_parmtr-subroutine_parmtr_description0-
sync_script-custom_display_name0-
tab-system_versioning_retention_amount0-
tab-system_versioning_retention_unit14
task_parmtr-task_parmtr_description0-
test_scenario_attachmenttest_scenario_attachment_name_datatest_scenario_attachment_name_data--
test_scenario_step_attachmenttest_scenario_step_attachment_name_datatest_scenario_step_attachment_name_data--
work-test_scenario_step_id0-
work_attachmentwork_attachment_namework_attachment_name--
work_attachmentwork_attachment_name_datawork_attachment_name_data--

Changes Intelligent Application Manager

Table changes

Changes
IAM - From tableIAM - To table
-appl_connector_log
-db_connector_log
-db_log
-email_provider_log
-file_connector_log
-file_storage_log
-ftp_connector_log
-gai_provider_log
-gui_appl_authorization_pat
-gui_appl_environment_monitoring_settings
-gui_appl_environment_monitoring_whitelist
-http_connector_log
-iam_report
-oauth_server_log
-pat
-printer_log
-security_check
-security_check_email_notification
-security_check_value
-security_scan
-security_scan_step
-smtp_connector_log
-system_gai_provider
-web_connection_log
reportsf_report

Column changes

Changes
IAM - TableIAM - From columnIAM - To columnMandatoryDefault value
appl_lang-appl_lang_description1-
branch-allow_lenient_prefilter_query10
global_settings-default_session_expiration130
global_settings-default_session_expiration_unit12
global_settings-extended_session_expiration114
global_settings-extended_session_expiration_unit10
global_settings-session_log_retention11
global_settings-appl_log_retention160
global_settingssystem_flow_log_retention---
global_settingsallow_remote_monitoring---
gui_appl-allow_pat10
iam_gai_providergai_provider_typegai_provider_type0-
iam_gai_provideruse_managed_identityuse_managed_identity0-
iam_oauth_server-require_pkce0-
msg_optionstatus_codemsg_option_status_code--
openid_client_redirecturiuri_login1-
openid_provider-session_expiration130
openid_provider-session_expiration_unit12
process_variableprocess_variable_alias_idalias_process_variable_id0-
ref-inheritance0-
ref_col-use_detail_null_comparison10
sf_report-report_description0-
sf_report-server_hosted1-
role-role_grp_id0-
role-use_for_ai_assistant10
role-allow_for_pat10
role-grp_order_no0-
role-abs_order_no0-
roleallow_public_apiallow_public_api10
sf_oauth_server-require_pkce11
sf_process_flow-process_flow_description0-
tab-tab_description0-
task-task_description0-
tenant-custom_session_expiration10
tenant-default_session_expiration030
tenant-default_session_expiration_unit02
tenant-extended_session_expiration014
tenant-extended_session_expiration_unit00
usr_general-allow_create_pat10
usr_pref_tab-auto_resize_grid_col0-
usr_pref_tab_variant-auto_resize_grid_col0-
write_back_usr_pref_type-screen_component_height0-
write_back_usr_pref_type-screen_component_height_unit0-
write_back_usr_pref_type-screen_component_width0-
write_back_usr_pref_type-screen_component_width_unit0-
write_back_usr_pref_type-screen_component_fixed_on_resize10
write_back_usr_pref_typecol_visible_for_search---
write_back_usr_pref_typecol_search_condition---
write_back_usr_pref_typecol_search_order_no---