| Name | Type | Multiplicity | Description |
|---|---|---|---|
| name |
property PolyStringType |
[0,1] | Human-readable, mutable name of the object. |
| description |
property string |
[0,1] | Free-form textual description of the object. |
| fetchResult |
property OperationResultType |
[0,1] | Result of the operation that fetched this instance of the object. |
| extension |
container ExtensionType |
[0,1] | Extension container that provides generic extensibility mechanism. |
| parentOrgRef |
reference ObjectReferenceType |
[0,-1] | Set of the orgs (organizational units, projects, teams) that the object relates to. |
| trigger |
container TriggerType |
[0,-1] | Defines triggers for an object. |
| metadata |
container MetadataType |
[0,1] | Meta-data about object creation, modification, etc. |
| tenantRef |
reference ObjectReferenceType |
[0,1] | Reference to the tenant to which this object belongs. |
| linkRef |
reference ObjectReferenceType |
[0,-1] | Set of shadows linked to this focal object. |
| assignment |
container AssignmentType |
[0,-1] | Set of object's assignments. |
| activation |
container ActivationType |
[0,1] | Type that defines activation properties. |
| iteration |
property int |
[0,1] | Iteration number. |
| iterationToken |
property string |
[0,1] | Iteration token. |
| roleMembershipRef |
reference ObjectReferenceType |
[0,-1] | References to abstract roles (roles and orgs) that this focus currently belongs to - directly or indirectly. |
| roleInfluenceRef |
reference ObjectReferenceType |
[0,-1] | References to abstract roles (roles and orgs) that this focus may directly belong to. |
| jpegPhoto |
property base64Binary |
[0,1] | Photo corresponding to the user / org / role. |
Flags: RAM,runtime
Multiplicity: [0,1]
Human-readable, mutable name of the object. It may also be an identifier (login name, group name). It is usually unique in the respective context of interpretation. E.g. the name of the UserType subtype is usually unique in the whole system. The name of the ShadowType subtype is usually unique in the scope of resource (target system) that it belongs to.
The name may not be human-readable in a sense to display to a common end-user. It is intended to be displayed to IDM system administrator. Therefore it may contain quite a "ugly" structures such as LDAP DN or URL.
Name is mutable. It is considered to be ordinary property of the object. Therefore it can be changed by invoking usual modifyObject operations. However, change of the name may have side effects (rename process).
Although name is specified as optional by this schema, it is in fact mandatory for most object types. The reason for specifying the name as optional is that the name may be generated by the system instead of supplied by the clients. However, all objects stored in the repository must have a name.
Flags: RAM,runtime
Multiplicity: [0,1]
Free-form textual description of the object. This is meant to be displayed in the user interface.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Result of the operation that fetched this instance of the object. It is mostly used to indicate that the object is not complete or there is some problem with the object. This is used instead of exception if the object is part of larger structures (lists as in list/search operations or composite objets). If not present then the "SUCCESS" state is assumed.
This field is TRANSIENT. It must only be used in runtime. It should never be stored in the repository.
Flags: dyn,RAM,runtime
Multiplicity: [0,1]
Extension container that provides generic extensibility mechanism. Almost any extension property can be placed in this container. This mechanism is used to extend objects with new properties. The extension is treated exactly the same as other object properties by the code (storage, modifications, etc), except that the system may not be able to understand their meaning.
Flags: RAM
Multiplicity: [0,-1]
Set of the orgs (organizational units, projects, teams) that the object relates to. This usually means that the object belongs to them but it may have other meanings as well (e.g. user manages an organizational unit).
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Meta-data about object creation, modification, etc.
Flags: RAM
Multiplicity: [0,1]
Reference to the tenant to which this object belongs. It is a computed value set automatically by midPoint. It is determined from the organizational structure. Even though this value is compted it is also stored in the repository due to performance reasons.
Flags: RAM
Multiplicity: [0,-1]
Set of shadows linked to this focal object. E.g. a set of accounts linked to a user. This is the set of shadows that belongs to the focal object in a sense that these shadows represents the focal object on the resource. E.g. The set of accounts that represent the same midPoint user (the same physical person, they are "analogous").
Links define what the object HAS. The links reflect real state of things (cf. assignment).
Flags: RAM,runtime
Multiplicity: [0,-1]
Set of object's assignments. Assignments define the privileges and "features" that this object should have, that this object is entitled to. Typical assignment will point to a role or define a construction of an account.
Assignments represent what the object SHOULD HAVE. The assignments represent a policy, a desired state of things (cf. linkRef).
Flags: RAM,runtime
Multiplicity: [0,1]
Type that defines activation properties. Determines whether something is active (and working) or inactive (e.g. disabled).
It applies to several object types. It may apply to user, account, assignement, etc. The data in this type define if the described concept is active, from when it is active and until when. The "active" means that it works. If something is not active, it should not work or not cause any effect. E.g. inactive user should not be able to log in or run any tasks, the non-active role should not be assigned and if assigned it should not be taken into account when computing the accounts.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Flags: RAM,oper
Multiplicity: [0,-1]
References to abstract roles (roles and orgs) that this focus currently belongs to - directly or indirectly. This reference points to all the roles in the role hierarchy. It only points to the roles that were evaluted as active during last recompute (conditions were true, validity constaints not violated).
Note: the value of this reference is only updated when a focal object is recomputed. Therefore if a role definition changes then all the affected focal objects must be recomputed for this reference to be consistent.
This is an operational property. It is set and managed by the system. It is used for efficient search of all current role members, e.g. for the purpose of displaying this information in the GUI.
Flags: RAM,oper
Multiplicity: [0,-1]
References to abstract roles (roles and orgs) that this focus may directly belong to. This reference only points to the next role in the hierarchy. However, it is backed by a "closure" index in the repository subsystem. Therefore it can efficiently support tree-like queries. This reference points to the roles for whose the condition is not true. Therefore it does not reliably show who actually has a role. It shows potential role members - all the object that are possibly influenced when a role definition changes.
This is an operational property. It is set and managed by the system. It is used for efficient search of all possible role members, e.g. for the purpose of recomputing all role members after the role definition is changed.
TODO. NOT IMPLEMENTED YET. EXPERIMENAL. UNSTABLE.
Flags: RAM,runtime
Multiplicity: [0,1]
Photo corresponding to the user / org / role.