Name | Type | Multiplicity | Description |
---|---|---|---|
description |
property string |
[0,1] | |
extension |
container ExtensionType |
[0,1] | The assignment extension used to add parameters to the assignment. |
lifecycleState |
property string |
[0,1] | Lifecycle state of the assignment. |
metadata |
container MetadataType |
[0,1] | Meta-data about data creation, modification, etc. |
targetRef |
reference ObjectReferenceType |
[0,1] | Target of assignment or inducement. |
construction |
container ConstructionType |
[0,1] | Projection construction. |
personaConstruction |
container PersonaConstructionType |
[0,1] | Persona construction. |
focusMappings |
container MappingsType |
[0,1] | Set of mappings that are applied to a focus in addition to object template. |
policyRule |
container PolicyRuleType |
[0,1] | Policy rule that should be applied to the target object. |
activation |
container ActivationType |
[0,1] | Type that defines activation properties. |
order |
property int |
[0,1] | Order of the inducement. |
orderConstraint |
container OrderConstraintsType |
[0,-1] | Constraint that defines the range of "orders" and relations when this assignment/inducement should be applied. |
limitTargetContent |
container AssignmentSelectorType |
[0,1] | Limitations that selects only some assignments/inducements from the target. |
limitOtherPrivileges |
container OtherPrivilegesLimitationType |
[0,1] | Limitations related to other privileges, like the ability to complete work items. |
focusType |
property QName |
[0,1] | Type of focal object that this assignment/inducement applies to. |
tenantRef |
reference ObjectReferenceType |
[0,1] | Reference to the tenant which this assignment is associated with. |
orgRef |
reference ObjectReferenceType |
[0,1] | Reference to the organization (org. |
condition |
container MappingType |
[0,1] | The assignment is applied only if the condition is evaluated to true. |
policySituation |
property anyURI |
[0,-1] | The policy situation(s) of this assignment. |
trigger |
property EvaluatedPolicyRuleTriggerType |
[0,-1] | DEPRECATED. |
triggeredPolicyRule |
property EvaluatedPolicyRuleType |
[0,-1] | Triggered policy rules for this assignment. |
policyException |
container PolicyExceptionType |
[0,-1] | Recorded exception from a policy rule. |
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: dyn,RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Lifecycle state of the assignment. This property defines whether the
assignment represents a draft, proposed definition, whether it is active,
deprecated, and so on.
There are few pre-defined lifecycle states. But custom lifecycle states
may also be defined. Pre-defined lifecycle states are:
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Meta-data about data creation, modification, etc.
It may apply to objects but also parts of the object (e.g. assignments).
Meta-data only apply to successful operations. That is obvious for create, but it also applies
to modify. For obvious reasons there are no metadata about delete.
We keep no metadata about reading. That would be a huge performance hit.
Meta-data only describe the last operation of its kind. E.g. there is a record of last
modification, last approval, etc. There is no history. The last operation overwrites data
about the previous operation.
These data are informational only. They should not be used for security purposes (use auditing
subsystem for that). But presence of metadata simplifies system administration and may provide
some basic information "at the glance" which may be later confirmed by the audit logs.
Meta-data are also supposed to be searchable. Therefore they may be used to quickly find
"candidate" objects for a closer examination.
Flags: RAM
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Type that defines activation properties. Determines whether something is active
(and working) or inactive (e.g. disabled).
It applies to several object types. It may apply to user, account, assignment, etc.
The data in this type define if the described concept is active, from when it is active
and until when. The "active" means that it works. If something is not active, it should
not work or not cause any effect. E.g. inactive user should not be able to log in or run
any tasks, the non-active role should not be assigned and if assigned it should not be
taken into account when computing the accounts.
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM
Multiplicity: [0,1]
Reference to the tenant which this assignment is associated with. This is an argument to the target of this
assignment. E.g. is if frequently used to parametrize the role which is assigned by this assignment.
However the exact interpretation of this value depends on the logic of the target role. It may be
significant or it may be entirely ignored.
Flags: RAM
Multiplicity: [0,1]
Reference to the organization (org. unit, project, ...) which this assignment is associated with. This is an argument to the target of this
assignment. E.g. is if frequently used to parametrize the role which is assigned by this assignment.
However the exact interpretation of this value depends on the logic of the target role. It may be
significant or it may be entirely ignored.
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,-1]