Name | Type | Multiplicity | Description |
---|---|---|---|
name |
property PolyStringType |
[0,1] | Human-readable, mutable name of the object. |
description |
property string |
[0,1] | Free-form textual description of the object. |
documentation |
property string |
[0,1] | AsciiDoc-formatted technical documentation of the object. |
subtype |
property string |
[0,-1] | Type of the object. |
fetchResult |
property OperationResultType |
[0,1] | Result of the operation that fetched this instance of the object. |
extension |
container ExtensionType |
[0,1] | Extension container that provides generic extensibility mechanism. |
parentOrgRef |
reference ObjectReferenceType |
[0,-1] | Set of the orgs (organizational units, projects, teams) that the object relates to. |
trigger |
container TriggerType |
[0,-1] | Triggers for this object. |
metadata |
container MetadataType |
[0,1] | Meta-data about object creation, modification, etc. |
tenantRef |
reference ObjectReferenceType |
[0,1] | Reference to the tenant to which this object belongs. |
lifecycleState |
property string |
[0,1] | Lifecycle state of the object. |
operationExecution |
container OperationExecutionType |
[0,-1] | Description of recent operations executed on this object (or related objects in special cases). |
lensContext |
container LensContextType |
[0,1] | Model context describing executed operation |
policySituation |
property anyURI |
[0,-1] | The policy situation(s) of this object. |
triggeredPolicyRule |
property EvaluatedPolicyRuleType |
[0,-1] | Triggered policy rules for this object. |
policyException |
container PolicyExceptionType |
[0,-1] | Recorded exception from a policy rule. |
diagnosticInformation |
property DiagnosticInformationType |
[0,-1] | Diagnostic information attached to this object. |
indestructible |
property boolean |
[0,1] | Protection against accidental deletion. |
effectiveMarkRef |
reference ObjectReferenceType |
[0,-1] | Object marks assigned to the shadow. |
policyStatement |
container PolicyStatementType |
[0,-1] | Policy statements to manually add or exclude effective marks of shadow. |
effectiveOperationPolicy |
container ObjectOperationPolicyType |
[0,1] | Effective provisioning policy derived from Shadow marks and resource configuration. |
assignment |
container AssignmentType |
[0,-1] | Set of object's assignments. |
iteration |
property int |
[0,1] | Iteration number. |
iterationToken |
property string |
[0,1] | Iteration token. |
archetypeRef |
reference ObjectReferenceType |
[0,-1] | References to all applicable archetypes, including "indirect" archetypes such as archetype supertypes. |
roleMembershipRef |
reference ObjectReferenceType |
[0,-1] | References to abstract roles (roles, orgs, services) that this focus currently belongs to - directly or indirectly. |
delegatedRef |
reference ObjectReferenceType |
[0,-1] | References to objects (abstract roles as well as users) obtained via delegation. |
roleInfluenceRef |
reference ObjectReferenceType |
[0,-1] | References to abstract roles (roles and orgs) that this focus may directly belong to. |
taskIdentifier |
property string |
[0,1] | Task (lightweight) identifier. |
ownerRef |
reference ObjectReferenceType |
[0,1] | The user that owns this task. |
channel |
property anyURI |
[0,1] | |
parent |
property string |
[0,1] | Parent task. |
subtaskRef |
reference ObjectReferenceType |
[0,-1] | Set of task's subtasks references. |
dependent |
property string |
[0,-1] | Dependent tasks, i. |
dependentTaskRef |
reference ObjectReferenceType |
[0,-1] | Dependent tasks references, i. |
executionState |
property TaskExecutionStateType |
[0,1] | Provides information about the task overall high-level execution state. |
schedulingState |
property TaskSchedulingStateType |
[0,1] | Scheduling state informs about the state of the task regarding its scheduling. |
waitingReason |
property TaskWaitingReasonType |
[0,1] | If the task is waiting (i. |
unpauseAction |
property TaskUnpauseActionType |
[0,1] | What to do after task is unpaused (i. |
stateBeforeSuspend |
property TaskExecutionStateType |
[0,1] | What was the task execution state before it was suspended? |
schedulingStateBeforeSuspend |
property TaskSchedulingStateType |
[0,1] | What was the task scheduling state before it was suspended? It could be either runnable or waiting. |
node |
property string |
[0,1] | Identifier of the node that currently executes this task. |
nodeAsObserved |
property string |
[0,1] | Identifier of the node that executes this task, as observed by querying cluster nodes about tasks that are currently executing. |
category |
property string |
[0,1] | Kind of the task, e. |
handlerUri |
property anyURI |
[0,1] | Handler URI indirectly specifies which class is responsible to handle the task. |
result |
property OperationResultType |
[0,1] | OperationResult that is used to compile task results (parent result). |
resultStatus |
property OperationResultStatusType |
[0,1] | Top-level state of the 'result' (OperationResultType). |
objectRef |
reference ObjectReferenceType |
[0,1] | Object that the task is associated with. |
lastRunStartTimestamp |
property dateTime |
[0,1] | The time when the task run was last started. |
lastRunFinishTimestamp |
property dateTime |
[0,1] | The time when the (last) task run was finished, successfully or unsuccessfully. |
completionTimestamp |
property dateTime |
[0,1] | The moment when the task was marked as closed. |
cleanupAfterCompletion |
property duration |
[0,1] | If set, the task is automatically cleaned up after this time following its completion. |
nextRunStartTimestamp |
property dateTime |
[0,1] | The time when the task should start again, according to the task's defined schedule. |
nextRetryTimestamp |
property dateTime |
[0,1] | If the start of a task was delayed (typically because of unsatisfied execution constraints), the planned retry time is reported here. |
progress |
property long |
[0,1] | Relative metric of task progress. |
operationStats |
container OperationStatsType |
[0,1] | Task-level operation statistics. |
stalledSince |
property dateTime |
[0,1] | From which moment is this task stalled (if applicable)? TRANSIENT. |
expectedTotal |
property long |
[0,1] | Expected target (goal) value of task progress. |
recurrence |
property TaskRecurrenceType |
[0,1] | DEPRECATED. |
binding |
property TaskBindingType |
[0,1] | Whether a recurring task is bound tightly to one node (having allocated a thread on this node for the whole time of task run) or it should by dynamically placed on any suitable node when its run time comes. |
executionConstraints |
container TaskExecutionConstraintsType |
[0,1] | Constraints on task execution, e. |
executionEnvironment |
container TaskExecutionEnvironmentType |
[0,1] | Specification of the environment in which the task should execute. |
schedule |
container ScheduleType |
[0,1] | Task schedule. |
threadStopAction |
property ThreadStopActionType |
[0,1] | What is to be done when the thread allocated to this task stops (e. |
modelOperationContext |
container LensContextType |
[0,1] | Model context of the operation that is to be executed within this task. |
policyRule |
container PolicyRuleType |
[0,1] | Policy rule for the task. |
errorHandlingStrategy |
container ActivityErrorHandlingStrategyType |
[0,1] | Error handling strategy for this task. |
autoScaling |
container TaskAutoScalingType |
[0,1] | Auto-scaling related options. |
activity |
container ActivityDefinitionType |
[0,1] | Definition of the main activity that should be executed within this task. |
activityState |
container TaskActivityStateType |
[0,1] | State of the activity or activities embedded in the task. |
affectedObjects |
container TaskAffectedObjectsType |
[0,1] | Searchable set of object set coordinates (e. |
Flags: RAM,runtime
Multiplicity: [0,1]
Human-readable, mutable name of the object. It
may also be an identifier (login name, group name).
It is usually unique in the respective context of
interpretation. E.g. the name of the UserType subtype
is usually unique in the whole system.
The name of the ShadowType subtype is usually unique in the
scope of resource (target system) that it belongs to.
The name may not be human-readable in a sense to display
to a common end-user. It is intended to be displayed to
IDM system administrator. Therefore it may contain quite
a "ugly" structures such as LDAP DN or URL.
Name is mutable. It is considered to be ordinary property
of the object. Therefore it can be changed by invoking
usual modifyObject operations. However, change of the name
may have side effects (rename process).
Although name is specified as optional by this schema, it
is in fact mandatory for most object types. The reason for
specifying the name as optional is that the name may be
generated by the system instead of supplied by the clients.
However, all objects stored in the repository must have a name.
Flags: RAM,runtime
Multiplicity: [0,1]
Free-form textual description of the object. This is meant to
be displayed in the user interface.
Flags: RAM,runtime
Multiplicity: [0,1]
AsciiDoc-formatted technical documentation of the object.
Flags: RAM,runtime
Multiplicity: [0,-1]
Type of the object. It is used to distinguish what a specific object
represents. Whether it is a different kind of organizational unit, project,
team, or different kind of user, etc.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Result of the operation that fetched this instance of the object.
It is mostly used to indicate that the object is not complete or
there is some problem with the object. This is used instead of
exception if the object is part of larger structures (lists as in
list/search operations or composite objects). If not present then
the "SUCCESS" state is assumed.
This field is TRANSIENT. It must only be used in runtime. It should
never be stored in the repository.
Flags: RAM,runtime
Multiplicity: [0,1]
Extension container that provides generic extensibility mechanism.
Almost any extension property can be placed in this container.
This mechanism is used to extend objects with new properties.
The extension is treated exactly the same as other object
properties by the code (storage, modifications, etc), except
that the system may not be able to understand their meaning.
Flags: RAM,oper
Multiplicity: [0,-1]
Set of the orgs (organizational units, projects, teams) that the object relates to.
This usually means that the object belongs to them but it may have other meanings as well
(e.g. user manages an organizational unit).
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Triggers for this object. They drive invocations of corresponding trigger handlers
at specified time.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Meta-data about object creation, modification, etc.
Flags: RAM,oper
Multiplicity: [0,1]
Reference to the tenant to which this object belongs. It is a computed value set automatically
by midPoint. It is determined from the organizational structure. Even though this value is
computed it is also stored in the repository due to performance reasons.
Flags: RAM,runtime
Multiplicity: [0,1]
Lifecycle state of the object. This property defines whether the
object represents a draft, proposed definition, whether it is active,
deprecated, archived, and so on. See "Object Lifecycle" in the documentation.
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Description of recent operations executed on this object (or related objects in special
cases). The number of operations to be kept here is configurable.
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Flags: RAM,runtime,oper
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,-1]
Set of object's assignments.
Assignments define the privileges and "features" that this object should have, that
this object is entitled to. Typical assignment will point to a role or define
a construction of an account.
Assignments represent what the object SHOULD HAVE. The assignments represent a policy,
a desired state of things (cf. linkRef, roleMembershipRef).
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Flags: RAM,oper
Multiplicity: [0,-1]
References to all applicable archetypes, including "indirect" archetypes such as archetype supertypes.
Contains references to active archetypes only.
Note: the value of this reference is only updated when object is recomputed.
Therefore if a role definition changes then all the affected objects must be recomputed
for this reference to be consistent.
This is an operational property. It is set and managed by the system. It is used
for efficient use of archetypes.
Flags: RAM,oper
Multiplicity: [0,-1]
References to abstract roles (roles, orgs, services) that this focus currently belongs to - directly
or indirectly. This reference points to all the roles in the role hierarchy. It only points to
the roles that were evaluated as active during last recompute (conditions were true, validity
constraints not violated).
Note: the value of this reference is only updated when a focal object is recomputed.
Therefore if a role definition changes then all the affected focal objects must be recomputed
for this reference to be consistent.
Roles mentioned here are those that are NOT obtained via delegation, i.e. "deputy" relations.
Relations acquired by delegation are listed in delegatedRef item.
This is an operational property. It is set and managed by the system. It is used
for efficient search of all current role members, e.g. for the purpose of displaying this
information in the GUI.
Note: roleMembershipRef will be probably renamed to something like linkRef or
outboundLinkRef. We need to generalize it to contain information on generic links
between objects (e.g. between child and its parents).
Flags: RAM,oper
Multiplicity: [0,-1]
References to objects (abstract roles as well as users) obtained via delegation.
If A1 is a deputy of A, its delegatedRef contains a union of A, A.roleMembershipRef and
A.delegatedRef.
This is an operational property. It is set and managed by the system. It is used
for efficient search of all current role members, e.g. for the purpose of displaying this
information in the GUI.
Flags: RAM,oper
Multiplicity: [0,-1]
References to abstract roles (roles and orgs) that this focus may directly belong to.
This reference only points to the next role in the hierarchy. However, it is backed by
a "closure" index in the repository subsystem. Therefore it can efficiently support tree-like
queries. This reference points to the roles for whose the condition is not true.
Therefore it does not reliably show
who actually has a role. It shows potential role members - all the object that are possibly
influenced when a role definition changes.
This is an operational property. It is set and managed by the system. It is used
for efficient search of all possible role members, e.g. for the purpose of recomputing
all role members after the role definition is changed.
TODO. NOT IMPLEMENTED YET. EXPERIMENTAL. UNSTABLE.
Flags: RAM,runtime
Multiplicity: [0,1]
Task (lightweight) identifier. This is a unique identification of any task,
regardless whether it is persistent or transient (cf. OID). Therefore this can be used
to identify all tasks, e.g. for the purposes of auditing and logging.
Task identifier is assigned automatically when the task is created. It is immutable.
It is formally set as optional, however it is mandatory for any task to work. Setting
it to optional allows creating a task without identifier and generating the identifier
during import. However any tasks that live inside midPoint (running or stored in repository)
must have valid task identifier.
Flags: RAM
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Parent task. This property is used to implement task hierarchies. A task can have
a number of children (subtasks) that carry out some of the work. A typical example
is when multi-node tasks are used: There is a parent task representing the whole operation
(e.g. import from resource), and its children - worker tasks - that acquire buckets
of work and carrying them out. The parent waits for the children to finish and then
finishes itself.
If this property is null, this task is a "root-level" task that has no parent.
Note that the task identifier (not OID) is used here.
Flags: RAM
Multiplicity: [0,-1]
Flags: RAM,runtime
Multiplicity: [0,-1]
Flags: RAM
Multiplicity: [0,-1]
Flags: RAM,runtime,AVals:5
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:4
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:2
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:3
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:5
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:4
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:8
Multiplicity: [0,1]
Flags: RAM
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:2
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:2
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Constraints on task execution, e.g. a execution group, allowed/disallowed nodes, etc.
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:4
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: elaborate,RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]