sys.identity 

The full native identity of the object. For directory objects, this will be the DN. When creating new objects, this will override the identity template defined in the Resource. For existing objects, it must not be changed. 

sys.delete 

An action attribute that may be set to true to indicate that this object should be deleted.

sys.disable 

An action attribute that may be set to true to disable an account. If it is set to false, then the account is enabled. This is an action-only attribute. When the view is checked out, the attribute will not have a value.

sys.newIdentity 

An action attribute that may be set to another object identity to indicate that the object should be renamed. Not all resources support changing identities. 

sys.resetPassword 

An action attribute that may be set to true to indicate that the password should be reset.

sys.expirePassword 

An action attribute that may be set to true to indicate that the password should be expired.

sys.form 

The name of the form used to display or process this view, set only when Identity Manager XML forms are being used. 

sys.noDefaultForm 

An action attribute that may be set to true to prevent any default user form from being used. 

sys.links 

A list of objects holding information about the objects linked to the composite. This is functionally equal to the waveset.accounts in the user view. 

sys.lock 

If this boolean action is set to true, then when the IDMXUser view is checked-in (or refreshed), then the IDMXUserViewer will run the “Lock Account Rule” to set the appropriate values in the view to lock the account. If this rule is not specified in the configuration and sys.lock is true, an exception is thrown.

sys.locked 

Set to true if the account has been locked explicitly or due to too many failed login attempts. The IDMXUserViewer runs the “Is Account Locked Rule” to determine if the account is locked. 

sys.unlock 

If this boolean action is set to true, then when the IDMXUser view is checked-in (or refreshed), the IDMXUserViewer will run the “Unlock Account Rule” to set the appropriate values in the view to unlock the account. If this rule is not specified in the configuration and sys.lock is true, an exception is thrown.

sys.targets 

A list of resources, services, or applications that should be targeted on the check-in. The list can include the Resource, Service, or Application PersistentObjects themselves, or more usefully just their names. If no targets are specified, then the provisioner will provision to all assigned resources, service, and applications. 

sys.links[*].name 

A unique name used to identify the linked object in the view. Usually this is the same as the name of the Resource containing the linked object, but may be qualified if there is more than one linked object from this Resource. 

sys.links[*].resource 

The name of the Resource containing the linked object. Often the same as sys.links[*].name, but not necessarily. 

sys.links[*].type 

The type of the Resource containing the linked object. 

sys.links[*].identity 

The full native identify of the object. For directory objects, this will be the DN. 

sys.links[*].created 

Set to true if the object is believed to exist.

sys.links[*].disabled 

Set to true if the object is currently disabled.

sys.links[*].locked 

Set to true if the object is currently locked.

sys.links[*].fetched 

Set to true if the current attributes of the object have been fetched.

sys.links[*].attributes 

An object containing last known attribute values of the linked object. This will be set only when the application requests that the current values be fetched. They are not stored permanently in the composite. 

sys.txn.waitForFirstAttempt 

This attribute dictates how control returns to the caller when an IDMXUser view object is checked in. If set to true, the check-in operation will block until the provisioning transaction has completed a single attempt. If set to false, the check-in operation will return control to the caller before attempting the provisioning transaction. It is recommended to enable this option.

If asynchronous processing is disabled, then the transaction will have either succeeded or failed when control is returned. If asynchronous processing is enabled, then the transaction will continue to be retried in the background. 

sys.txn.enableAsynchronous 

This attribute controls whether processing of provisioning transactions continues after the check-in call returns. Since only a single attempt will be made synchronously, this option must be enabled if retrying transactions is desired. 

sys.txn.asynchronousMS 

An upper bound expressed in milliseconds of how long the server will retry a failed provisioning transaction. This setting complements the retry settings on the individual resources, including the master LDAP directory. For example, if this limit is reached before the resource retry limits are reached, the transaction will be aborted. If the value is negative, then the number of retries is only limited by the settings of the individual resources. 

sys.txn.persistImmediately 

If set to true, provisioning transactions will be written to the Transaction Persistent Store before they are attempted. Enabling this option might incur unnecessary overhead since most provisioning transactions will succeed on the first attempt. It is recommended to disable this option unless the waitForFirstAttempt attribute is disabled.

sys.txn.persistOnAsync 

If set to true, provisioning transactions will be written to the Transaction Persistent Store before they are processed asynchronously. If the waitForFirstAttempt attribute is enabled, then transactions that need to be retried will be persisted before control is returned to the caller. If the waitForFirstAttempt attribute is disabled, then transactions will always be persisted before they are attempted. It is recommended to enable this option.

sys.txn.persistOnEachUpdate 

If set to true, provisioning transactions will be persisted after each retry attempt.