Used to view and modify reconciliation policy, which is stored as part of the Identity Manager system configuration object.
Reconciliation policy settings are stored in a tree structure with the following general structure:
default, or global, policy (Default). This is the root policy level.
resource type (ResType:) policy
resource policy (Resource:)
Settings can be specified at any point in the tree. If a level does not specify a value for a policy, it is inherited from the next highest policy.
The view represents an effective policy at a specified point in the policy tree, which is identified by the view name.
Table 3–43 ReconcilePolicy Tree and View Names
View Name |
Description |
---|---|
Default |
Addresses the root of the policy tree |
ResType:resource type |
Addresses the specified resource type beneath the root |
Resource:resource name |
Addresses the specified resource beneath the resource’s resource type |
Values of policy settings are always policy values. Policy values can contain up to three components, as described in the following table.
Table 3–44 Policy Value Settings Attributes (ReconcilePolicy View)
Policy Value Settings |
Description |
---|---|
value |
Specifies the value of the setting. |
scope |
Identifies the scope from which this setting is derived. Values of scope include Local, ResType, and Default, indicating which level is specifying this policy. For example, a value of SCOPE_LOCAL indicates the value is set at the current policy level. SCOPE_LOCAL -- Policy is set at the resource level or current policy level SCOPE_RESTYPE -- Policy is set at the restype, or resource type, level SCOPE_GLOBAL. -- Policy is set at the global level |
inheritance |
Identifies the policy setting that is inherited at this level. If the scope is not Local, the inheritance will match the effective value. Not present on policy settings at the Default level. |
To modify the view, users require Reconcile Administrator Capability.
To access the view, users require Reconcile Administrator or Reconcile Request Administrator capabilities.
The following table lists the high-level attributes of this view.
Table 3–45 ReconcilePolicy View Attributes
Attribute |
Description |
---|---|
scheduling |
Contains information about automated scheduling of reconciles. |
correlation |
Contains information about how ownership of resource accounts is determined. |
workflow |
Contains information about user-supplied extensions to the reconciliation process. |
response |
Contains information about how reconciliation should respond to discovered situations. |
resource |
Contains information about how reconciliation interacts with the resource. |
Attribute |
Editable? |
Data Type |
---|---|---|
reconcileServer |
Read/Write |
String |
reconcileModes |
Read/Write |
String |
fullSchedule |
Read/Write |
Schedule |
incrementalSchedule |
Read/Write |
Schedule |
nextFull |
Read |
Date |
nextIncremental |
Read |
Date |
Specifies the reconciliation server that should be used to perform scheduled reconciliations.
Specifies the reconciliation modes that are enabled. Valid values are: BOTH, FULL, NONE.
Identifies the schedule for full reconciles when enabled.
Identifies the schedule for incremental reconciles when enabled.
Containing the time of the next incremental reconcile, if enabled.
Specifies the repetition count for the schedule. Schedule values are GenericObjects with the following attributes:
count -- Specifies the repetition count for the schedule
units -- Specifies the repetition unit for the schedule
time -- Specifies the start time for the schedule
Identifies the name of the correlation rule.
Table 3–47 correlation rules (ReconcilePolicy View)
Attribute |
Editable? |
Data Type |
---|---|---|
correlationRule |
Read/Write |
String |
confirmationRule |
Read/Write |
String |
Identifies the name of the correlation rule to use when correlating accounts to users.
Identifies the name of the confirmation rule to use when confirming correlated users against accounts. When no confirmation is required, specify the value CONFIRMATION_RULE_NONE.
Attribute |
Editable? |
Data Type |
---|---|---|
proxyAdministrator |
Read/Write |
String |
preReconWorkflow |
Read/Write |
String |
perAccountWorkflow |
Read/Write |
String |
postReconWorkflow |
Read/Write |
String |
Specifies the name of the user with administrative capabilities.
Specifies the name of the workflow to run at appropriate point in reconciliation processing. To specify that no workflow be run, use the value AR_WORKFLOW_NONE.
Attribute |
Editable? |
Data Type |
---|---|---|
situations |
Read/Write |
List |
explanations |
Read/Write |
Boolean |
Specifies the automated response to perform for the specified situation. Valid responses are:
Table 3–50 situations Options (ReconcilePolicy View
Response |
Description |
---|---|
DO_NOTHING |
Performs no automated response |
CREATE_NEW_USER |
Creates new user based on the resource account |
LINK_ACCOUNT |
Assigns the account to the claiming user |
CREATE_ACCOUNT |
Recreates the account on the resource |
DELETE_ACCOUNT |
Removes the account from the resource |
DISABLE_ACCOUNT |
Disables the account on the resource |
Specifies whether reconciliation should record detailed explanations of actions in the Account Index.
Attribute |
Editable? |
Data Type |
---|---|---|
reconcileNativeChanges |
Read/Write |
Boolean |
reconciledAttributes |
Read/Write |
List (of Strings) |
listTimeout |
Read/Write |
Integer |
fetchTimeout |
Read/Write |
Integer |
Specifies whether native changes to account attributes should be reconciled.
Specifies the list of account attributes that should be monitored for native changes
Specifies (in milliseconds) how long reconciliation should wait for a response when enumerating the accounts present on the resource.
Specifies (in milliseconds) how long reconciliation process should wait for a response when fetching an account from a resource.