Sun Identity Manager Deployment Reference


Sets the values of only the attributes stored in the Identity Manager repository. When a view is created, it contains a copy of the attributes in the waveset.attributes attribute set. When the view is saved, the system compares the contents of accounts[Lighthouse] with waveset.attributes to generate and update reports and audit log entries. Although this attribute is stored in the Identity Manager repository, changes to this attribute are not automatically propagated to resources.

The Extended User Attributes Configuration object defines the attributes that are allowed in this view. The system ignores any name found in this set of attributes that is not registered in the configuration object.

The following code is a sample of the Extended User Attributes Configuration object. This object maintains the list of attributes that are managed by the waveset.attribute set.

<?xml version=’1.0’ encoding=’UTF-8’?>
<!DOCTYPE Configuration PUBLIC ’waveset.dtd’ ’waveset.dtd’>
<!--  id="#ID#Configuration:UserExtendedAttributes" 
      name="User Extended Attributes"-->
 <Configuration id=’#ID#Configuration:UserExtendedAttributes’ 
      name=’User Extended Attributes’
 creator=’Configurator’ createDate=’1019603369733’ lastMod=’2’ counter=’0’>
<!—add string values here - - >
    <ObjectRef type=’ObjectGroup’ id=’#ID#Top’ name=’Top’/>

This object can be modified to extend the list from the default firstname, lastname, and fullname attributes. In this case, an attribute called SSN has been added.


Lists delegate objects, indexed by workItemType, where each object specifies delegate information for a specific type of work item

This attribute takes the attributes contained in the Attributes of accounts[Lighthouse].delegate* Attributes table.


Lists delegate objects, indexed from 0 to n, where n is the current number of delegate history objects up to the delegate history depth. This attribute takes the attributes contained in the Attributes of accounts[Lighthouse].delegate* Attributes table.


Original list of delegate objects, indexed by workItemType, following a get operation or checkout view operation. This attribute takes the attributes contained in the following table.

Table 3–7 Attributes of accounts[Lighthouse].delegate* Attributes

Attributes of accounts[Lighthouse].delegate* Attributes 



Identifies the type of workItem being delegated. See Delegate object model description for valid list of workItem types.


Lists the names of the specific roles, resources, or organizations on which the user is delegating future workItem approval requests. This attribute is valid when the value of workItemType is roleApproval, resourceApproval, or organizationApproval.

If not specified, the value of this attribute default is to delegate future workItem requests on all roles, resources, or organizations on which this user is an approver.


Type to delegate to. Valid values are: 

  • manager

  • delegateWorkItemsRule

  • selectedUsers


Lists the names of the users to delegate to (if toType is selectedUsers).


Specifies the name of the rule that will be evaluated to determine the set of users to delegate to (if toType is delegateWorkItemsRule).


Specifies the date when delegation will start. 


Specifies the date when delegation will end. 


The value of this attribute is an object whose attribute names correspond to the properties defined by the user. User properties allow arbitrary custom data to be stored with the user in the Identity Manager repository. You can then use properties in forms and workflows. A property is similar in some ways to an Extended User Attribute, but are not limited to primitive data types such as strings or integers.

Identity Manager defines the tasks system property, which is used by the Deferred Task Scanner to cause workflow tasks to be run at some date in the future. The value of the tasks property is a list of objects. The following table defines the attributes that belong to objects in the list.

Table 3–8 Attributes of accounts[Lighthouse].properties




Identifies the name of the TaskDefinition object to run. 


Specifies the date on which to run the task. 


Identifies the TaskInstance that is created. If none is specified, Identity Manager generates a random name. 


Identifies the name of an Identity Manager administrator that is considered to be the owner of the task. If none is specified, the default owner is Configurator. 


Identifies the Identity Manager organization that the TaskInstance will be placed in. If none is specified, an organization controlled by the task owner is selected at random. 


Descriptive text that will be stored in the TaskInstance when it is created. This text is displayed in the task status page of the Identity Manager Administrator Interface. 

Sample Use

You can use the accounts[Lighthouse].properties value to display a table of the deferred tasks assigned to a user. This list is added to the form library named Default User Library, which is found in sample/formlib.xml.

The field that displays the deferred task table is named Deferred Tasks. After modifying the attribute, the deferred task table is now referenced by the default Tabbed User Form. If any deferred tasks exist, the table will be displayed at the bottom of the Identity tab panel.


Used to display a view-only User form. This view-only form displays field information as Labels, to ensure that the administrator cannot change values, although he can list, view, and search on this user information. (The administrator selects a user from the accounts list, then clicks View to see user details.)