Sun Identity Manager Deployment Reference

Top Level Attributes

Top level attributes of this view include:

Table 3–60 Resource View Attributes

Attribute  

Editable? 

Data Type  

Required?  

accountAttributes

Read/Write 

List (Views) 

No 

accountId

Read/Write 

String 

No 

accountPolicy

Read/Write 

String 

No 

adapterClassName

Read/Write 

String 

Yes 

allowedApprovers

Read 

List (Strings) 

No 

allowedApproversIds

Read 

List (Strings) 

No 

approvers

Read/Write 

List (Strings) 

No 

available

Read 

View 

N/A 

description

Read 

String 

No 

displayName

Read 

String 

No 

excludedAccountsRule

Read/Write 

String 

No 

facets

Read 

String 

No 

identityTemplate

Read/Write 

String 

No 

name

Read/Write 

String 

Yes 

organizations

Read/Write 

List (Strings) 

Yes 

passwordPolicy

Read/Write 

String 

No 

resourceAttributes

Read/Write 

List (Views) 

No 

resourcePasswordPolicy

Read/Write 

String 

No 

retryMax

Read/Write 

Integer 

No 

retryDelay

Read/Write 

Integer 

No 

retryEmail

Read/Write 

String 

No 

retryEmailThreshold

Read/Write 

Integer 

No 

startupType

Read/Write 

String 

No 

syncSource

Read/Write 

Boolean 

No 

typeDisplayString

Read/Write 

String 

Yes 

typeString

Read/Write 

String 

Yes 

accountAttributes

Define the accounts managed on this resource. Attributes vary depending on the resource type, and correspond directly to the schema map. Each element in this list corresponds to an element in the List that resourceAttributes comprises.

Each element of the list contains the following attributes

Table 3–61 Attributes of the accountAttribute Resource View Attribute

Attribute  

Type  

Description  

attributeName

String 

Specifies the name of the attribute as seen by Identity Manager forms and workflows. 

syntax

String 

Declares the type of value. Valid values include string, int, boolean, encrypted, or binary.

name

String 

Specifies an auto-generated value. Ignore this value. 

mapName

String 

Specifies the name of the attribute recognized by the resource adapter. 

required

Boolean 

If true, this account attribute is required. 

audittable

Boolean 

If true, this account attribute should always be audited when auditing user events. 

multi

Boolean 

If true, this account attribute is expected to possibly contains more than one value. 

ordered

Boolean 

If true, the values of account attribute must be maintained in order. 

readonly

Boolean 

If true, this account attribute can only be read, and cannot be changed. 

writeonly

Boolean 

If true, this account attribute can only be written, and cannot be read. 

accountId

Specifies the ID by which the resource identifies this account.

accountPolicy

Specifies the policy for account IDs on this resource.

adapterClassName

Identifies the Resource Adapter class to be used to provision to the resource.

allowedApprovers

(Computed read-only value) Lists display names of users who have the permission to perform resource approvals. Edit the UserUIConfig object to specify the user attribute to be used as the display attribute. By default, Identity Manager uses the administrator’s name attribute.

allowedApproversIds

(Computed read-only value). Computed only if the display attribute used for allowedApprovers is something other than name.

approvers

Lists the administrator approvers for this resource.

available

Specifies available attributes as indicated in the following table.

Table 3–62 Attributes of the available Attribute of the Resource View

Attributes of available Attribute  

Description  

available.formFieldNames

Specifies the names of attributes found that start with “global.” or “accounts[<resourcename>].”. These attributes are included in the dropdown list of optional names for the left schema map name. 

available.extendedAttributes

Specifies the attributes that are read from the #ID#Configuration:UserExtendedAttributes Configuration object. These attributes are included in the dropdown list of optional names for the left schema map name. 

description

Provides a textual description of the resource.

displayName

Specifies the name that Identity Manager displays on the user edit and password pages.

excludedAccountsRule

Specifies the policy for excluding resource accounts from account lists.

facets

Comma-separated list of values that can contain any of these values: provision, activesync, or none. If this string contains activesync, then the resource has active sync processing enabled (that is, not disabled). If this string contains provision, then Identity Manager displays the basic connection-related resource parameters.

identityTemplate

Specifies the identity template used to generate a user’s identity on this resource.

name

Externally identifies the resource. This user-supplied name is unique among resource objects.

organizations

Lists the organizations available to the resource.

passwordPolicy

Specifies the password policy for accounts on this resource.

resourceAttributes

Lists Views. Each element of this List contains the attributes below.

Certain attributes depend upon the type of adapter being configured. At a minimum, these attributes specify how to connect to the resource.

The following attributes uniquely identify the resource object.

Table 3–63 resourceAttributes Attributes

Attribute 

Type  

Description 

name

String 

Specifies attribute name. 

displayName

String 

Specifies I18N-ed label for display. 

type

String 

Declares the type of value. Valid values include string, int, boolean, encrypted, or binary.

multivalued

Boolean 

If true, this attribute can contain more than one value. 

description

String 

Provides help text to describe the purpose of the attribute. 

noTrim

Boolean 

If true, leading and trailing white space will be deleted. 

provision

Boolean 

If true, this is a standard configuration attribute. 

activesync

Boolean 

If true, this attribute is needed to configure ActiveSync. 

value

Object or ListObject 

current values 

For example, <Field name=’resourceAttributes[Display Name Attribute].value’>.

resourcePasswordPolicy

Indicates the resource password policy for resource accounts on this resource.

retryMax

Indicates the maximum number of retries that will be tried on errors attempting to manage objects on a resource.

retryDelay

Specifies the number of seconds between retries.

retryEmail

Identifies the email addresses to send notifications to after reaching the retry notification threshold.

retryEmailThreshold

Specifies the number of retries after which an email is sent.

startupType

Specifies whether the activeSync resource starts up automatically or manually.

syncSource

If set to true, indicates that the resource supports synchronization events.

typeDisplayString

Identifies the display name for the resource type. This should be a message key or ID to be found in the message catalog.

typeString

Specifies the internal name for the resource type.