OUTDATEDThis page is outdated, it contains information that was not updated in a long time. The described functionality may or may not work. Do not rely on information provided on this page.
Local copy of any object on the provisioning resource that is related to provisioning. It may be account, group, role (on the target system), entitlement (privilege, security label), organizational unit or anything else that is worth managing in identity management.
This object provides a representation of the resource object in the IDM system, in the local repository. It is different from the object that represents resource object on the target resource.
Resource Object Shadow may represent a minimal data structure in IDM repository that contains only an identifier and nothing else.
It may also represent a rich structure with a lot of cached or fetched data.
The actual content of this object depends on usage: on the specific interface and operation used and even on the system state and configuration.
Resource Object Shadow contains resource attributes copied from the target resource in the
This tag must not contain properties from the identity data model (from the identity XML namespace).
This element includes resource attributes that identify resource object on the resource.
Resource attributes interpreted, handled like properties
Users (and partially administrators) of IDM system should not see the shadow objects and should not be aware of them as it will hinder the understandability of the system. Users should be presented just with "accounts" and "groups". However, the concept of shadow objects is very important for developers and for engineers deploying IDM systems.