Shadow Metadata and Auditing

Last modified 13 Jul 2022 10:59 +02:00
Table of Contents
Initial assignment

Currently, there are situations, when metadata for shadows are not set. Mainly, when the shadow is created by provisioning and not by model. Also, auditing is missing.

There are some gaps in auditing some shadow operations, mostly in provisioning component. Also, loosely related, we need to clarify the role of shadow metadata and possibly add more, if current set of metadata does not work well for some needs (e.g. incremental Ninja export).

The following Jira issues are related to these topics:


There seems to be three kinds of shadow metadata:

  • real metadata from the resource object

  • metadata about our Shadow object

  • midPoint metadata about the resource object, when it was discovered (creation or change)

Currently metadata container for ShadowType stores more or less the third kind.

Missing metadata about the shadow object itself cause problems like Timestamp missing in objects, ninja export not really possible.

Should there be some additional "repository create/modified" metadata that would leave metadata container (or at least existing set of them) for the model component and the new create/modified would clearly be repository’s responsibility?


What kind of auditing for shadows is missing?

  • We know of Audit records are missing for operations enforced deep in provisioning; that is, if delta processing is complex with multiple provisioning operations, we need additional audits about it.

  • During reconciliation, creation of shadows is not audited; metadata should be reviewed in this scenario as well.

  • Errors in early synchronization activities are not sufficiently audited. (Any details or Jiras?)

On the other hand, provisioning should not just repeatedly audit what is audited on the model level.

Was this page helpful?
Thanks for your feedback