Read-Only Resource

Last modified 14 Jan 2025 21:57 +01:00

This page describes how to pretend that ordinary read-write resource is in fact read-only.

There are many reasons for this. But it perhaps is most useful during midPoint setup, testing and migration. You can test midpoint on real resources by setting them to read-only mode. You can be sure that midPoint will not destroy the data on the resource even if you have a bug in mappings or make a mistake during a migration procedure.

An alternative, more modern, and in many ways more efficient approach is to use the simulation feature. But setting the resource as read-only provides stronger level of protection against unwanted modifications. It can be even combined with simulations.

MidPoint resource can be switched to read-only mode by disabling the resource capabilities that create, modify and delete resource objects. The capabilities are checked by low-level components of midPoint (in Provisioning Subsystem) therefore even a severe misconfiguration of high-level midPoint features will not be able circumvent this protection.

Read-only capabilities
<capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
    <configured>
        <cap:create>
            <cap:enabled>false</cap:enabled>
        </cap:create>
        <cap:update>
            <cap:enabled>false</cap:enabled>
        </cap:update>
        <cap:delete>
            <cap:enabled>false</cap:enabled>
        </cap:delete>
    </configured>
</capabilities>

See also:

Was this page helpful?
YES NO
Thanks for your feedback