<objectType>
<kind>entitlement</kind>
<intent>unixGroup</intent>
<delineation>
<objectClass>ri:groupOfNames</objectClass>
</delineation>
<focus>
<type>OrgType</type>
<archetypeRef oid="be2c817e-387c-441a-82d0-e5a15e7cefcd"/> <!-- Unix Group Archetype -->
</focus>
</objectType>Focus Objects
The focus section specifies which focus objects (users, roles, orgs, and so on) correspond to given resource object type.
Specifying focus objects
There are two configuration items available:
| Item | Description | Default value |
|---|---|---|
|
Type of the focus objects. |
|
|
Focus archetype corresponding to this resource object type. If specified, the value is enforced upon focus objects that have a projection of this object type linked. It is also used during correlation, i.e. when correlating a resource object of this type, midPoint looks for focus objects having specified archetype. |
no archetype (all objects of given type) |
Notes/limitations:
-
The archetype must be currently a structural one. In the future, we may consider allowing multiple (i.e. structural and/or auxiliary) archetypes here.
-
The enforcement means that if the focus has no archetype, the archetype is added to the focus. If it has a different archetype, a policy violation exception is raised. This behavior may change in the future, e.g. it may become configurable.
-
The enforcement is done for all projections, i.e. not only for ones being synchronized into midPoint, but also for the ones that are created by midPoint. But beware of the timing: if a projection is added during the operation (a clockwork run), and that projection enforces an archetype, the effects of this enforcement may be limited during the current operation. For example, if the archetype induces some projections, they might not be created because of the processing in waves. Generally speaking, it is safer to set the focus archetype explicitly (e.g. by primary delta or in the object template) in these cases.
Was this page helpful?
YES
NO
Thanks for your feedback