Value Metadata

Last modified 07 Mar 2023 11:46 +01:00
Table of Contents

Introduction

Value metadata are data about data. They are stored as a part of the values and can contain additional information.

Note, that value metadata are distinct from MetadataType used for objects and assignments, which is part of the first-class schema for a long time.

Usages

The following table summarizes current usage of value metadata:

Usage Configuration Storage/Notes

IGA related assignment paths on role membership references

Enabled by default. Can be disabled in system configuration with accessesMetadataEnabled under roleManagement element.

Stored in roleMembershipRef as assignmentpath under provenance. If there are multiple assignment paths leading to the same role, each is present in its own metadata value. Introduced in 4.7.

How is it stored

Valeu metadata is stored in a special container with name like _metadata or @metadata depending on the serialization format. This is an example of value metadata on roleMembershipRef value stored in JSON format:

"roleMembershipRef" : [
  {
    "@metadata" : {
      "storage" : {
        "createTimestamp" : "2023-03-07T11:11:37.249+01:00"
      },
      "provenance" : {
        "assignmentPath" : {
          "sourceRef" : {
            "oid" : "0f493925-36b5-466a-8279-3ad822826b75",
            "relation" : "org:default",
            "type" : "c:UserType"
          },
          "segment" : {
            "segmentOrder" : 1,
            "assignmentId" : 1,
            "targetRef" : {
              "oid" : "d9a77300-2618-49af-b8e6-260ce530ef4f",
              "relation" : "org:default",
              "type" : "c:RoleType"
            },
            "matchingOrder" : true
          }
        }
      }
    },
    "oid" : "d9a77300-2618-49af-b8e6-260ce530ef4f",
    "relation" : "org:default",
    "type" : "c:RoleType"
  }
]

The actual value of the reference are oid, relation and type items at the end of the example. JSON uses @metadata attribute to store the values of value metadata - possibly multiple values. Example showcases IGA-related value metadata storing the assignment path for the role. For the sake of how-is-it-stored example this is a small snippet for direct assignment, but there can be multiple assignment path segments leading to the indirect assignment.

And this is the same refernce in XML representation - here using _metadata element:

<roleMembershipRef oid="d9a77300-2618-49af-b8e6-260ce530ef4f" relation="org:default" type="c:RoleType">
    <_metadata>
        <storage>
            <createTimestamp>2023-03-07T11:11:37.249+01:00</createTimestamp>
        </storage>
        <provenance>
            <assignmentPath>
                <sourceRef oid="0f493925-36b5-466a-8279-3ad822826b75" relation="org:default" type="c:UserType"/>
                <segment>
                    <segmentOrder>1</segmentOrder>
                    <assignmentId>1</assignmentId>
                    <targetRef oid="d9a77300-2618-49af-b8e6-260ce530ef4f" relation="org:default" type="c:RoleType"/>
                    <matchingOrder>true</matchingOrder>
                </segment>
            </assignmentPath>
        </provenance>
    </_metadata>
</roleMembershipRef>

See Also

Was this page helpful?
YES NO
Thanks for your feedback