Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

User object contains following frequently used items:

TODO TODO TODO

 

Property

Type

Description

fullNameroleType

PolyString string
optional

Full name of the user with all the decorations, middle name initials, honorific title and any other structure that is usual in the cultural environment that the system operates in. This element is intended to be displayed to a common user of the system.
Examples: cpt. Jack Sparrow, William "Bootstrap" Turner, James W. Random, PhD., Vladimir Iljic Lenin, Josip Broz Tito, Chuck Norris

givenName

PolyString
optional

Given name of the user. It is usually the first name of the user, but the order of names may differ in various cultural environments. This element will always contain the name that was given to the user at birth or was chosen by the user.
Examples: Jack, Chuck

familyName

PolyString
optional

Family name of the user. It is usually the last name of the user, but the order of names may differ in various cultural environments. This element will always contain the name that was inherited from the family or was assigned to a user by some other means.
Examples: Sparrow, Norris

additionalName

PolyString
optional

Middle name, patronymic, matronymic or any other name of a person. It is usually the middle component of the name, however that may be culture-dependent.
Examples: Walker, John, IljicType of a role, usually denotes a "layer" or "purpose" of the role. Such as "business", "IT", "asset", etc. This field has no special meaning in the IDM computation logic. Its purpose is to organize roles for presentation (GUI) and management. Therefor it is assumed that the values of the roleType will be an enumeration.
Examples: application, business, it, technical, asset

displayName

PolyString
optional

Human-readable name of the role. It may be quite long, container national characters and there is no uniqueness requirement. It is used if the "name" property contains a code that is not entirelly user-friendly.

assignment, inducement

AssignmentType
optional, multi

See Assignment and Assignment vs Inducement.

authorization

AuthorizationType
optional, multi

Set of role authorizations. Authorization define fine-grained access to midPoint objects and system functionality. The authorizations that are defined in a role apply to all users that have this role assigned (such user is a "subject" of the authorizations).
See Authorization

Full list of items can be found by using the SchemaDoc links above.

See Also