Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

MidPoint resource can be switched to read-only mode by disabling the resource capabilities that create, modify and delete resource objects. The capabilities are checked by low-level components of midPoint (in Provisioning Subsystem) therefore even a severe misconfiguration of high-level midPoint features will not be able circumvent this protection.

TODO

Code Block
languagehtml/xml
titleRead-only capabilities
<capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-2">
  <configured>
    <cap:create>
      <cap:enabled>false</cap:enabled>
    </cap:create>
    <cap:update>
      <cap:enabled>false</cap:enabled>
    </cap:update>
    <cap:delete>
      <cap:enabled>false</cap:enabled>
    </cap:delete>
  </configured>
</capabilities>