Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • direction: Specifies the direction of association, i.e. if the association point from object to subject or the other way around:
    • subjectToObject: Subject has an attribute that contains object identifiers as its values. E.g. an account has a list of groups to which it belongs.
    • objectToSubject: Object has an attribute that contains subject identifiers as its values. E.g. a group has a list of members.
  • associationAttribute: Name of the attribute which represents the association. This is the attribute that will be modifier modified when the association changes. In object-to-subject associations this is the attribute of the object (e.g. group). In subject-to-object associations this is an attribute of the subject (e.g. account).
  • valueAttribute: Name of the attribute from with a value for association attribute is taken. The value is taken from this attribute and it will be stored in the association attribute. This attribute will not be modifier modified when the association changes, it is only for reading. In object-to-subject associations this is the attribute of the subject (e.g. account). In subject-to-object associations this is an attribute of the object (e.g. group). This attribute usually contain identifiers.

...

Code Block
languagehtml/xml
 <resource>
    ...
    <schemaHandling>
        <objectType>
            <kind>account</kind>
            ...
            <association>
                <name>ri:group</name>
                <kind>entitlement</kind>
                <intent>group</intent>
                <direction>objectToSubject</direction>
                <associationAttribute>ri:members</associationAttribute>
                <valueAttribute>ri:dn</valueAttribute>
                <shortcutAssociationAttribute>ri:memberOf</shortcutAssociationAttribute>
                <shortcutValueAttribute>ri:dn</shortcutValueAttribute>
            </association>
        </objectType>
        <objectType>
            <kind>entitlement</kind>
            <intent>group</intent>
            <default>true</default>
            <objectClass>ri:GroupObjectClass</objectClass>
        </objectType>
    </schemaHandling>
</resource>

The definition define defines one account type and one entitlement type group. The entitlement and account are associated by using entitlement's attribute members. The members property of a group contains a collection of usernames that belong to the group.

...