Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The object lifecycle support in midPoint 3.5 is practically usable, but it is not yet perfect. Improvements to the lifecycle mechanisms are planned in future midPoint versions based on the interest of midPoint subscribers and sponsors.


Remediation in midPoint terminology means a semi-formal action that remediates policy violation. This is an action that fixes the policy violation and makes the situation fully compliant with the policy This is an action or decision that needs to be done by a physical person. Remediation may be a selection of a new manager in case that the old manager left the company and now there is an organizational unit without a manager. Remediation may lead to a change of role definition in case that the new role definition has unacceptable impact on business. Remediation actions are "do something else" actions, those non-automatic non-algorithmic decisions that must be made by an intelligent human being. In cases that midPoint can fix policy violation automatically we do not even call that remediation. That case is just too easy. It is normal midPoint behavior. Business as usual. The term remediation is reserved to those things that midPoint cannot do automatically.


MidPoint has information about all the users, accounts, roles and entitlements and they are presented in a way that can allow efficient role mining in the future. MidPoint currently does not have role mining features. But the basic infrastructure is prepared for that. Role mining may be implemented in a near future either as native midPoint functionality or as an extension. The implementation plan for role mining depends on midPoint sponsors, subscribers midPoint subscribers and partners.

Risk Management