Therefore the GUI can use this definition to properly render the change owner functionality. In this case the default accounts will have two options to change owner: change owner (user) and change owner (service). The latter option would actually execute two operations: change shadow intent to
service and then link the shadow to service object.
There is a Synchronization Sorter mechanism that can be used for automatic reclassification. But support for manual (GUI-based) reclassification is still missing.
Note: there is almost no chance to destroy account data even if intent is mis-detected as long as the account ends up in
unmatched situation. In that case the account is not linked therefore no mappings are applied. MidPoint will not change the account unless the account is changed manually from the GUI.
In addition to this there are expected changes in the UI for service objects. There are expected bugfixes and improvements as this part of the UI is rarely used. The projection enforcement mode needs to be applied on a per-object-type basis to resolve the assigning vs linking issue (service accounts will be linked but not assigned). Additional improvements to other part of GUI, meta-roles and other mechanisms may also be needed.
Service account passwords will not be managed in this implementation phase. The passwords may be changed manually from the GUI. But no automatic mechanism will be provided. There will be certification support.