Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The repository of identity management system contains information about the state that should be: assigned resource accounts and roles, attribute values derived from user properties and so on. However, the actual state of the accounts may be different. Some accounts that should exit exist may not exist because the create operation has failed or someone deleted them. The accounts may belong to wrong set of groups and may not be consistent with the IDM roles. There may be accounts that belong to nobody or are otherwise "illegal".