Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

User synchronizer (UserSynchronizer) is a heart of the IDM Model Subsystem. It takes care of synchronizing users and accounts in any situation. Therefore it is responsible for ordinary provisioning, live sync, reconciliation and even import. User synchronizer takes care of executing user template, computing assignements assignments and RBAC, outbound expressions, credentials, etc. It is a place through which any modification of user object must pass.

...

User policy step currently applies user template to the user. It only works on user, not accounts. The goal is to maintain internal integrity of the user object as defined by the user template. This step is processing all user changes (both primary and secondary), recomputes them using user template and adds any extra changes to user secondary delta.

...

Assignments Step

Assignments step is processing all user assignments. It considers both existing user assignments and deltas of user assignments (added or removed assignments). It is also indirectly triggering the processing of RBAC roles. RBAC roles and direct assignments are all reduced to account construction structures (AccountConstruction) that describe how a particular account type (RAT) should be constructed. Account constructions usually contain value constructions (ValueConstruction) that describe how a particular account attribute should be constructed.

...