Provisioning information
Provisioning providers get information to identify the entities that were affected by a change. This information does not state what changed exactly. For example, upon a modification of the user email address, the provisioning event contains the information user X has been changed, but not the e-mail address of user X has the new value Y.
All provisioning events provide the type of operation, the identification of the actor, and the actual entity, to which the operation is applied.
Type of operation
Key: meta.operation
meta.operation defines what happened with the underlying entity. The possible operations are the following:
- insert with value
i: the entity is created. - delete with value
d: the entity is removed, and does not exist anymore in nevisIDM. - update with value
u: the entity is modified. - archive with value
ar: the entity, that is, a user or profile, is archived - enable with value
en: the entity, that is, a user or profile, is activated - disable with value
di: the entity, that is, a user or profile, is disabled
Type of entity the operation affects
Key: meta.entity
meta.entity defines the type of the involved nevisIDM entity. The value passed to the provider is equal to the actual name of the entity. The following entities are supported by the provisioning:
- user
- profile
- authorization
- credential
- client
- unit
- application
- role
- enterprise authorization
- enterprise role
- enterprise role member
Information about the actor, the user who carried out the operation
- key
actor.extid:extIdof the acting user - key
actor.loginid:loginIdof the acting user - key
actor.clientname: name of the client, to which the actor belongs - key
actor.clientextid: extId of the client, to which the actor belongs
Version of the entity
Key: object.newVersionNumber
object.newVersionNumber defines the version of the entity, and can be used to look up the actual change of the entity. The version number of the entity is raised after any change to the entity. The increase can be of any size, but the new version number has to be higher than the old version number.
Information in the provisioning module for each entity
Application
Information in provisioning event
meta.operationmeta.entity, that is,applicationclient.extidclient.nameapplication.nameapplication.extidobject.newVersionNumber
Description
The information provided affects application management only, and not the authorizations. A creation or removal operation represents the assignment or revocation of an application to a client, and not the actual creation or removal of the application itself. If an application is completely removed, an event is generated to each client, to which the application is assigned.
Authorization
Information in provisioning event
meta.operationmeta.entity, that is,authorizationauthorization.extidclient.extidclient.nameuser.extiduser.loginidprofile.extidapplication.namerole.namerole.extidobject.newVersionNumber
Description
The informazion affect the creation, modification, and removal of authorizations, and the assignment or revocation of role to profile. object.newVersionNumber and authorization.extid are not available for events triggered by enterprise roles.
Client
Information in provisioning event
meta.operationmeta.entity, that is,clientclient.extidclient.nameobject.newVersionNumber
Credential
Information in provisioning event
meta.operationmeta.entity(=credential)client.extidclient.namecredential.extidobject.newVersionNumber
Profile
Information in provisioning event
meta.operationmeta.entity(=profile)client.extidclient.nameuser.extiduser.loginidprofile.extidobject.newVersionNumber
Description
The information provided affects operations on the profile attributes and property values, and does not affect assignment or revocations of roles to the profile.
Role
Information in provisioning event
meta.operationmeta.entity, that is,roleclient.extidclient.nameapplication.namerole.namerole.extidobject.newVersionNumber
Description
The information provided affects the application or role management only, and not the authorizations. All events are triggered for all clients, to which the application of the role is assigned.
Unit
Information in provisioning event
meta.operationmeta.entity, that is,unitclient.extidclient.nameunit.extidunit.nameobject.newVersionNumber
User
Information in provisioning event
meta.operationmeta.entity, that is,userclient.extidclient.nameuser.extiduser.loginidobject.newVersionNumber
Enterprise Role
Information in provisioning event
meta.operationmeta.entity, that is,eroleclient.extidclient.nameerole.extiderole.nameobject.newVersionNumber
Description
The information provided affects the creation, modification, and removal of an enterprise role.
Enterprise Authorization
Information in provisioning event
meta.operationmeta.entity, that is,enterpriseauthorization- eauthorization.extid
- client.extid
- client.name
- erole.extid
- erole.name
- unit.extid
- unit.name
- user.extid
- user.loginid
- profile.extid
Description
It can be configured with the application.modules.provisioning.erole.enabled configuration setting (can be found in the chapter nevisidm-prod.properties, paragraph Provisioning module).
Enterprise Role Member
Information in provisioning event
meta.operationmeta.entity, that is,ermember- client.extid
- client.name
- erole.extid
- erole.name
- role.extid
- role.name
- application.extid
- application.name
Description
It can be configured with the application.modules.provisioning.erole.enabled configuration setting (can be found in the chapter nevisidm-prod.properties, paragraph Provisioning module).