Create/Modify synchronization rules¶

The purpose of a synchronization rule is to define the operations to be applied to the various objects in the target source. The result of a synchronization rule will generate a data file in XML format, called DELTA.

A synchronization rule is the result of a set of rules applied to one of the following sources:

Export from the authoritative source,
Export from the target source,
DELTA.

The different rules that can be applied are:

Filtering rule,
Conversion rule,
Matching rule,
MAP rule,
SSOX rule,
Backup rule.

Each rule is defined in a specific order because they may be dependent on each other.

The DELTA file is generated for the first time after the Matching rule. It can then be modified by other rules such as filtering or conversion rules.

To create a specific rule in a synchronization rule, click on the “New” button. Select a rule from the list of operations, then click on the ‘Modify’ button to modify it or on the “Delete” button to delete it.

Enter a name for the rule and choose the type of rule to create from the list. In a synchronization rule, there can be several conversion, filtering, or MAP rules, but the Match, Save, and SSOX rules must be unique.

After choosing the type of rule, enter the target to which the rule will apply.

Table of authorized rule targets according to rule type:

	SOURCE (authoritative source)	TARGET (target source)	DELTA (comparison file)
Filtering	X	X	X
Conversion	X	X	X
Matching			X
MAP	X	X	X
SSOX	X	X
Backup			X

Mandatory matching rules in upstream provisioning connectors¶

The mandatory operations to be integrated into upstream provisioning connectors are described below.

Identities
- Matching Rules
  - Destination attribute (Identity Ref) = uid
- On Create
  - SET type = [person type code]
- On Modify
  - MULTDSTCOPY ID and type
- On Delete
  - DSTCOPY ID
Enumerated (identities, allocations, structures, or accounts)
- Matching Rules
  - Destination attributes (Ref Identity) = type, code
- On Create
  - SET type and code
- On Modify
  - DSTCOPY = ID
- On Delete
  - DSTCOPY = ID
Cross-reference table
- Matching Rules
  - Destination attributes (Ref Identity) = type, key
- On Create
  - SET type and key
- On Modify
  - DSTCOPY = ID
- On Delete
  - DSTCOPY = ID
Allocations
- Matching Rules
  - Destination attribute (Identity Ref) = resource_code
- On Create
  - SET type = [allocation type code] and resource_code [code of the object to be created]
- On Modify
  - MULTDSTCOPY ID and type
- On Delete
  - MULTDSTCOPY = ID
Structures
- Matching Rules
  - Destination attribute (Identity Ref) = structure_code
- On Create
  - SET = type [Structure type code] and resource_code [code of the object to be created]
- On Modify
  - MULTDSTCOPY ID and type
- On Delete
  - DSTCOPY ID
Accounts (only functional for managing changes)
- Matching Rules
  - Destination attribute (Identity Ref) = account_login
- On Modify
  - MULTDSTCOPY ID, type
Roles
- Matching Rules
  - Destination attribute (Identity Ref) = code
- On Create
  - SET = code
- On Modify
  - MULTDSTCOPY = ID
- On Delete
  - MULTDSTCOPY = ID
Authorizations
- Matching Rules
  - Destination attribute (Identity Ref) = code and application
- On Create
  - SET = code and application
- On Modify
  - MULTDSTCOPY = ID
- On Delete
  - MULTDSTCOPY = ID
Provisioning status updates
- Matching Rules
  - Destination attribute (Identity Ref) = account_login
- Compare Rules
  - COMPAREATTNAME = account_login
- On Create
  - SET = account_type
- On Modify
  - DSTCOPY = account_id
- On Delete
  - MULTDSTCOPY = account_id
Identity-role links
- Matching Rules
  - Destination attributes (Identity Ref) = person, role
- On Create
  - SET person, role
- On Modify
  - MULTDSTCOPY = id
- On Delete
  - MULTDSTCOPY = id
Identity-role-authorization links
- Matching Rules
  - Destination attributes (Identity Ref) = person, role, right
- On Create
  - SET person, role, right
- On Modify
  - MULTDSTCOPY = id
- On Delete
  - MULTDSTCOPY = id