Prevent the accidental deletion of a target system
If a source resource is empty, the default behavior is to exit without failure and to log a warning similar to the following:
[318] Feb 19, 2020 1:51:56.455 PM org.forgerock.openidm.sync.NonClusteredRecon dispatchRecon WARNING: Cannot reconcile from an empty data source, unless allowEmptySourceSet is true.
The reconciliation summary is also logged in the reconciliation audit log.
This behavior prevents reconciliation operations from accidentally deleting everything in a target resource. In the event that a source system is unavailable but erroneously reports its status as up, the absence of source objects should not result in objects being removed on the target resource.
If you do want reconciliations of an empty source resource to proceed, override the default behavior by setting the allowEmptySourceSet
property to true
in the mapping. For example:
{
"mappings" : [
{
"name" : "systemCsvfileAccounts_managedUser",
"source" : "system/csvfile/account",
"allowEmptySourceSet" : true,
...
When an empty source is reconciled, the data in the target is wiped out.
Prevent accidental target deletion using the IDM admin UI
-
From the IDM console, click Native Consoles > Identity Management.
-
From the navigation bar, click Configure > Mappings, and click the mapping to edit.
-
Click the Advanced tab, and expand the Additional Mapping Options node.
-
Enable Allow Reconciliations From an Empty Source.