Configure Operation Options

Important

Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation.

The operationOptions object enables you to deny specific operations on a resource. For example, you can use this configuration object to deny CREATE and DELETE operations on a read-only resource to avoid IDM accidentally updating the resource during a synchronization operation.

The following example defines the options for the "SYNC" operation:

"operationOptions" : {
    "SYNC" : {
        "denied" : true,
        "onDeny" : "DO_NOTHING",
        "objectFeatures" : {
            "__ACCOUNT__" : {
                "denied" : true,
                "onDeny" : "THROW_EXCEPTION",
                "operationOptionInfo" : {
                    "$schema" : "http://json-schema.org/draft-03/schema",
                    "type" : "object",
                    "properties" : {
                        "_OperationOption-float" : {
                            "type" : "number",
                            "nativeType" : "JAVA_TYPE_PRIMITIVE_FLOAT"
                        }
                    }
                }
            },
            "__GROUP__" : {
                "denied" : false,
                "onDeny" : "DO_NOTHING"
            }
        }
    },
    ...
}

The ICF Framework supports the following operations:

AUTHENTICATE
CREATE
DELETE
GET
RESOLVEUSERNAME
SCHEMA
SCRIPT_ON_CONNECTOR
SCRIPT_ON_RESOURCE
SEARCH
SYNC
TEST
UPDATE
VALIDATE

For detailed information on these operations, see the ICF API documentation.

The operationOptions object has the following configurable properties:

denied

boolean, optional

This property prevents operation execution if the value is true.

onDeny

string, optional

If denied is true, then the service uses this value. Default value: DO_NOTHING.

DO_NOTHING: On operation the service does nothing.
THROW_EXCEPTION: On operation the service throws a ForbiddenException exception.