Configure Operation Options
The operationOptions
object enables you to deny specific operations on a resource. For example, you can use this configuration object to deny CREATE
and DELETE
operations on a read-only resource to avoid IDM accidentally updating the resource during a synchronization operation.
The following example defines the options for the "SYNC"
operation:
"operationOptions" : { "SYNC" : { "denied" : true, "onDeny" : "DO_NOTHING", "objectFeatures" : { "__ACCOUNT__" : { "denied" : true, "onDeny" : "THROW_EXCEPTION", "operationOptionInfo" : { "$schema" : "http://json-schema.org/draft-03/schema", "type" : "object", "properties" : { "_OperationOption-float" : { "type" : "number", "nativeType" : "JAVA_TYPE_PRIMITIVE_FLOAT" } } } }, "__GROUP__" : { "denied" : false, "onDeny" : "DO_NOTHING" } } }, ... }
The ICF Framework supports the following operations:
AUTHENTICATE
CREATE
DELETE
GET
RESOLVEUSERNAME
SCHEMA
SCRIPT_ON_CONNECTOR
SCRIPT_ON_RESOURCE
SEARCH
SYNC
TEST
UPDATE
VALIDATE
For detailed information on these operations, see the ICF API documentation.
The operationOptions
object has the following configurable properties:
denied
boolean, optional
This property prevents operation execution if the value is
true
.onDeny
string, optional
If
denied
istrue
, then the service uses this value. Default value:DO_NOTHING
.DO_NOTHING
: On operation the service does nothing.THROW_EXCEPTION
: On operation the service throws aForbiddenException
exception.