IDM 7.2.1

Validate relationships between objects

Optionally, you can specify that a relationship between two objects must be validated when the relationship is created. For example, you can indicate that a user cannot reference a role, if that role does not exist.

When you create a new relationship type, validation is disabled by default, because it involves an expensive query to the relationship that is not always required.

To configure validation of a referenced relationship, set "validate": true in the managed object configuration. The default schema enables validation for the following relationships:

  • For user objects—roles, managers, and reports

  • For role objects—members and assignments

  • For assignment objects—roles

The following configuration of the manager relationship enables validation, and prevents a user from referencing a manager that has not already been created:

"manager" : {
   "type" : "relationship",
   ...
   "validate" : true,
Copyright © 2010-2022 ForgeRock, all rights reserved.