IDM 7.3.0

Prevent the accidental deletion of a target system

If a source resource is empty, the default behavior is to exit without failure and to log a warning similar to the following:

[318] Feb 19, 2020 1:51:56.455 PM org.forgerock.openidm.sync.NonClusteredRecon dispatchRecon
WARNING: Cannot reconcile from an empty data source, unless allowEmptySourceSet is true.

The reconciliation summary is also logged in the reconciliation audit log.

This behavior prevents reconciliation operations from accidentally deleting everything in a target resource. In the event that a source system is unavailable but erroneously reports its status as up, the absence of source objects should not result in objects being removed on the target resource.

If you do want reconciliations of an empty source resource to proceed, override the default behavior by setting the allowEmptySourceSet property to true in the mapping. For example:

{
    "mappings" : [
        {
        "name" : "systemCsvfileAccounts_managedUser",
        "source" : "system/csvfile/account",
        "allowEmptySourceSet" : true,
        ...

When an empty source is reconciled, the data in the target is wiped out.

Prevent accidental target deletion using the admin UI

  1. From the navigation bar, click Configure > Mappings, and click the mapping to edit.

  2. Click the Advanced tab, and expand the Additional Mapping Options node.

  3. Enable Allow Reconciliations From an Empty Source.

Copyright © 2010-2023 ForgeRock, all rights reserved.