RAC/M Identity

English

Français

English

Français

Theme

Deletion of Unsynchronized Accesses in the Repository

When creating or updating each entity, a synchronization date is generated, referred to as Last Synchronization Date or named LAST_SYNC_DATE in the database schema.

This date is used to determine whether the entities were synchronized before or after the application. If an account, profile, or account-profile link has a synchronization date earlier than that of the application, these elements are considered as not detected during the import and are therefore removed from the source repository.

During integration, it is essential that applications, accounts, profiles, and profile hierarchies are copied in this order to ensure the proper functioning of the deletion module.

The ModuleCopyColumnsAndInsertSQL and ModuleDeleteNonUpdatedSinceDate modules are used to keep the access repository up to date in RACM.

Configurations are available in ModuleDeleteNonUpdatedSinceDate to control the lifecycle of accounts and groups.

WARNING

Note If, by mistake, no account is loaded into an application, RACM will not delete anything under this application by default. We can choose to terminate the account instead of deleting it, but this option is only available for accounts. For groups, only the deletion option is available.

General Rules

  • Asset APPLICATION: Must have the oldest synchronization date.
  • Profile PROFILE: Must have a more recent synchronization date than the asset.
  • Profile and Account Association APPLICATION_PROFILE: Must have a more recent synchronization date than the asset.

Deletion Criteria

  • Profile Deletion: If the profile's synchronization date is older than the asset's, the profile is deleted.
  • Account Deletion: If the account's synchronization date is older than the asset's, the account is deleted.
  • Profile Association Deletion: If the association's synchronization date is older than the asset's, the association is deleted.

Specific Cases for Logical Assets

  • If the asset's synchronization date is NULL, no deletion is performed. In this case, the logical asset will use the date of the corresponding physical asset.

Deletion Example

  1. APPLICATION Active Directory

    • Last Sync Date: 2024-05-09 05:41:39

  2. GROUP Active Directory

    • Last Sync Date: 2024-05-08 06:11:52
    • Result: The group's date is older than the asset's. Deletion will be performed.

  3. LOGICAL - ASSET

    • Last Sync Date: NULL
    • Result: The logical asset uses the date of the linked physical asset. No deletion will be performed.

  4. LOGICAL - COPY GROUP AD

    • Last Sync Date: 2024-05-08 06:11:52
    • Result: The group's date is older than the AD asset's. Deletion will be performed.

  5. LOGICAL - Account-Associated Group APPLICATION_PROFILE

    • Last Sync Date: 2024-05-08 10:13:51
    • Result: The association's date is older than the AD asset's. Deletion will be performed.

Copyright ©2011-2024 Okiok Data Ltd, All rights reserved.