Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:provisioning [2019/04/23 05:31] kopro [Admin guide] |
devel:documentation:provisioning [2020/08/28 11:20] (current) svandav [Admin guide] |
||
---|---|---|---|
Line 5: | Line 5: | ||
Provisioning is the propagation of entities and their attributes to managed systems. | Provisioning is the propagation of entities and their attributes to managed systems. | ||
- | In case of Identities, only those (users) with appropriate roles assigned (guaranteeing the account on the system) are provisioned. | + | In the case of Identities, only those (users) with appropriate roles assigned (guaranteeing the account on the system) are provisioned. |
Our robust provisioning implementation brings the following benefits: | Our robust provisioning implementation brings the following benefits: | ||
Line 11: | Line 11: | ||
* **Fully audited provisioning queue** - Every push operation and its result is audited, and the audit is available to admins via GUI. | * **Fully audited provisioning queue** - Every push operation and its result is audited, and the audit is available to admins via GUI. | ||
* **Retry mechanism** - Provisioning queue pushes the data into managed systems. If the system encounters any problem or is currently offline, the data stays in a queue and tries the operation again in a while when the system is available. | * **Retry mechanism** - Provisioning queue pushes the data into managed systems. If the system encounters any problem or is currently offline, the data stays in a queue and tries the operation again in a while when the system is available. | ||
- | * **Read only systems** - If the system is in a read-only mode, all operations are stored in a provisioning queue. Administrators can see changes, but nothing is sent. This is very useful for new managed system link-up, cutover, or debugging. | + | * **Read-only systems** - If the system is in a read-only mode, all operations are stored in a provisioning queue. Administrators can see changes, but nothing is sent. This is very useful for new managed system link-up, cutover, or debugging. |
* **Disabled systems** - Operations are stored in the provisioning queue, no transformation of attributes is computed as long as the system is not switched back into an enabled state. | * **Disabled systems** - Operations are stored in the provisioning queue, no transformation of attributes is computed as long as the system is not switched back into an enabled state. | ||
- | * **Asynchronous systems** - System can be switched to an asynchronous state. In that case, all operations are stored in a provisioning queue and then pulled from the queue by appropriate periodical [[devel: | + | * **Asynchronous systems** - System can be switched to an asynchronous state. In that case, all operations are stored in a provisioning queue and then pulled from the queue by appropriate periodical [[devel: |
{{ : | {{ : | ||
Line 19: | Line 19: | ||
===== Provisioning queue ===== | ===== Provisioning queue ===== | ||
- | When a system is flagged as asynchronous, | + | When a system is flagged as asynchronous, |
{{ : | {{ : | ||
Line 35: | Line 35: | ||
* [[.adm: | * [[.adm: | ||
* [[.adm: | * [[.adm: | ||
+ | * [[.adm: | ||
===== Devel guide ===== | ===== Devel guide ===== |