System-defined operations
IBM Verify Identity Governance includes a set of system-defined operations that implement the features of the system.
The system-defined operations are specific to the entity types. Although you can customize these operations, you cannot change the input parameter definitions, the type of operation (static or non-static), or the name of the operation. Click to access these operations in the IVIG console.
If you directly customize a system operation of an entity type, you cannot delete it and then later restore it back to the default operation. Deleting a system-defined operation for an entity type is not allowed. You must manually remove the customization.
Operations defined for entities override operations that are defined for entity types. If an operation with the same name exists for both an entity and an entity type, the entity operation is the operation that is started by the operation workflow. Because system-defined operations implement the base business processes for IVIG, exercise caution when customizing these workflows.
For example, if you have specific business process requirements, create a user-defined operation by overriding the system-defined entity type operations. The system-defined delete operation for the Account entity type deprovisions the account and permanently removes the user data from the remote system. To prevent the loss of that user data on AIX® systems, create a delete operation for AIX accounts that sends a request to the service owner of the AIX systems. The request asks them to specify whether to suspend the account or go ahead and deprovision the account. This user-defined entity operation is specific to AIX accounts. All other accounts are still managed by the system-defined entity type operation, which deprovisions the account and removes the user data from the remote system.
When you customize an entity type operation for a specific entity, a copy of the system-defined entity type operation is created. You do not change the system-defined entity type operation. If you want to return to the system-defined entity type definition, delete the entity operation that you created.
- Global
- Specifies all entity types (Account, Business Partner Person, Person).
- Account
- Specifies all account types, such as IVIG user accounts, Linux® accounts, or IVIG accounts.
- Business Partner Person
- Specifies all business partner user types, including the default business partner entity and any custom business partner entities.
- Person
- Specifies all person types, including the default Person entity and any custom Person entities.
| Operation | Description | Type |
|---|---|---|
| add | Creates a user in IVIG and enforces the policy on the new user. | Static |
| delete | Deletes a user from Identity Manager. | Nonstatic |
| modify | Modifies a user’s attributes and enforces policy on the updated user. | Nonstatic |
| restore | Restores an inactive user. | Nonstatic |
| selfRegister | Creates a user in Identity Manager and enforces policy on the new user. | Static |
| suspend | Suspends an active user. | Nonstatic |
| transfer | Transfers a user from one business unit to another and then enforces policy when the transfer is complete. | Nonstatic |
| Operation | Description | Type |
|---|---|---|
| add | Creates an account. | Static |
| changePassword | Changes the password for an account. | Nonstatic |
| delete | Deprovisions an account. | Nonstatic |
| modify | Modifies an account. | Static |
| restore | Restores an inactive account. | Nonstatic |
| suspend | Suspends an active account. | Nonstatic |