Intro
FIM allows you to filter objects on import through filters in the connector configuration. The same functionality is not available on export. There are two methods available to provision a selected set of objects to a target system through synchronization rules. This article shortly describes these two mechanisms and also describes a third using provisioning code.
Synchronization Rules
Synchronization rules allow codeless provisioning. It also allows you control over the population of objects you want to create in a certain target system.
Triplet
The first way of doing this is by defining a set of objects, a synchronization rule, a workflow that adds the synchronization rule to an object and a Management Policy Rule (MPR) that binds them together. In the set definition you can define filters. You can select a limited population of objects by configuring the correct filter on the set.
Scoping filter
The second method defines the filter directly on the synchronization rule, so you do not need a set, workflow and MPR. You simply define the conditions the target population needs to satisfy before they can be provisioned to the target system.
Coded provisioning
Coded provisioning allows for very complex provisioning and it is also the only option on projects where you use only the Synchronization Engine. What follows is only a portion of a more complex provisioning strategy:
- Define an xml structure
- For each connector that requires filtering on export, define the filters in xml
- Make sure to use the same name for all connector configuration files and save them in their respective MaData folders
- In the provisioning code, load all configuration files
- For each object you consider for provisioning, check the filter
Sample configuration file
<Configuration>
<MaConfiguration Name="AD MA">
<Export-Filters>
<Filter Name="DepartmentFilter" IsActive="true">
<Condition Attribute="Department" Operation="Equals" IsActive="true">Sales</Condition>
</Filter>
</Export-Filters>
<MaConfiguration>
</Configuration>
Sample source code
Following code is on itself not functional, but you get an idea of how the complete implementation can look like:
private bool checkFilter(MVEntry mventry, Filter filter)
{
foreach (FilterCondition condition in filter.Conditions)
{
// Return false if one of the conditions is not true.
if (!checkCondition(mventry, condition))
{
return false;
}
}
return true;
}
private bool checkCondition(MVEntry mventry, FilterCondition condition)
{
string attributeValue = condition.Attribute;
if (mventry[attributeValue].IsPresent)
{
if (mventry[attributeValue].IsMultivalued)
{
foreach (Value value in mventry[attributeValue].Values)
{
bool? result =
condition.Operation.Evaluate(value.ToString());
if (result.HasValue)
{
return result.Value;
}
}
return condition.Operation.DefaultValue;
}
else
{
bool? result = condition.Operation.Evaluate(mventry[attributeValue].Value.ToString());
if (result.HasValue)
{
return result.Value;
}
return condition.Operation.DefaultValue;
}
}
return condition.Operation.DefaultValue;
}
