You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/concepts/mark/index.adoc
+9Lines changed: 9 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -355,6 +355,15 @@ Used in the same way as "Protected" when you have different reasons than for the
355
355
|Shadow object that has bad data and should be ignored by synchronization. Used in the same way as "Protected" but with a different semantic meaning.
356
356
|===
357
357
358
+
If reconciliation repeatedly fails on a subset of resource objects due to invalid or corrupted data, you can quarantine the failing shadows by applying a shadow policy mark such as _Invalid data_.
359
+
Once applied, the mark disables synchronization (inbound/outbound) and provisioning operations for those shadows.
360
+
Subsequent reconciliation runs can then skip the marked shadows (until unmarked) instead of repeatedly processing them.
361
+
362
+
This can be automated using a composite task containing two activities.
363
+
While the first activity runs a reconciliation, the second activity immediately processes only the failed objects (using `failedObjectsSelector`) and applies a mark.
364
+
After you fix the source data, remove the mark from the shadows (in Accounts/Entitlements list of a resource in GUI), and then reconcile the objects manually.
365
+
See a link:https://github.com/Evolveum/midpoint-samples/blob/master/samples/tasks/recon-task-csv-mark-invalid.xml[composite task example].
366
+
358
367
== Best practices
359
368
360
369
* Use clear and descriptive names for marks, such as "inactive", "requires-approval", or "archived".
0 commit comments