Recorded exception from a policy rule. The exceptions that are approved are recoded here to avoid re-evaluating and re-approving them all the time. This is EXPERIMENTAL functionality. It is likely to change in the near future.

Item Summary
Name	Type	Multiplicity	Description
ruleName	property string	[0,1]
policySituation	property anyURI	[0,1]
metadata	container MetadataType	[0,1]	Meta-data about data creation, modification, etc.

Items
- ruleName
  
  Flags: RAM,runtime
  
  Multiplicity: [0,1]
- policySituation
  
  Flags: RAM,runtime
  
  Multiplicity: [0,1]
- metadata
  
  Flags: RAM,runtime,oper
  
  Multiplicity: [0,1]
  
  Meta-data about data creation, modification, etc. It may apply to objects but also parts of the object (e.g. assignments).
  
  Meta-data only apply to successful operations. That is obvious for create, but it also applies to modify. For obvious reasons there are no metadata about delete. We keep no metadata about reading. That would be a huge performance hit.
  
  Meta-data only describe the last operation of its kind. E.g. there is a record of last modification, last approval, etc. There is no history. The last operation overwrites data about the previous operation.
  
  These data are informational only. They should not be used for security purposes (use auditing subsystem for that). But presence of metadata simplifies system administration and may provide some basic information "at the glance" which may be later confirmed by the audit logs.
  
  Meta-data are also supposed to be searchable. Therefore they may be used to quickly find "candidate" objects for a closer examination.