Name | Type | Multiplicity | Description |
---|---|---|---|
ruleName |
property string |
[0,1] | Name for the rule for which this is an exception. |
policySituation |
property anyURI |
[0,1] | Policy situation for which this is an exception. |
metadata |
container MetadataType |
[0,1] | Meta-data about data creation, modification, etc. |
Flags: RAM,runtime
Multiplicity: [0,1]
Display order:
Name for the rule for which this is an exception.
Flags: RAM,runtime
Multiplicity: [0,1]
Display order:
Policy situation for which this is an exception.
Flags: RAM,runtime,oper
Multiplicity: [0,1]
Display order:
Meta-data about data creation, modification, etc.
It may apply to objects but also parts of the object (e.g. assignments).
Meta-data only apply to successful operations. That is obvious for create, but it also applies
to modify. For obvious reasons there are no metadata about delete.
We keep no metadata about reading. That would be a huge performance hit.
Meta-data only describe the last operation of its kind. E.g. there is a record of last
modification, last approval, etc. There is no history. The last operation overwrites data
about the previous operation.
These data are informational only. They should not be used for security purposes (use auditing
subsystem for that). But presence of metadata simplifies system administration and may provide
some basic information "at the glance" which may be later confirmed by the audit logs.
Meta-data are also supposed to be searchable. Therefore they may be used to quickly find
"candidate" objects for a closer examination.