# Soffid Objects --- You can consult the list of Soffid attributes: 1. [User Object](https://bookstack.soffid.com/link/75#bkmrk-user-object) 2. [Account Object](https://bookstack.soffid.com/link/75#bkmrk-account-object) 3. [Group Object](https://bookstack.soffid.com/link/75#bkmrk-group-object) 4. [Role Object](https://bookstack.soffid.com/link/75#bkmrk-role-object) 5. [Grant Object](https://bookstack.soffid.com/link/75#bkmrk-grant-object) 6. [Maillist Object](https://bookstack.soffid.com/link/75#bkmrk-maillist-object) 7. [Membership Object](https://bookstack.soffid.com/link/75#bkmrk-membership-object) 8. [dispatcherService](#bkmrk-dispatcherservice) 9. [Authoritative change object](#bkmrk-%C2%A0-4) --- ## User object A user objects are maps that hold the information belonging to a single user account.
**Attribute**
**Type**
**Description**
idLonguser id
accountIdLongaccount id
accountNameStringaccount name
systemStringmanaged system (agent) name
accountDescriptionStringaccount description
activeBooleantrue if user is active
accountDisabledBooleantrue if account is diabled
mailAliasStringblank separated mails
userNameStringuser name
primaryGroupStringuser's primary group name
commentsStringuser's comments
createdOnDateuser creation date
modifiedOnDateuser last modification date
mailDomainDateuser mail domain ( email right side of @)
fullNameStringuser full name
shortNameStringuser mail name (email left side of @)
firstNameStringuser first name
lastNameStringuser last name
lastName2Stringuser second last name (when applicable)
mailServerStringmail server host name
homeServerStringhome drive server host name
profileServerStringroaming profile server host name
phoneStringuser's phone number
userTypeStringuser type
createdByStringuser name creator of this user
modifiedByStringuser name modifier of this user
secondaryGroupsList<Map<String,Object>>list of [groups](#bkmrk-group-object) the user belongs to, including primary group The attributes of the inner map are described later
attributesMap<String,String>additional user attributes
grantedRolesList<Map<String,Object>>list of [grants](#bkmrk-grant-object) directly granted to the user
allGrantedRolesList<Map<String,Object>>list of [grants](#bkmrk-grant-object) directly on indirectly granted to the user
grantedList<String>list of role names and group names directly granted to the user
allGrantedList<String>list of role names and group names directly or indirectly granted to the user
## Account object An account object holds the information belonging to an account.
**Attribute**
**Type**
**Description**
accountDescriptionStringaccount description
accountDisabledBooleantrue if account is diabled
accountIdLongaccount id
accountNameStringaccount name
allGrantedList<String>list of role names directly or indirectly granted to the user
allGrantedRolesList<Map<String,Object>>list of [grants](#bkmrk-grant-object) directly on indirectly granted to the user
attributesMap<String,String>additional account attributes
grantedList<String>list of role names directly granted to the user
grantedRolesList<Map<String,Object>>list of [grants](#bkmrk-grant-object) directly granted to the user
lastLoginCalendarlastLogin
lastPasswordUpdateCalendarlastPasswordUpdate
lastUpdateCalendarlastUpdate
passwordExpirationCalendarpasswordExpiration
passwordPolicyStringpassword policy
systemStringmanaged system (agent) name
typeAccountType"U"=user, "S"=shared, "P"=privileged, "I"=ignored
## Group object An group object holds the information belonging to a group.
**Attribute**
**Type**
**Description**
groupIdLonggroup id
nameStringgroup name
descriptionStringgroup description
parentStringparent group name
serverStringhome server host name
disabledbooleantrue if the group is disabled
accountingGroupStringgroup accounting information
typeStringgroup type
driveLetterStringhome server letter to connect to
usersList<Map<String,Object>>list of [users](#bkmrk-user-object) belonging to this group
userNamesList<String>list of user names belonging to this group
allUsersList<Map<String,Object>>list of [users](#bkmrk-user-object) directly or indirectly belonging to this group
allUserNamesList<String>list of user names either directly or indirectly grantee of this role
grantedRolesList<Map<String,Object>>list of [roles](#bkmrk-role-object) granted to this group
grantedRoleNamesList<String>list of role names granted to this group
## Role object An role object holds the information belonging to a role.
**Attribute**
**Type**
**Description**
roleIdLongrole id
systemStringmanaged system (agent) name
nameStringrole name
applicationStringapplication system name
categoryStringrole category
passwordProtectedbooleantrue if role should be password protected (where applicable)
descriptionStringRole description
wfmanagedbooleantrue if role should be displayed in self service requests
domainStringcustom domain for this role: Use com.soffid.iam.api.DomainType constants or configured custom domain
ownedRolesList<Map<String,Object>>list of[ roles granted](#bkmrk-grant-object) to this one
ownerRolesList<Map<String,Object>>list of [roles grantee](#bkmrk-grant-object) of this one
ownerGroupsList<Map<String,Object>>list of [groups](#bkmrk-group-object) grantee of this role
grantedAccountNamesList<String>list of account names directly grantee of this role
grantedAccountsList<Map<String,Object>>list of [users](#bkmrk-user-object) directly grantee of this role
allGrantedAccountNamesList<String>list of account names either directly or indirectly grantee of this role
allGrantedAccountsList<Map<String,Object>>list of [users](#bkmrk-user-object) either directly or indirectly grantee of this role
attributesMap<String,Object>role's custom attributes
## Grant object ### Grant, grantedRole & allGrantedRoles The objects grant, grantedRole and allGrantedRoles are used to assing roles to accounts and roles.
**Attribute**
**Type**
**Description**
domainValueStringgrant value (if any)
grantedRoleStringgranted role name
grantedRoleIdLonggranted role id
grantedRoleObject[role object](#bkmrk-role-object)granted role
grantedRoleSystemStringgranted role managed system (agent) name
idLonggrant id
ownerAccountStringgrantee account name
ownerAccountObject[account object](#bkmrk-account-object)grantee account
ownerGroupStringgrantee group name
ownerRoleIdStringgrantee role id
ownerRoleNameStringgrantee role name
ownerSystemStringgrantee account or role managed system name
ownerUserStringgrantee user name

By default, use the **grantedRole** object

The **grant** object adds the roles and the groups, use it only in this case

#### Examples ##### Grant Example to map a grant object (assign a role to an account):
**System attribute**
**Direction**
**Soffid attribute**
role\_name=>grantedRole
account\_name=>ownerAccount
##### GrantedRole Example to map a grantedRole object (assign a role as a child of another role):
**System attribute**
**Direction**
**Soffid attribute**
role\_name=>grantedRole
parent\_role\_name=>ownerRoleName
##### AllGrantedRoles Example to map a allGrantedRoles object in a holderGroup (assign a role to an account in a specific group):
**System attribute**
**Direction**
**Soffid attribute**
role\_name=>grantedRole
parent\_role\_name=>ownerRoleName
group\_code=>domainValue
group\_code=>holderGroup
userName=>ownerUser
## Maillist object
**Attribute**
**Type**
**Description**
idLonginternal mail list id
nameStringmail list name ( the initial part, before the @ sign)
domainStringmail list domain ( the remaining part after the @ sign)
systemStringmanaged system (agent) name
descriptionStringmail list description
usersString arrayuser names that are bound to this mail list
groupsString arraygroup names thta are subscribed to this mai list
rolesString arrayrole names that grant access to this mail list
listsString arrayNested mail lists
explodedUsersString arrayNames of the users that should be subscribed to this mail list, including the users that should be subscribed due to group or role membership
explodedUserAddressesString arrayMail addresses of any exploded User
## Membership object A membership object contains the user account information as well as the group the user belongs to.
**Attribute**
**Type**
**Description**
userNameStringUser name
userMap<String,Object>[user object](#bkmrk-user-object)
groupNameStringGroup name
groupMap<String,Object>[group object](#bkmrk-group-object)
attributesMap<String,Object>Membership custom attributes
## dispatcherService dispatcherService is an object available from agents' attribute translation rules. This object contains four methods:
**method name**
**parameters**
**result type**
**comments**
soffidToSystem[ExtensibleObject](http://www.soffid.org/doc/console/2.0.0-2/iam-common/apidocs/com/soffid/iam/sync/intf/ExtensibleObject.html) soffidObject[ExtensibleObject](http://www.soffid.org/doc/console/2.0.0-2/iam-common/apidocs/com/soffid/iam/sync/intf/ExtensibleObject.html)Uses attribute translation tables to transform a soffid object to a target system object. Mind to fill-in objectType property to use the proper object mapping
systemToSoffid[ExtensibleObject](http://www.soffid.org/doc/console/2.0.0-2/iam-common/apidocs/com/soffid/iam/sync/intf/ExtensibleObject.html) systemObject[ExtensibleObject](http://www.soffid.org/doc/console/2.0.0-2/iam-common/apidocs/com/soffid/iam/sync/intf/ExtensibleObject.html)Uses attribute translation tables to transform a target system object to a Soffid object. Mind to fill-in objectType property to use the proper object mapping
search[ExtensibleObject](http://www.soffid.org/doc/console/2.0.0-2/iam-common/apidocs/com/soffid/iam/sync/intf/ExtensibleObject.html) exampleObject[ExtensibleObject](http://www.soffid.org/doc/console/2.0.0-2/iam-common/apidocs/com/soffid/iam/sync/intf/ExtensibleObject.html)Uses the exampleObject to perform a query by example on the target system. If the object exists on the target system, it is returned. Mind to fill-in objectType property with the desired system object type
invokeString verb String action Map parameters List of MapThis method allows arbitrary executions on the target system, but it semantics can change depending on the connector used. For instance, it can be used to perform a GET on the target system in REST connector, can issue an LDAP query on ActiveDirectory connector, can execute a SELECT sentence on a SQL connector, or can execute an operating system command in Shell connector. The results are returned as a list of objects (map).
#### Examples ##### Snippet to query the sys\_id attribute for a grant owner ```Java System.out.println("Searching id for "+ownerRoleName); com.soffid.iam.sync.intf.ExtensibleObject eo = new com.soffid.iam.sync.intf.ExtensibleObject(); eo.setObjectType("ROLE"); eo{"name"} = ownerRoleName; eo = dispatcherService.search(eo); System.out.println("FOUND "+eo{"sys_id"}); return eo{"sys_id"}; ``` ##### Snippet that performs a REST query to get group to role assignments in ServiceNow ```Java list = dispatcherService.invoke ("GET", "https://arxusdev.service-now.com/api/now/table/sys_group_has_role?sysparm_exclude_reference_link=true&sysparm_display_value=all&sysparm_fields=role%2Cgroup&sysparm_query=group="+sys_id, null). get(0).get("result") r = new java.util.LinkedList(); for ( d: list) { grant = new java.util.HashMap(); grant{"grantedRole"} = d.get("role").get("display_value"); grant{"grantedRoleSystem"} = "ServiceNow"; grant{"ownerRoleName"} = name; grant{"ownerSystem"} = "ServiceNow"; r.add (grant); } return r; ``` ##### Snippet of invoke usage on a relational database ```Java // Table ITREPRT role = source{"granted"}.size() == 0 ? "" : source{"granted"}.get(0); System.out.println ("************** ROLE "+role); args = new java.util.HashMap(); args.put("user", source{"accountName"}.toUpperCase()); if (role.equals ("Receptores PR") || role.equals("Jefes_Personal")) { r = dispatcherService.invoke("select", "* from ITREPRT where IDUSER=:user", args); if (r.size() == 0) { dispatcherService.invoke("insert", "into ITREPRT(IDUSER,NOMECO) values (:user, 1)", args); } } else { dispatcherService.invoke("delete", "from ITREPRT where IDUSER=:user", args); } // TABLE MRGEUCT cc = source{"attributes"}{"dominio"}; if ( source{"userType"} .equals ("T")) { cc = source{"userName"}.substring(1); } while (cc != null && cc.startsWith("0")) cc = cc.substring(1); System.out.println ("************** COST CENTER "+cc); if (cc != null && ! cc.trim().isEmpty()) { args = new java.util.HashMap(); args.put("user", source{"accountName"}.toUpperCase()); args.put("cc", cc); r = dispatcherService.invoke("SELECT", "* from MRGEUCT where IDUSER=:user and MOARPR=:cc", args); if (r.size() == 0) { dispatcherService.invoke("INSERT", "into MRGEUCT(MOARPR,CENTRA, IDUSER, NOTIFI ) "+ "values ('II', :cc, :user, 'S')", args); dispatcherService.invoke("INSERT", "into MRGEUCT(MOARPR,CENTRA, IDUSER, NOTIFI ) "+ "values ('BM', :cc, :user, 'S')", args); dispatcherService.invoke("DELETE", "FROM MRGEUCT WHERE CENTRA!=:cc AND IDUSER=:user", args); } } return true; ``` ##### Snippet of invoke usage on a Active Directory I ```javascript hashMap = new java.util.HashMap(); list = serviceLocator.getDispatcherService().invoke("AD soffid.pat", "select", "(&(objectClass=user))", hashMap); out.println("** list.size -- " + list.size()); ``` ##### Snippet of invoke usage on a Active Directory II ```javascript ACC = source{"accountName"}; la = dispatcherService.invoke("AD soffid.pat", "(&(objectClass=user)(sAMAccountName=userName))", new java.util.HashMap()); ``` ## Authoritative change object A user objects are maps that hold the information belonging to a single user account
**Attribute**
**Type**
**Description**
idLonguser id
accountIdLongaccount id
accountNameStringaccount name
systemStringmanaged system (agent) name
accountDescriptionStringaccount description
activeBooleantrue if user is active
accountDisabledBooleantrue if account is diabled
mailAliasStringblank separated mails
userNameStringuser name
primaryGroupStringuser's primary group name
commentsStringuser's comments
createdOnDateuser creation date
modifiedOnDateuser last modification date
mailDomainDateuser mail domain ( email right side of @)
fullNameStringuser full name
shortNameStringuser mail name (email left side of @)
firstNameStringuser first name
lastNameStringuser last name
lastName2Stringuser second last name (when applicable)
mailServerStringmail server host name
homeServerStringhome drive server host name
profileServerStringroaming profile server host name
phoneStringuser's phone number
userTypeStringuser type
createdByStringuser name creator of this user
modifiedByStringuser name modifier of this user
secondaryGroupsList<Map<String,Object>>list of [groups](https://confluence.soffid.com/display/SOF/group+object) the user belongs to, including primary group The attributes of the inner map are described in the link
secondariGroups2List<Map<String,Object>>list of user [memberships](https://confluence.soffid.com/display/SOF/membership+object), excluding primary group The attributes of the inner map are described link
attributesMap<String,String>additional user attributes
grantedRolesList<Map<String,Object>>list of [grants](https://confluence.soffid.com/display/SOF/grant+object) directly granted to the user
allGrantedRolesList<Map<String,Object>>list of [grants](https://confluence.soffid.com/display/SOF/grant+object) directly on indirectly granted to the user
grantedList<String>list of role names and group names directly granted to the user
allGrantedList<String>list of role names and group names directly or indirectly granted to the user