Identities

Data synchronization is a low-level, specialized process. Therefore, permissions to configure and run it should be granted carefully. The new dss_SyncReceiver Identity can receive synchronization requests and perform Item synchronization on the Destination system.

When applying synchronization requests, you must have create/update/delete permissions for Items associated with ItemTypes that come from a particular Source system. By default, dss_syncReceiver does not have these types of permissions. When preparing the Destination system for synchronization the Administrators of that system should give corresponding permissions either to the entire dss_SyncReceiver Identity or to a particular User Identity that will be used for synchronization requests from a particular Source system. Although this type of approach requires some time for manual configuration, it has the following advantages:

• It controls the amount of data that can be changed using the Synchronization API. It is only possible to modify Items associated with ItemTypes that have been specially configured for that.

• It is possible to receive synchronization requests from different Source systems on the same Destination System and ensure that they will modify different sets of Items.

Figure 3 shows a One-Source system where dss_SyncReceiver is an Alias Identity for sync request authentication User.

Figure 3.

Figure 4 shows a One Source system where Sync request authentication User Identity is a member of dss_SyncReceiver.

Figure 4.

Figure 5 shows two Source systems with different sets of synced Item types and two sync request authentication Users.

Figure 5.