...
- Additions – Any records on IAM not matched to KIM.
- These records go through an additional check since KIM will not allow duplicates of the principal keys (id and name) so we must remove them.
- We send these records through the RemoveKimDuplicatePrincipal graph where the exiting/conflicting principal name and id have "dup" inserted thus removing the duplication and allowing the new entity to get the no-longer conflicting principal information.
- Also, we check to see if these are new principal keys for an existing entity, then we just add the new principal data.
- These records go through an additional check since KIM will not allow duplicates of the principal keys (id and name) so we must remove them.
- Deactivations – Any records on KIM not matched to IAM.
- NOTE: at this time nothing is ever deactivated unless there is a specific request, it is done manually.
- Updates – All matching records must be checked for possible updates.
...