Skip to content

Resource states

At any given moment, a resource has a state, that changes through its lifecycle as in the figure below.

The individual resource states are:

  • Created: the resource was created. Depending on the resource type, some manual operation might be needed for the resource to move to the Active state; for example, the Service Desk might need to communicate the initial password of a user's computing account to the account owner.
  • Active: the resource is functional.
  • Action Required: the resource's previous owner no longer had the privileges required to own the resource, so the resource was automatically reassigned to their supervisor. The resource is still functional, but the new owner needs to take an explicit action on it. The possible actions are:
  • Assign the resource to a Resource Group.
  • Archive or deleting it.
  • Inactive: the resource is functional, but has entered a grace period because its owner does no longer have the rights to own it. Unless the resource owner gets ownership rights again, at some point in the future (determined by the policies defined for the resource type) the resource will be blocked, then archived (if the service supports it) and finally deleted.
  • Blocked: the resource is blocked, and cannot be accessed. For example, a computing account might be unable to authenticate, a website might no longer be accessible and so on. Unless the resource owner gets ownership rights again, at some point in the future the resource will be archived (if the service supports it) and finally deleted.
  • Archived: the resource cannot be accessed, and it cannot be automatically recovered. The resource can still be recovered with some manual operation. Unless the resource is recovered, at some point in the future the resource will be deleted. Archived resources have an invalid name, to avoid keeping their name reserved. Please note that services do not necessarily need to support archiving.
  • Deleted: the resource is deleted, and cannot be recovered in any way. Deletion is being implemented as an explicit state so that integrated services do not risk deleting resources by mistake e.g. because of missing data from the API. Deleted resources have an invalid name, to avoid keeping their name reserved. Deleted resources will actually be deleted from the internal database at some point in the future.

Note: even when resources are in state for which they are expected to be accessible, they might still be explicitly disabled, e.g. for security reasons.

For each resource type it manages, a service can define:

  • Blocking grace period: number of days before a resource will be blocked, from the moment it becomes inactive. If not specified, the service does not support blocking.
  • Archive grace period: number of days before a resource will be archived, from the moment it becomes inactive. If not specified, the application does not support archiving.
  • Delete grace period: number of days before a resource will be deleted, from the moment it becomes inactive. If not specified, the application does not support deleting.