Filters specify the object classes and the attributes for which the Identity Manager engine processes events and how changes to those classes and attributes are handled.
Filters only pass events occurring on objects whose base class matches one of those classes specified by the filter. Filters do not pass events occurring on objects that are a subordinate class of a class specified in the filter unless the subordinate class is also specified. There is a separate filter setting for each channel, which allows the control of the synchronization direction and the authoritative data source for each class and attribute.
NOTE:In the Identity Vault, a base class is the object class that is used to create an entry. You must specify that class in the filter, rather than a super class from which the base class inherits or the auxiliary classes from which additional attributes might come.
For example, if the User class with the Surname and Given Name attributes is set to synchronize in the filter, the Identity Manager engine passes on any changes to these attributes. However, if the entry’s Telephone Number attribute is modified, the Identity Manager engine drops this event because the Telephone Number attribute is not in the filter.
Filters must be configured to include the following:
Attributes that are to be synchronized
Attributes that are not synchronized, but are used to trigger policies to do something
See Controlling the Flow of Objects with the Filter
in NetIQ Identity Manager - Using Designer to Create Policies for information on defining filters.