Child pages
  • All Tables
Skip to end of metadata
Go to start of metadata


Table

cm_addresses

Description

Addresses

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

street

varchar(400)

Street

X.520 via RFC 4519 organizationalPerson

 

room

varchar(64)

Room

X.520 via RFC 4519 organizationalPerson

 

locality

varchar(128)

Locality (eg: city)

X.520 via RFC 4519 organizationalPerson

 

state

varchar(128)

State or Province

X.520 via RFC 4519 organizationalPerson

 

postal_code

varchar(16)

Postal Code

X.520 via RFC 4519 organizationalPerson

 

country

varchar(128)

Country

X.521 via RFC 4519 country

 

descriptionvarchar(128)Description Added in Registry v3.1.0.

type

varchar(2)

Type of mail, as enumerated

 

When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model.

language

varchar(16)

Language encoding of this address

RFC 5646

For supported values, see lang.php

co_person_role_id

integer, foreign key

CO Person Record ID

cm_co_person_roles:id

Only one of co_person_idorg_identity_id, or co_department_id may be specified

org_identity_id

integer, foreign key

Org Identity Record ID

cm_org_identities:id

Only one of co_person_idorg_identity_id, or co_department_id may be specified

co_department_idinteger, foreign keyCO Department Record IDcm_co_departments:idOnly one of co_person_idorg_identity_id, or co_department_id may be specified. Added in Registry v3.1.0.
source_address_idinteger, foreign keyIf Pipelines are in use, the Address ID for the Org Identity Address that created this record.cm_addresses:idAdded in Registry v2.0.0.



Table

cm_api_source_records

Description

API Source Record Cache

Plugin

API Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


api_source_id

integer, foreign key

API Source ID

cm_api_sources:id


sorid

varchar(1024)

SOR Record ID



source_recordtextUnprocessed Source Record



Table

cm_api_sources

Description

API Organizational Identity Sources

Plugin

API Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


org_identity_source_id

integer, foreign key

Organizational Identity Source ID

cm_org_identity_sources:id


sor_label

varchar(32)

SOR Label



api_user_idinteger, foreign keyAPI User IDcm_api_users:idFor use in Push Mode



Table

cm_api_users

Description

API (Programmatic) Users

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_idinteger, foreign keyCO IDcm_cos:id

If co_id is 1 (COmanage CO), the API User is a Platform API User

Added Registry v3.3.0

username

varchar(50)

User (login) name



password

varchar(40)

Hashed password

SHA1, as used by CakePHP

Will be renamed api_key in Registry v5.0.0

privilegedbooleanIf this API User is a "superuser" within its CO
  • true: API User is privileged
  • false: API User is not privileged
Added Registry v3.3.0
statusvarchar(2)API User status
  • A: Active
  • S: Suspended
Added Registry v3.3.0

valid_from

datetime

API User is valid from this time

If null, valid any time through valid_through

Added Registry v3.3.0

valid_through

datetime

API User is valid through (but not past) this time

If null, valid any time from valid_from

Added Registry v3.3.0
remote_ipvarchar(80)IP addresses this API User may connect fromDefined as regular expression, or null for any IP addressAdded Registry v3.3.0


Table

cm_applications

Description

Known applications

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

name

varchar(256)

Application name

 

 

enabled

boolean

Enabled applications are available to COs

  • 0: No
  • 1: Yes

 


Table

cm_attribute_enumerations

Description

Attribute enumerations (per-CO or platform wide)

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO ID

cm_cos:id

Null when Org Identities are pooled and enumeration applies to an Org Identity attribute

attribute

varchar(80)

Attribute this enumeration applies to

Model.attribute

Only attributes that support enumerations may be used here

optvalue

varchar(128)

Enumerated option

 

 

status

varchar(2)

Type status

  • A: Active
  • S: Suspended

Suspending an enumeration does not remove any uses of it from operation records


Table

cm_authentication_events

Description

Registry authentication events

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

authenticated_identifier

varchar(256)

User (login) name

 

Should typically correlate with cm_identifiers:identifier

authentication_event

varchar(2)

Type of authentication event
  • AI: API Login
  • IN: Registry Login

 

remote_ipvarchar(40)IP address of remote connection, if known  


Table

cm_authenticator_statuses

Description

Authenticator Statuses

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

authenticator_idinteger, foreign keyAuthenticator IDcm_authenticators:id 

co_person_id

integer, foreign key

CO Person ID

cm_co_people:id

 

locked

boolean

Whether a given CO Person's Authenticator is locked

  • true: The Authenticator is locked for this CO Person
  • false: The Authenticator is not locked for this CO Person 
 


Table

cm_authenticators

Description

Authenticators

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

description

varchar(256)

Description

  

plugin

varchar(32)

Authenticator Plugin

 

 

status

varchar(2)

Status

  • A: Active
  • S: Suspended

 


Table

cm_cmp_enrollment_attributes

Description

CMP enrollment attribute configuration

  • There is no REST interface to this table since it is intended to configure the COmanage Registry UI.

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

cmp_enrollment_configuration_id

integer, foreign key

CMP Enrollment Configuration ID

cm_cmp_enrollment_configurations:id

 

attribute

varchar(80)

Organizational Identity attribute name

Attributes defined in cm_org_identities or related tables (such as cm_addresses)

 

type

varchar(2)

If attribute definition includes a type, associate this enrollment attribute with the specified type

 

 

required

integer

If the flow requires this attribute

  • 1: Required
  • 0: Not required (ie: optional)
  • -1: Not permitted

 

ldap_name

varchar(80)

Name of LDAP attribute used to populate this attribute

 

If enabled, attribute is authoritative to the originating organization. May be enabled along with saml_name.

saml_name

varchar(80)

Name of SAML attribute used to populate this attribute

 

If enabled, attribute is authoritative to the originating organization. May be enabled along with ldap_name.


Table

cm_cmp_enrollment_configurations

Description

CMP enrollment configuration

  • Although the data model permits multiple CMP enrollment configurations to be defined, COmanage Registry currently only permits one active configuration for the platform.
  • There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
  • CO enrollment flows are handled via cm_co_enrollment_flows.

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

name

varchar(128)

Configuration Name

 

 

attrs_from_ldap

boolean

Should CMP enrollment attempt to pull attributes from an organizational LDAP server before prompting for attributes?

  • true: CMP enrollment attempts to query for LDAP attributes
  • false: CMP enrollment does not query LDAP

Deprecated

attrs_from_saml

boolean

If the enrollee must authenticate, should CMP enrollment attempt to extract attributes from a SAML assertion before prompting for attributes?

  • true: CMP enrollment attempts to extract SAML attributes
  • false: CMP enrollment does not examine SAML attributes

Deprecated

attrs_from_env

boolean

Should organizational identity attributes be extracted from the server environment? (eg: those that might be set by the web server auth module.)

  • true: Accept server environment variables as a source of organizational identity
  • false: Do not accept server environment variables as a source of organizational identity

 

attrs_from_coef

boolean

Should CO enrollment flows be able to prompt for organizational identity attributes? (These attributes will be considered less authoritative than if they had been obtained via LDAP or SAML.)

  • true: CO enrollment may prompt for organizational identity attributes
  • false: CO enrollment may not prompt for organizational identity attributes

 

pool_org_identities

boolean

Should organizational identities be pooled and made available to all COs on the CMP?

  • true: All org identities are available to all COs
  • false: Org identities are only available to the CO that invoked the enrollment

See CO-193 for additional information

sponsor_enroll

boolean

Do enrollees need to have a sponsor to enroll?

  • true: must have a sponsor to enroll
  • false: sponsor not necessary

Not implemented

sponsor_active

boolean

Do enrollees need to have a sponsor to stay enrolled?

  • true: must have a sponsor to stay enrolled
  • false: sponsor not necessary

Not implemented

eds_help_urlvarchar(256)For the Shibboleth Embedded Discovery Service, the help URL to publish  
eds_preferred_idpstext(4000)For the Shibboleth Embedded Discovery Service, the entityIds to always show (one per line)  
eds_hidden_idpstext(4000)For the Shibboleth Embedded Discovery Service, the entityIds to hide (one per line)  

status

varchar(2)

Configuration status

  • A: Active
  • S: Suspended

Only one CMP configuration may be active



Table

cm_co_announcement_channels

Description

Per-CO Announcement Channels

PluginAnnouncementsWidget

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


namevarchar(128)Name

status

varchar(2)

Status

  • A: Active
  • S: Suspended

author_co_group_idinteger, foreign keyCO Group IDcm_co_groups:idMembers of this group may post to this channel
reader_co_group_idinteger, foreign keyCO Group IDcm_co_groups:idMembers of this group may read posts in this channel

publish_html

boolean

Whether this channel may render HTML

  • true: HTML may be rendered
  • false: Plain Text only



Table

cm_co_announcements

Description

Per-CO Announcements

PluginAnnouncementsWidget

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_announcement_channel_id

integer, foreign key

CO Announcement Channel ID

cm_co_announcement_channels:id


titlevarchar(256)Announcement title

bodytextAnnouncement body

valid_from

datetime

CO Announcement will be published from this time

If null, published any time through valid_through


valid_through

datetime

CO Announcement will be published through (but not past) this time

If null, published any time from valid_from


poster_co_person_idinteger, foreign keyPoster CO Person IDcm_co_people:id



Table

cm_co_announcements_widgets

Description

Per-CO Announcements Widgets configuration

PluginAnnouncementsWidget

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_dashboard_widget_id

integer, foreign key

CO Dashboard Widget Record ID

cm_co_dashboard_widgets:id


co_announcement_channel_id

integer

CO Announcement Channel ID

cm_co_announcement_channels:id


Table

cm_co_applications

Description

Per-CO configured applications

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

name

varchar(256)

Application name

 

 

provisioned

boolean

Provisioned applications are available in the CO

  • 0: No
  • 1: Yes

 


Table

cm_co_changelog_provisioner_targets

Description

Per-CO Changelog provisioning target configurations

Plugin

ChangelogProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_provisioning_target_id

integer, foreign key

CO Provisioning Target ID

cm_co_provisioning_targets:id

 

logfile

varchar(256)

Logfile to write to


 


Table

cm_co_dashboard_widgets

Description

Per-CO Dashboard Widgets

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_dashboard_id

integer, foreign key

CO Dashboard Record ID

cm_co_dashboards:id


description

varchar(256)

Description



plugin

varchar(32)

Dashboard Widget Plugin



status

varchar(2)

Status of Dashboard Widget

  • A: Active
  • S: Suspended


ordr

integer

Order widget is rendered (lower numbers = earlier)




Table

cm_co_dashboards

Description

Per-CO Dashboards

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


namevarchar(128)Name

description

varchar(128)

Description



visibilityvarchar(2)Visibility of this Dashboard
  • CA: CO Admin
  • CG: CO Group Member (of the specified visibility_co_group_id)
  • CP: CO Person
  • P: Unauthenticated (Public)

visibility_co_group_id

integer, foreign key

CO Group ID

cm_co_groups:id

If set, visibility of this Dashboard is controlled by the specified group

status

varchar(2)

Status

  • A: Active
  • S: Suspended



Table

cm_co_departments

Description

Per-CO Departments

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

cou_idinteger, foreign keyCOU Record IDcm_cous:id 
namevarchar(128)Name  

description

varchar(128)

Description

  
introductiontext(4000)Brief introduction describing department Intended for rendering in Service Portal or Department Directory

leadership_co_group_id

integer, foreign key

CO Group ID describing the leadership (eg: chairs, VPs, etc) of the Department

cm_co_groups:id

 

administrative_co_group_idinteger, foreign keyCO Group ID describing the administrators (eg: department admin) of the Departmentcm_co_groups:id 
support_co_group_idinteger, foreign keyCO Group ID describing the support staff (eg: technical or administrative assistants) of the Departmentcm_co_groups:id 


Table

cm_co_directory_permissions

Description

Per-CO restrictions on publishing of directory information

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

cm_org_person_id

integer, foreign key

Org Person Record ID

cm_org_identities:id

 

attribute

varchar(256)

Schema attribute name

Correlate to cm_co_person_roles columns

Use attribute '*' to apply to entire record

release

boolean

Released attributes are public

  • 0: No
  • 1: Yes

 


Table

cm_co_email_lists

Description

Per-CO Email Lists

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

namevarchar(256)Name  

description

varchar(256)

Description

  

admins_co_group_id

integer, foreign key

CO Group ID for list administrators

cm_co_groups:id

 

members_co_group_id

integer, foreign key

CO Group ID for list members

cm_co_groups:id

 

moderators_co_group_id

integer, foreign key

CO Group ID for list moderators

cm_co_groups:id

 

status

varchar(2)

Status

  • A: Active
  • S: Suspended

 


Table

cm_co_enrollment_attributes

Description

Per-CO enrollment flow attribute configurations

  • There is no REST interface to this table since it is intended to configure the COmanage Registry UI.

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_enrollment_flow_id

integer, foreign key

CO Enrollment Flow ID

cm_co_enrollment_flows:id

 

label

varchar(80)

Name of attribute as presented during enrollment

 

 

description

varchar(256)

Description of attribute, presented during enrollment

 

 

attribute

varchar(80)

CO Person, CO Person Role, or Org Identity attribute name

Attributes defined in cm_co_people, cm_co_person_rolescm_org_identities or related tables (such as cm_addresses), including cm_co_extended_attributes

 

type

varchar(2)

If attribute definition includes a type, associate this enrollment attribute with the specified type

 

 

required

integer

If the flow requires this attribute

  • 1: Required
  • 0: Not required (ie: optional)
  • -1: Not permitted

 

required_fields

varchar(160)

If this attribute has subfields, a comma separated list of which of those fields are required

 

Currently applies only to cm_names and cm_addresses
See also cm_co_settings

ordr

integer

Order attribute is presented (lower numbers = earlier)

 

 

hidden

boolean

Whether or not to display this attribute

  • true: Do not display this attribute
  • false: Display this attribute

Only honored when there is a non-modifiable default attribute value

copy_to_coperson

boolean

When the Petition is created, duplicate the value in the attribute from the Org Identity to the corresponding attribute in the CO Person or CO Person Role record

 

Applies only to Org Identity attributes.

ignore_authoritative

boolean

Whether or not to ignore authoritative values

  • true: Ignore authoritative values for this attribute
  • false: Allow authoritative values for this attribute

Deprecated, to be removed in Registry v4.0.0

default_envvarchar(80)If specified, the value held in this environment variable will be used as a default value for this attribute Added in Registry v3.1.0
loginbooleanFor attributes of type Identifier, whether or not to flag the Identifier as able to login to Registry
  • true: Identifier can be used to login to Registry
  • false: Identifier cannot be used to login to Registry
Correlates to cm_identifiers:login

language

varchar(16)

Language encoding of this attributes

RFC 5646

For supported values, see lang.php


Table

cm_co_enrollment_attribute_defaults

Description

Default values for CO enrollment flow attributes configuration

  • There is no REST interface to this table since it is intended to configure the COmanage Registry UI.

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_enrollment_attribute_id

integer, foreign key

CO Enrollment Flow ID

cm_co_enrollment_attributes:id

 

affiliation

varchar(32)

This default value applies when the enrollment CO Person Role affiliation matches

cm_co_person_roles:affiliation

Not yet implemented (CO-626)

value 

varchar(80)

Default value for this attribute

  • For all types except dates, default value
  • For dates
    • YYYY-MM-DD: Exact date
    • MM-DD: Next MM-DD
    • +#: # days from today

 

modifiable

boolean

Whether or not the Petitioner may change the default value when the petition is created

  • true: Value may be changed
  • false: Value may not be changed

 



Table

cm_co_enrollment_authenticators

Description

Authenticators attached to Enrollment Flows

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_enrollment_flow_id

integer, foreign key

CO Enrollment Flow ID

cm_co_enrollment_flows:id


authenticator_id

integer, foreign keyAuthenticator ID

cm_authenticators:id


required

integer

Whether establishing this Authenticator is required

  • 1: Required
  • 0: Not required (ie: optional)
  • -1: Not permitted




Table

cm_co_enrollment_flows

Description

Per-CO enrollment flow configurations

  • There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
  • CO enrollment flows are subject to the CMP enrollment configuration (cm_cmp_enrollment_configurations).

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

name

varchar(128)

Flow Name

 

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

authz_level

varchar(2)

Authorization required to execute this enrollment flow

  • A: CO or COU admin (administrator enrollment)
  • N: No authorization required (open, self enrollment)
  • CA: CO admin (administrator enrollment)
  • CG: Member of specified CO group (self or delegated enrollment)
  • CP: CO Person (self or delegated enrollment)
  • UA: COU admin (administrator enrollment)
  • UP: CO Person in specified COU (self or delegated enrollment)

 

authz_cou_id

integer, foreign key

COU Record ID when authz_level is UA or UP

cm_cous:id

 

authz_co_group_id

integer, foreign key

CO Group Record ID when authz_level is CG

cm_co_groups:id

 

my_identity_shortcutbooleanWhether a link to this flow should be rendered in the "My Identity" menu
  • true: Render a link
  • false: Do not render a link
Added Registry v3.2.0
co_pipeline_idinteger, foreign keyCO Pipeline to run for Org Identities created using this Flowcm_co_pipelines:id 

match_policy

varchar(2)

Policy for matching against existing CO People

  • A: Advisory (suggestions are provided but not automatically selected)
  • M: Automatic (where possible, automatically perform matching)
  • N: None (no matching performed)
  • P: Select ("Pick" from existing CO People)
  • S: Self (can only re-enroll self)

 

approval_required

boolean

Is approval required before any provisioning may occur?

  • true: Approval required
  • false: Approval not requested

Approvers defined by CO:admin.approvers or CO:admin.approvers:COU group membership

approver_co_group_id

integer, foreign key

CO Group Record ID for group whose members are authorized to approve petitions created by this flow

cm_co_groups:id

 

verify_email

boolean

Do org identity email addresses need to be verified?

  • true: Verification required
  • false: Verification not requested

Verification sends an email to the address with a URL

Deprecated as of v2.0.0, use email_verification_mode instead

email_verification_modevarchar(2)If/how org identity email addresses should be verified
  • A: Automatic
  • R: Review
  • X: None

Added in v2.0.0

See also Email Verification

invitation_validity

integer

For invitations used to verify email addresses, the length of time (in minutes) the invitation is valid for

 

See also cm_co_settings

require_authn

boolean

Is the authentication required by the enrollee?

  • true: Approval required
  • false: Approval not requested

 

notification_co_group_id

integer, foreign key

CO Group Record ID whose members will be notified when petitions generated from the enrollment flow trigger certain events

cm_co_groups:id

 

status

varchar(2)

Configuration status

  • A: Active
  • S: Suspended

 

notify_from

varchar(256)

Address to send notifications from

RFC 5322 Address

Used in coinvite as source email address when sending out notifications

verification_template_idinteger, foreign keyTemplate for verification emailcm_co_message_templates:id 

verification_subject

varchar(256)

Subject for verification email

 

Deprecated as of v2.0.0, use message templates instead

verification_body

text(4000)

Body for verification email

 

Deprecated as of v2.0.0, use message templates instead

notify_on_approval

boolean

Notify the enrollee on Petition approval?

  • true: Notification is sent
  • false: Notification is not sent

As of v3.3.0, also triggers notification on denial

approval_template_idinteger, foreign keyTemplate for approval emailcm_co_message_templates:id 

approval_subject

varchar(256)

Subject for approval email

 

Deprecated as of v2.0.0, use message templates instead

approval_body

text(4000)

Body for approval email

 

Deprecated as of v2.0.0, use message templates instead

denial_template_idinteger, foreign keyTemplate for denial emailcm_co_message_templates:id
notify_on_finalizebooleanNotify the enrollee on Petition finalization?
  • true: Notification is sent
  • false: Notification is not sent
 
finalization_template_idinteger, foreign keyTemplate for finalization emailcm_co_message_templates:id 

introduction_text

text(4000)

Introductory text displayed at the top of a Petition form

 

 

conclusion_text

text(4000)

Conclusion text displayed at the bottom of a Petition form

 

 

t_and_c_mode

varchar(2)

Terms and Conditions mode

  • EC: Explicit Consent
  • IC: Implied Consent
  • S: Splash Page after enrollment
  • X: Ignore T&C during enrollment

 

redirect_on_submit

varchar(256)

After a Petition is submitted, a URL (relative or absolute) to redirect the browser to

 

 

redirect_on_confirm

varchar(256)

After the email address associated with a Petition is confirmed, a URL (relative or absolute) to redirect the browser to

 

 

redirect_on_finalizevarchar(256)After a Petition is finalized, a URL (relative or absolute) to redirect the browser to Added in v3.1.0
return_url_whitelisttext(4000)Newline separated list of regular expressions representing permitted values to be passed into the petition as a URL to redirect to after the Petition is finalized Added in v3.1.0

ignore_authoritative

boolean

Whether or not to ignore authoritative values

  • true: Ignore authoritative values for all attributes in this enrollment flow
  • false: Allow authoritative values for this attribute (subject to per-attribute override)

 

duplicate_modevarchar(2)How to handle a detected duplicate enrollment
  • C: Create a new role if in a different COU
  • D: Flag as duplicate
  • R: Create a new role
 
co_theme_idinteger, foreign keyTheme to use when executing this Enrollment Flowcm_co_themes:idAdded v2.0.0
establish_authenticatorsbooleanWhether to establish authenticators as part of enrollment
  • true: Establish authenticators, as per configuration
  • false: Do not establish authenticators
Added v3.3.0


Table

cm_co_enrollment_sources

Description

Organizational Identity Sources attached to Enrollment Flows

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_enrollment_flow_id

integer, foreign key

CO Enrollment Flow ID

cm_co_enrollment_flows:id


org_identity_source_id

integer, foreign keyOrg Identity Source ID

cm_org_identity_sources:id


org_identity_mode

varchar(2)

Enrollment Source Mode

  • N: None
  • OA: Authenticate
  • OC: Claim
  • OI: Identify
  • OS: Search
  • SL: Select
  • SR: Search, Required


verify_family_namebooleanWhether to verify the family name when creating an Org Identity from this Enrollment Source
Added in Registry v3.2.0

ordr

integer

Order attribute is presented (lower numbers = earlier)




Table

cm_co_expiration_policies

Description

Per-CO expiration policies

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

description

varchar(256)

Description

 

 

status

varchar(2)

Expiration policy's status

  • A: Active
  • S: Suspended

 

cond_cou_id

integer, foreign key

COU this expiration policy applies to

cm_cous:id

Conditions are AND'd together

cond_affiliation

varchar(32)

Affiliation this expiration policy applies to

cm_co_person_roles:affiliation

 

cond_before_expiry

integer

Number of days prior to expiration from which this policy will apply

 

Policy continues to apply until role valid_through

cond_after_expiry

integer

Number of days after expiration at which point this policy will apply

 

 

cond_countintegerNumber of times this policy will be appliedcm_co_expiration_counts:expiration_countSince v1.1.0

cond_status

varchar(2)

Status this expiration policy applies to

cm_co_person_roles:status

 

cond_sponsor_invalid

boolean

If true, this expiration policy applies to CO Person Roles sponsored by a CO Person who is no longer Active

 

 

act_affiliation

varchar(32)

CO Person Roles matching this expiration policy will be set to this affiliation, if defined

cm_co_person_roles:affiliation

 

act_clear_expiry

boolean

CO Person Roles matching this expiration policy will have their valid_through date cleared, if true

 

 

act_cou_id

integer, foreign key

CO Person Roles matching this expiration policy will be moved to tis COU, if set

cm_cous:id

 

act_notify_co_admin

boolean

If true, the CO Administrator(s) will be notified when this expiration policy matches

 

 

act_notify_cou_admin

boolean

If true, the COU Administrator(s) will be notified when this expiration policy matches

 

 

act_notify_co_group_id

integer, foreign key

If true, the members of the specified CO Group will be notified when this expiration policy matches

cm_co_groups:id

 

act_notify_co_person

boolean

If true, the CO Person attached to the matching CO Person Role will be notified when this expiration policy matches

 

 

act_notify_sponsorbooleanIf true, the Sponsor attached to the matching CO Person Role will be notified when this expiration policy matches  
act_notification_template_idinteger, foreign keyTemplate for notification emailcm_co_message_templates:id 

act_notification_subject

varchar(256)

Subject for notification email

 

Deprecated, use message templates instead

act_notification_body

text

Body for notification email

 

Deprecated, use message templates instead


Table

cm_co_extended_attributes

Description

Per-CO extended attribute definitions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

name

varchar(64)

Database column name for attribute

 

 

display_name

varchar(64)

Display name for attribute

 

 

type

varchar(32)

Database type for attribute

  • INTEGER
  • TIMESTAMP
  • VARCHAR(32)

Once set, type cannot be changed

index

boolean

Create database index for attribute

  • true: Index
  • false: Do not index

 


Table

cm_co_extended_types

Description

Per-CO attribute custom type configurations

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO ID

cm_cos:id

 

attribute

varchar(32)

Attribute this type name applies to

 

Only attributes that support extended types may be used here.

name

varchar(32)

Database value for type

 

As used by

display_name

varchar(64)

Display name for type

 

 

edupersonaffiliation

varchar(32)

Optional mapping to eduPersonAffiliation

eduPerson

Applies only when attribute is CoPersonRole.affiliation

status

varchar(2)

Type status

  • A: Active
  • S: Suspended

A deleted status cannot exist in any active attribute. A suspended status cannot be added to any new or updated attributes, but may continue to be used by existing active attributes.


Unable to render {include} The included page could not be found.


Table

cm_co_github_provisioner_targets

Description

Per-CO GitHub provisioning target configurations

Plugin

GithubProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_provisioning_target_id

integer, foreign key

CO Provisioning Target ID

cm_co_provisioning_targets:id

 

github_user

varchar(80)

GitHub username

 

Account must have admin privileges for the GitHub Organization to be managed

github_org

varchar(80)

GitHub organization name

 

GitHub Organization to be managed

client_id

varchar(80)

Client ID as returned by GitHub

 

Provided at registration

client_secret

varchar(80)

Client secret as returned by GitHub

 

Provided at registration

access_token

varchar(80)

Access token as returned by GitHub

 

 

provision_group_members

boolean

Whether the provisioner should provision CO Group Memberships to GitHub Team Memberships

 

 

remove_unknown_members

boolean

Whether the provisioner should remove unknown GitHub Team Members

 

 

provision_ssh_keys

boolean

Whether the provisioner should provision SSH Keys to GitHub

 

Not currently implemented



Table

cm_co_groups

Description

Per-CO group definitions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


cou_idinteger, foreign keyCOU Record IDcm_cous:idAdded v2.0.0. Initially intended for special groups, may be used for manual groups in the future.

name

varchar(128)

Group name



description

varchar(256)

Description



open

boolean

An open group allows anyone to self-subscribe

  • true: Open
  • false: Closed


status

varchar(2)

Group's status within CO

  • A: Active
  • S: Suspended


group_typevarchar(2)Group Type
  • A: Admins
  • M: All Members
  • MA: Active Members
  • S: Standard
Added v2.0.0.
autobooleanAutomatic Group
  • true: Group is automatically managed
  • false: Group is manually managed
Added v2.0.0.



Table

cm_co_group_members

Description

Per-CO group memberships

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_group_id

integer, foreign key

CO Group Record ID

cm_co_groups:id


co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id


member

boolean

Person is a member of the group

  • true: Member
  • false: Not a member


owner

boolean

Person is an owner of the group

  • true: Owner
  • false: Not an owner


valid_from

datetime

CO Group Membership is considered valid from this time

If null, valid any time through valid_through

Added in v3.2.0

valid_through

datetime

CO Group Membership is considered valid through (but not past) this time

If null, valid any time from valid_from

Added in v3.2.0
source_org_identity_idinteger, foreign keyIf Pipelines are in use, the Org Identity ID of record that created this Group Membershipcm_org_identities:id
co_group_nesting_idinteger, foreign keyIf set, this membership was created via a Nested Group and cannot be manually editedcm_co_group_nestings:idAdded in v3.3.0


Table

cm_co_group_ois_mappings

Description

Per-CO mappings from OIS records to group memberships

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

org_identity_source_id

integer, foreign key

Org Identity Source ID

 
attributevarchar(80)OIS attribute to examine  

comparison

varchar(4)

Comparison to perform

  • CTI: Contains (case insensitive)
  • CTS: Contains
  • EQI: Equals (case insensitive)
  • EQS: Equals
  • NCT: Does not contain
  • NCTI: Does not contain (case insensitive)
  • NEQ: Does not equal
  • NEQI: Does not equal (case insensitive)
  • REGX: Regular Expression Match

 

patternvarchar(80)Pattern to match against  
co_group_idnteger, foreign keyFor match strategy of Email Address or Identifier, the type of the email address or identifier to use for matchingcm_co_extended_types:name 


Table

cm_co_homedir_provisioner_targets

Description

Per-CO Home Directory provisioning target configurations

Plugin

HomedirProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_provisioning_target_id

integer, foreign key

CO Provisioning Target ID

cm_co_provisioning_targets:id

 



Table

cm_co_identifier_assignments

Description

Per-CO rules for identifier assignment

  • There is currently no REST interface to this table.

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO ID

cm_cos:id


identifier_type

varchar(32)

Type of identifier

cm_identifiers:type

A given identifier type may be used more than once

email_type

varchar(32)

Type of email address to assign, if identifier_type is email

cm_email_addresses:type

If not blank and identifier type to be assigned is email, then an entry in cm_email_addresses will also be created, of this type

description

varchar(256)

Description



login

boolean

Registry login flag


Will be used to populate cm_identifiers:login

algorithm

varchar(2)

Algorithm to use to assign this identifier

  • R: Random assignment
  • S: Sequential assignment


format

varchar(256)

Format to use for this identifier



permitted

varchar(2)

Valid characters permitted to substitute into format

  • AD: Alphanumeric characters, dot, dash, and underscore
  • AL: All characters
  • AN: Alphanumeric characters
  • AQ: Alphanumeric characters, dot, dash, underscore, and apostrophe (single quote)


minimum

integer

Minimum value to assign (for numeric identifiers). For sequential, this is the first number to assign.



maximum

integer

Maximum value to assign. For sequential, if this number is reached identifier assignment will fail.



collision_resolution

varchar(64)

Collision resolution mechanism


Not implemented

exclusions

varchar(8)

Characters and words to avoid in assignments

  • C: Confusing (0 vs O, 1 vs l)
  • O: Offensive
  • S: Superstitions (4, 13, etc)

Not implemented

ordr

integer

Order identifier assignment is run (lower numbers = earlier)


Added v3.3.0


Table

cm_co_identifier_validators

Description

Per-CO identifier validators

  • There is currently no REST interface to this table.

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO ID

cm_cos:id

 

description

varchar(256)

Description

 

 

plugin

varchar(32)

Identifier Validator plugin

 

 

co_extended_type_id

integer, foreign key

Extended Type this plugin is configured to validate

cm_co_extended_types:id

Only EmailAddresses and Identifiers are supported

status

varchar(2)

Status of Identifier Validator

  • A: Active
  • S: Suspended

 


Table

cm_co_invites

Description

Per-CO invitations to join

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

 

mail

varchar(256)

Email address invited

cm_email_addresses:mail

Copied rather than linked since the linked reference could change

email_address_id

integer, foreign key

Email Address ID to confirm

cm_email_addresses:id

If set, the invite is intended to verify the linked email address

invitation

varchar(16)

Randomly generated activation key

 


expires

datetime

Time at which invitation is no longer valid

 

 


Table

cm_co_job_history_records

Description

Per-CO Job History Records

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_job_id

integer, foreign key

CO Job Record ID

cm_co_jobs:id

 

record_key

varchar(64)

Record key associated with Job and Job Type

 

 

co_person_idinteger, foreign keyCO Person ID this record applies tocm_co_people:id 
org_identity_idinteger, foreign keyOrg Identity ID this record applies tocm_org_identities:id 

comment

varchar(256)

Description of the job task associated with this job history record

 

 

statusvarchar(2)Status of the job task associated with this job history record
  • GO: In Progress
  • OK: Complete
  • Q: Queued
  • X: Failed
 



Table

cm_co_jobs

Description

Per-CO Job Records

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


job_type

varchar(32)

Job Type

  • Plugin Name
  • EX: Expiration
  • OS: Org Identity Sync

Plugin name added as of Registry v3.3.0. Enum style values deprecated, will be removed in v4.0.0

job_type_fkintegerForeign key value associated with Job Type

eg: cm_org_identity_sources:id

Deprecated, will be removed in Registry v4.0.0

job_modevarchar(16)Job Type-specific mode

job_paramstext(4000)JSON encoded list of parameters to pass to the Job plugin

Added in Registry v3.3.0

Although this is a json document, native json types are not used since they are only available in relatively new versions of the RDBMSs. Also, ADOdb schema support for the json type is limited.

status

varchar(2)

Job Status

  • GO: InProgress
  • OK: Complete
  • Q: Queued
  • X: Failed


register_summaryvarchar(256)Summary description for status at time of job registration

start_summaryvarchar(256)Summary description for status at time of job start

finish_summaryvarchar(256)Summary description for status at time of job completion

queue_timetimestampTime Job was queued

start_timetimestampTime Job was started

complete_timetimestampTime Job was completed

percent_completeintegerFor In Progress Jobs, percent complete
Added in Registry v3.3.0


Table

cm_co_ldap_provisioner_attributes

Description

Per-CO per-LDAP target attribute grouping definitions

Plugin

LdapProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_ldap_provisioner_target_id

integer, foreign key

CO LDAP Provisioner Target ID

cm_co_ldap_provisioner_targets:id

 

grouping

varchar(80)

Grouping of LDAP attributes

 

eg: "Address" includes street, l, st, and postal_code

type

varchar(32)

When populating attributes within this grouping, the type to use (or use all types if null/empty)

 

 


Table

cm_co_ldap_provisioner_attributes

Description

Per-CO per-LDAP target attribute definitions

Plugin

LdapProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_ldap_provisioner_target_id

integer, foreign key

CO LDAP Provisioner Target ID

cm_co_ldap_provisioner_targets:id

 

attribute

varchar(80)

LDAP attribute name

 

 

objectclass

varchar(80)

Associated object class

 

Some attributes can occur in more than one object class (eg: cn can appear in person and groupOfNames)

type

varchar(32)

For attributes populated from typed sources, the type to use (or null/empty for all types)

 

 

export

boolean

If true, export this attribute

 

 

use_org_value

boolean

If true, use the appropriate Organizational Identity value instead of the CO Person value

 

Only applies to supported models (currently Identifier)


Table

cm_co_ldap_provisioner_dns

Description

Per-CO per-LDAP target DN map

Plugin

LdapProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_ldap_provisioner_target_id

integer, foreign key

CO LDAP Provisioner Target ID

cm_co_ldap_provisioner_targets:id

 

co_person_id

integer, foreign key

CO Person ID

cm_co_people:id

 

dn

varchar(256)

Assigned Distinguished Name

RFC 4514

 


Table

cm_co_ldap_provisioner_targets

Description

Per-CO LDAP provisioning target configurations

Plugin

LdapProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_provisioning_target_id

integer, foreign key

CO Provisioning Target ID

cm_co_provisioning_targets:id


serverurl

varchar(256)

URL describing LDAP server to provision

RFC 4516

Use to describe hostname, port, and SSL (use ldaps scheme for SSL)

binddn

varchar(128)

DN to bind as

RFC 4514


password

varchar(64)

Password to bind with

RFC 4513

This column should be encrypted

basedn

varchar(128)

Base DN to provision People entries under

RFC 4514


dn_attribute_name

varchar(32)

When constructing the DN, the attribute name to use for the unique component

RFC 4514


dn_identifier_type

varchar(32)

When constructing the DN, the indentifier type to use to populate the attribute value for the unique component

cm_identifiers:type


group_basedn

varchar(128)

Base DN to provision Group entries under

RFC 4514


person_ocsvarchar(256)Additional objectclasses to attach to a person recordRFC 4512Added v1.0.3
group_ocsvarchar(256)Additional objectclasses to attach to a group recordRFC 4512Added v1.0.3

attr_opts

boolean

Enable attribute option support

RFC 4512

Added v3.2.0

scope_suffixvarchar(128)For eduPerson attributes requiring scope, the scope to appendeduPersonAdded v2.0.0
unconf_attr_modevarchar(2)How to handle unconfigured attributes within a schema
  • I: Ignore
  • R: Remove
Added v2.0.0

oc_eduperson

boolean

Enable eduPerson schema support

eduPerson


oc_edumember

boolean

Enable eduMember schema support

eduMember


oc_groupofnames

boolean

Enable groupOfNames schema support

RFC 4519


oc_vopersonbooleanEnabled voPerson schema supportvoPersonAdded v3.2.0


Table

cm_co_localizations

Description

Per-CO text localizations

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

lkey

varchar(40)

Text key

Corresponds to key in $cm_texts (lang.php)


language

varchar(16)

Language rendering for this key

Corresponds to $cm_lang (lang.php)

 

text

varchar(256)

Localization to replace the default text

 

 


Table

cm_co_mailman_lists

Description

Per-CO Mailman lists

Plugin

MailmanProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_mailman_provisioner_target_id

integer, foreign key

CO Mailman Provisioner Target ID

cm_co_mailman_provisioner_targets:id

 

co_email_list_id

integer, foreign key

CO Email List ID

cm_co_email_lists:id

 

mailman_list_identifier

varchar(128)

Identifier assigned by Mailman for this CO Email List

 

 


Table

cm_co_mailman_provisioner_targets

Description

Per-CO Mailman provisioning target configurations

Plugin

MailmanProvisioner

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_provisioning_target_id

integer, foreign key

CO Provisioning Target ID

cm_co_provisioning_targets:id

 

serverurl

varchar(256)

URL for Mailman REST Admin server

 

 

adminuser

varchar(128)

Administrator user name

 

 

password

varchar(64)

Administrator password

 

This column should be encrypted

domain

varchar(128)

Mailman domain for this provisioner to manage

 

 

pref_email_type

varchar(32)

If specified, the email address type that will be used as a subscriber's preferred address

cm_email_addresses:type

 



Table

cm_co_message_templates

Description

Per-CO Message Templates

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO ID

cm_cos:id

 

description

varchar(256)

Description of this message template

 

 

contextvarchar(2)Message context
  • EA: Enrollment Approval
  • EV: Enrollment Verification
  • XN: Expiration Notification
As of v3.3.0, EA templates are also available for denial messages

cc

varchar(256)

Comma separated list of addresses to cc

 

 

bcc

varchar(256)

Comma separated list of addresses to bcc

 

 

message_subjectvarchar(256)Message subject  
message_bodytextMessage body  

status

varchar(2)

Template status

  • A: Active
  • S: Suspended

A suspended template cannot be added to new contexts.


Table

cm_co_name_identifier_assignments

Description

Per-Identifier tracking of assigned name-based sequences
This table is obsolete

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_identifier_assignment_id

integer, foreign key

CO Identifier Assignment ID

cm_co_identifier_assignments:id

 

sequence

varchar(256)

Name-based sequence

 

eg: pat.q.lee or pql

last

integer

Last value used to assign this identifier

 

 


Table

cm_co_notifications

Description

Per-CO text notifications

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

subject_co_person_id

integer, foreign key

CO Person Record ID this notification is about

cm_co_people:id

 

actor_co_person_id

integer, foreign key

CO Person Record ID this notification is from

cm_co_people:id

 

recipient_co_person_id

integer, foreign key

CO Person Record ID this notification was sent to

cm_co_people:id

Either this or recipient_co_group_id is required

recipient_co_group_id

integer, foreign key

CO Group Record ID this notification was sent to

cm_co_groups:id

Either this or recipient_co_person_id is required; Any member of the group may acknowledge or resolve the notification

resolver_co_person_id

integer, foreign key

CO Person Record ID this notification was resolved (acknowledged, canceled, resolved) by

cm_co_people:id

 

action

varchar(4)

Machine readable transaction code

As defined in ActionEnum

Local notifications should be identified with an action code beginning with the letter 'X'

comment

varchar(256)

Human readable transaction description

 

 

source_url

varchar(160)

URL associated with this notification, for more information or followup action

 

Either this or the set of source_controller,action,id is required

source_controller

varchar(80)

Cake controller, along with source_action, source_id, source_arg0, and source_val0, associated with this notification, for more information or followup action

 

Either this or source_url is required

source_action

varchar(80)

See source_controller

 

 

source_id

integer

See source_controller

 

 

source_arg0

varchar(80)

See source_controller

 

 

source_val0

varchar(80)

See source_controller

 

 

email_subject

varchar(256)

Subject used for email sent as part of this Notification

 

 

email_body

text

Message body used for email sent as part of this Notification

 

 

resolution_subject

varchar(256)

Subject used for email sent when this Notification is resolved

 

 

resolution_body

text

Message body used for email sent when this Notification is resolved

 

 

status

varchar(2)

Notification status

  • A: Acknowledged
  • D: Deleted
  • PA: Pending Acknowledgment
  • PR: Pending Resolution
  • R: Resolved
  • X: Canceled (by actor)

 

notification_time

timestamp

Time of most recent notification delivery

 

Email notifications may be re-delivered, full history available via history records

resolution_time

timestamp

Time of acknowledgment or resolution

 

 


Table

cm_co_notifications_widgets

Description

Per-CO Notifications Widgets configuration

PluginNotificationsWidget

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_dashboard_widget_id

integer, foreign key

CO Dashboard Widget Record ID

cm_co_dashboard_widgets:id


max_notifications

integer

Maximum number of notifications to render




Table

cm_co_nsf_demographics

Description

Demographics for statistics

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_person_id

integer, foreign key

CO Person ID

cm_co_people:id

 

gender

varchar(2)

self-asserted gender

  • M: Male
  • F: Female

 

citizenship

varchar(2)

self-asserted citizenship

 

ethnicity

varchar(2)

self-asserted ethnicity, may have multiple values selected

  • H: Hispanic or Latino - a person of Mexican, Puerto Rican, Cuban, South or Central American, or other Spanish culture or origin, regardless of race.
  • N: Not Hispanic or Latino

 

race

varchar(5)

self-asserted race, may have multiple values selected

  • A: Asian - a person having origins in any of the original peoples of the Far East, Southeast Asia, or the Indian subcontinent including, for example, Cambodia, China, India, Japan, Korea, Malaysia, Pakistan, the Philippine Islands, Thailand, and Vietnam.
  • I: American Indian or Alaskan Native - a person having origins in any of the original peoples of North and South America (including Central America), and who maintains tribal affiliation or community attachment.
  • B: Black or African American - a person having origins in any of the black racial groups of Africa.
  • N: Native Hawaiian or Pacific Islander - a person having origins in any of the original peoples of Hawaii, Guan, Samoa, or other Pacific Islands
  • W: White - a person having origins in any of the original peoples of Europe, the Middle East, or North Africa.

 

disability

varchar(4)

self-asserted disability, may have multiple values selected

  • H: Hearing Impaired 
  • V: Visual Impaired 
  • M: Mobility/Orthopedic Impairment 
  • O: Other Impairment

 


Table

cm_co_org_identity_links

Description

Link from CO person role to Org identity

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

 

org_identity_id

integer, foreign key

Organization Person Record ID

cm_org_identities:id

 



Table

cm_co_people

Description

Per-CO People

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO ID

cm_cos:id


timezonevarchar(80)Person's preferred timezoneIANA Timezone Database
date_of_birthdatePerson's date of birth
Added in Registry v3.3.0

status

varchar(2)

Person's status within CO

    • A: Active
    • C: Confirmed
    • D: Deleted
    • D2: Duplicate
    • GP: Grace Period
    • I: Invited
    • N: Denied
    • P: Pending
    • PA: Pending Approval
    • PC: Pending Confirmation
    • S: Suspended
    • X: Declined
    • XP: Expired
    • Y: Approved




Table

cm_co_person_roles

Description

Per-CO person roles

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_person_id

integer, foreign key

CO Person ID

cm_co_people:id


sponsor_co_person_id

integer, foreign key

CO Person ID of Sponsor for continued membership

cm_co_people:id

not necessarily the same as the enrollment sponsor in cm_co_petitions

cou_id

integer, foreign key

COU ID

cm_cous:id


affiliation

varchar(8)

Broad affiliation to CO

eduPerson person

Extended Type

title

varchar(128)

Title at CO

X.520 via RFC 4519 person


o

varchar(128)

CO

X.520 via RFC 4519 person


ou

varchar(128)

Departmental affiliation at CO

X.520 via RFC 4519 person


valid_from

datetime

Person Role is valid member of CO from this time

If null, valid any time through valid_through


valid_through

datetime

Person Role is valid member of CO through (but not past) this time

If null, valid any time from valid_from


ordrintegerOrder/Rank/Priority of this Person Role
Added in Registry v3.2.0

status

varchar(2)

Person's Role status within CO

  • A: Active
  • C: Confirmed
  • D: Deleted
  • D2: Duplicate
  • GP: Grace Period
  • I: Invited
  • N: Denied
  • P: Pending
  • PA: Pending Approval
  • PC: Pending Confirmation
  • S: Suspended
  • X: Declined
  • XP: Expired
  • Y: Approved


source_org_identity_idinteger, foreign keyIf Pipelines are in use, the Org Identity ID of record that created this Person Rolecm_org_identities:id


Table

cm_co_person_sources

Description

Link from CO person role to Org identity
This table is obsolete

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO ID

cm_cos:id

 

co_person_id

integer, foreign key

CO Person Record ID

cm_co_person_roles:id

 

cou_id

integer, foreign key

COU ID

cm_cous:id

 

org_person_id

integer, foreign key

Organization Person Record ID

cm_org_identities:id

 


Table

cm_co_petition_attributes

Description

Per-CO enrollment petition attributes

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_petition_id

integer, foreign key

CO Petition Record ID

cm_co_petitions:id

 

co_enrollment_attribute_id

integer, foreign key

CO Enrollment Attribute Record ID

cm_co_enrollment_attributes:id

 

attribute

varchar(80)

Name of this attribute

 

A single co_enrollment_attribute_id can point to more than one attribute, since (eg) the enrollment attribute 'Name' actually has several attributes (given, middle, surname, etc)

value

varchar(160)

Value of this attribute requested for this Petition

 

Note values are cast to varchar.

attribute_foreign_key

integer

Row identifier of this value in the table described by co_enrollment_attribute_id

 

The intent of this column is to link the attribute stored in the petition to the table that implements the production value. This linkage is primarily intended for the early part of the petition lifecycle, eg: to edit a petition. There is no referential integrity enforced on this column, and over time the foreign keys may become invalid.


Table

cm_co_petition_history_records

Description

Per-CO enrollment petition history records

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_petition_id

integer, foreign key

CO Petition Record ID

cm_co_petitions:id

 

actor_co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

Person who triggered the action

action

varchar(4)

Machine readable transaction code

  • PY: Petition approved
  • PC: Petition created
  • PX: Petition declined
  • PN: Petition denied

 

comment

varchar(160)

Human readable comment

 

 



Table

cm_co_petitions

Description

Per-CO enrollment petitions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_enrollment_flow_id

integer, foreign key

CO Enrollment Flow Record ID

cm_co_enrollment_flows:id

Enrollment Flow controlling this Petition

co_id

integer, foreign key

CO Record ID

cm_cos:id

Same as co_enrollment_flow:co_id, repeated here to make retrieval by CO easier

cou_id

integer, foreign key

COU Record ID

cm_cous:id

 

enrollee_org_identity_id

integer, foreign key

Org Identity Record ID

cm_org_identities:id

Populated if an Org Identity is created by form-based attribute collection during the flow. See also cm_org_identity_source_records:co_petition_id

archived_org_identity_idinteger, foreign keyArchived Org Identity Record IDcm_org_identities:idIf an org identity is replaced during execution of an enrollment flow, this will hold the original org identity

enrollee_co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

Populated if a CO Person is created by form-based attribute collection during the flow

enrollee_co_person_role_id

integer, foreign key

CO Person Role Record ID

cm_co_person_roles:id

Populated if a CO Person Role is created by form-based attribute collection during the flow

petitioner_co_person_id

integer, foreign key

CO Person Record ID of person initiating request

cm_co_people:id

 

sponsor_co_person_id

integer, foreign key

CO Person Record ID of person sponsoring request

cm_co_people:id

 

approver_co_person_id

integer, foreign key

CO Person Record ID of person approving request

cm_co_people:id

 

co_invite_id

integer, foreign key

CO Invite ID created as part of this Petition

cm_co_invites:id

This field is not persistant, and is only non-NULL when an invite is pending.

authenticated_identifier

varchar(256)

Authenticated identifier received as part of user authentication

 

Basically the contents of $REMOTE_USER

petitioner_tokenchar(48)For unauthenticated enrollments, token used to verify petitioner requests  
enrollee_tokenchar(48)For unauthenticated enrollments, token used to verify enrollee requests  
return_urlvarchar(256)Upon completion of enrollment, URL to redirect to (superseding redirect_on_finalize) Must match a whitelisted value in the associated Enrollment Flow configuration.
approver_commentvarchar(256)Comment from approver upon reviewing petition
Added v3.3.0, intended to be suitable for display to enrollee.

status

varchar(2)

 

  • D2: Duplicate
  • I: Invited
  • N: Denied
  • P: Pending
  • PA: PendingApproval
  • PC: PendingConfirmation
  • X: Declined
  • Y: Approved

Tentative



Table

cm_co_pipelines

Description

Per-CO pipelines

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO ID

cm_cos:id


namevarchar(128)Name

status

varchar(128)

Status of Org Identity Source Plugin

  • A: Active 
  • S: Suspended


match_strategyvarchar(2)Match strategy on add of new record
  • EA: Email Address
  • EX: External
  • ID: Identifier
  • NO: No Matching

match_typevarchar(32)For match strategy of Email Address or Identifier, the type of the email address or identifier to use for matchingcm_co_extended_types:name
match_server_idinteger, foreign keyMatch Server IDcm_match_servers:idAdded in Registry v3.3.0
sync_on_addbooleanSync record on add

sync_on_updatebooleanSync record on update

sync_on_deletebooleanSync record on delete

create_rolebooleanCreate a corresponding CO Person Role on sync

sync_cou_idinteger, foreign keyWhen adding or updating a record, the COU the resulting Person Role should be attached tocm_cous:id
sync_affiliationvarchar(32)When adding or updating a CO Person Role, the affiliation given to the Role (regardless of Org Identity affiliation)

sync_replace_cou_idinteger, foreign keyWhen adding a record, if a corresponding role is found in the specified COU delete/expire itcm_cous:id
sync_status_on_deletevarchar(2)When syncing a record on delete, set the corresponding Person Role to the specified status
  • D: Deleted
  • GP: Grace Period
  • S: Suspended
  • XP: Expired


Table

cm_co_provisioning_exports

Description

Per-CO provisioning target export record

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_provisioning_target_id

integer, foreign key

CO Provisioning Target ID

cm_co_provisioning_targets:id

 

co_person_id

integer, foreign key

CO Person ID

cm_co_people:id

 

co_group_id

integer, foreign key

CO Group ID

cm_co_groups:id

 

co_email_list_idinteger, foreign keyCO Email List IDcm_co_email_lists:id 

exporttime

timestamp

Time of latest export

 

 


Table

cm_co_provisioning_queued_events

Description

Per-CO provisioning events to process

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

Person who triggered the action

co_provisioning_target_id

integer, foreign key

CO Provisioning Target ID

cm_co_provisioning_targets:id

 

status

varchar(2)

Status of provisioning request

  • F: Failed (no retry)
  • I: In Progress
  • Q: Queued
  • R: Failed (will retry)
  • S: Success

 


Table

cm_co_provisioning_targets

Description

Per-CO provisioning targets

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


description

varchar(256)

Description



plugin

varchar(32)

Provisioning Plugin



provision_co_group_idinteger, foreign keyIf set, only CO People who are members of this CO Group (and only this CO Group, if groups are also provisioned) will be provisioned using this Provisioning Targetcm_co_groups:idAdded v2.0.0

status

varchar(2)

Status of provisioning target

  • A: Active
  • S: Suspended


ordr

integer

Order attribute is presented (lower numbers = earlier)


Added v1.0.3


Table

cm_co_role_assignments

Description

Per-CO person role assignments

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_role_id

integer, foreign key

CO Role Record ID

cm_co_roles:id

 

co_person_id

integer, foreign key

CO Person Record ID

cm_co_person_roles:id

 

percent_time

integer

Percent time Person is allocated to Role

0 (none) to 100 (full)

 


Table

cm_co_role_groups

Description

Per-CO group memberships implied by role

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_role_id

integer, foreign key

CO Role Record ID

cm_co_roles:id

 

co_group_id

integer, foreign key

CO Group Record ID

cm_co_groups:id

 


Table

cm_co_roles

Description

Per-CO role definitions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

description

varchar(256)

Description

 

 

status

varchar(2)

Role's status within CO

  • A: Active
  • D: Deleted

 


Table

cm_co_self_service_permissions

Description

Per-CO self service permissions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

model

varchar(40)

Model this permission applies to

 


type

varchar(16)

Type within model this permission applies to, or blank for default

 

Default applies if there is no entry for a specific type

permission

varchar(16)

Permission to be applied

  • N: None (permission denied)
  • RO: Read Only
  • RW: Read Write

 


Table

cm_co_sequential_identifier_assignments

Description

Per-Identifier tracking of next values for sequentially assigned identifiers

  • There is currently no REST interface to this table.

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_identifier_assignment_id

integer, foreign key

CO Identifier Assignment ID

cm_co_identifier_assignments:id

 

affix

varchar(256)

String to attach the sequence number to

 

Basically the non-sequence portion of cm_co_identifier_assignments:format

last

integer

Last value used to assign this identifier

 

 


Table

cm_co_service_token_settings

Description

Per-CO service token settings

Plugin

Service Tokens

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_service_id

integer, foreign key

CO Service ID

cm_co_services:id

 

enabled

boolean

Whether this Service Token type is enabled

 

 

token_type

varchar(2)

Token type

  • 08: 8 character alphanumeric plaintext
  • 15: 15 character alphanumeric plaintext

 


Table

cm_co_service_tokens

Description

Per-CO service tokens

Plugin

Service Tokens

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_service_id

integer, foreign key

CO Service ID

cm_co_services:id

The service this token applies to

co_person_id

integer, foreign key

CO Person ID

cm_co_people:id

The person this token is for

token

varchar(64)

Service (application) specific token

 

This column should be encrypted

token_type

varchar(2)

Token type

  • 08: 8 character alphanumeric plaintext
  • 15: 15 character alphanumeric plaintext

 


Table

cm_co_services

Description

Per-CO Services

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


cou_idinteger, foreign keyCOU Record IDcm_cous:id
namevarchar(256)Name

description

varchar(256)

Description



short_labelvarchar(32)Service short label
Intended for use with LDAP attribute options

co_group_id

integer, foreign key

CO Group ID

cm_co_groups:id

If set, access to this service is controlled by the specified group, though the application is ultimately responsible for enforcement

service_url

varchar(256)

Service URL


A clickable link that directs the user to the service

service_labelvarchar(1024)Protocol specific identifier or label of the service, eg SAML Entity ID or OIDC Client ID

Added v3.1.0

Deprecated in v3.2.0, will be removed in v4.0.0 (CO-1595)

contact_email

varchar(128)

Email Address of contact responsible for this Service

RFC 5322 Address


entitlement_uri

varchar(256)

Entitlement URI associated with this Service

eduPerson entitlement

For authorization purposes, eg: ldap attribute population

visibilityvarchar(2)Visibility of this Service
  • CA: CO Admin
  • CG: CO Group Member (of the specified co_group_id)
  • CP: CO Person
  • P: Unauthenticated (Public)
In particular for use generating a user-visible list of Services
identifier_typevarchar(32)Identifier type associated with this Servicecm_co_extended_types:name

status

varchar(2)

Status

  • A: Active
  • S: Suspended



Table

cm_co_settings

Description

Per-CO configuration settings

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


co_theme_idinteger, foreign keyTheme to use by default for this COcm_co_themes:idWhen specified for the COmanage CO, will also apply as platform default theme
co_dashboard_idinteger, foreign keyPrimary Dashboard for this COcm_co_dashboards:idAdded Registry v3.2.0

enable_nsf_demo

boolean

Whether or not to enable NSF demographics tracking

  • true: Enabled
  • false: Disabled


disable_expiration

boolean

Whether or not expirations may be run automatically

  • true: Disabled
  • false: Enabled


disable_ois_syncbooleanWhether or not Org Identity syncs may be run automatically
  • true: Disabled
  • false: Enabled

enable_normalization

boolean

Whether or not to enable normalizations

  • true: Enabled
  • false: Disabled


group_validity_sync_windowintegerFor reprovisioning based on CoGroupMember validity dates, the "look back" window, in minutes, or 0 to disable

See Registry Validity Dates and Registry Job Shell

Added in Registry v3.2.0

invitation_validity

integer

For invitations used as part of default enrollment, the length of time (in minutes) the invitation is valid for


See also cm_co_enrollment_flows:invitation_validity

permitted_fields_name

varchar(160)

A comma separated list of which of name fields are permitted



required_fields_addr

varchar(160)

A comma separated list of which of address fields are required


See also cm_cmp_enrollment_attributes:required_fields

required_fields_name

varchar(160)

A comma separated list of which of name fields are required


See also cm_cmp_enrollment_attributes:required_fields

t_and_c_login_mode

varchar(2)

How to handle unacknowledged Terms and Conditions at login

  • D: Disable all services
  • R: Require at login
  • X: Not enforced


sponsor_eligibilityvarchar(2)What CO People are eligible to be sponsors
  • A: CO or COU Admin
  • CA: CO Admin
  • CG: CO Group Member
  • CP: Valid CO Person
  • N: Sponsors disabled

sponsor_co_group_idinteger, foreign keyIf sponsor_eligibility is CO Group Member, the group of eligible sponsorscm_co_groups:id
default_co_pipeline_idinteger, foreign eyPipeline to run for Org Identities if no other Pipeline appliescm_co_pipelines:id
elect_strategy_primary_namevarchar(2)Election strategy for Primary Name
  • FI: FIFO
  • M: Manual



Table

cm_co_t_and_c_agreements

Description

Person agreements to terms and conditions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_terms_and_conditions_id

integer, foreign key

CO Terms and Conditions Record ID

cm_co_terms_and_conditions:id


co_person_id

integer, foreign key

CO Person ID (Person agreeing to the T&C)

cm_co_people:id


agreement_time

timestamp

Time T&C were agreed to



identifier

varchar(256)

Identifier CO Person was authenticated as when T&C were agreed to


This is not a link to cm_identifiers in case the Identifier is subsequently deleted



eTable

cm_co_terms_and_conditions

Description

Per-CO terms and conditions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO Record ID

cm_cos:id


description

varchar(256)

Description



url

varchar(256)

URL to terms and conditions



bodytext(4000)Body of T&C, instead of URL
Since v3.2.0

cou_id

integer, foreign key

If set, T&C must be agreed to by members of this COU

cm_cous:id


status

varchar(2)

Status of provisioning target

  • A: Active
  • S: Suspended


ordrintegerAscending order in which to display T&Cs
Since v3.1.0


Table

cm_co_themes

Description

Per-CO themes

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

namevarchar(80)Name of this theme  

hide_title

boolean

Whether to suppress the CO title bar

 

 

hide_footer_logobooleanWhether to suppress the "Powered by COmanage" logo  

css

text

Custom CSS used by this theme

W3C CSS Official Definition

 

header

text

Page layout header to emit

 

 

footertextPage layout footer to emit  


Table

cm_configuration

Description

COordinate configuration values
This table was not implemented and is obsolete

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

attribute

varchar(256)

Configuration item

 

 

value

varchar(256)

Configuration value

 

 



Table

cm_cos

Description

Definitions of (virtual) organizations

  • CO Admins are defined by membership within the "admin" group within their CO
  • Special CO with name "COmanage" is where COmanage Admins are listed

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

name

varchar(128)

CO Name

 

 

description

varchar(256)

Description

 

 

status

varchar(2)

CO's status

  • A: Active
  • S: Suspended
  • T: Template

Template added Registry v3.2.0



Table

cm_cous

Description

Per-CO unit definitions

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_id

integer, foreign key

CO Record ID

cm_cos:id

 

parent_cou_id

integer, foreign key

pointer to parent cou

cm_cous:id


lft

integer

Tree left value

required by CakePHP for tree functions

Automatically managed

rght

integer

Tree right value

required by CakePHP for tree functions

Automatically managed

name

varchar(128)

COU name

 

 

description

varchar(256)

Description

 


Note: The CakePHP implementation of the model that represents this table includes code that enables the model to support a tree structure and leverage class MPTT behavior. The result is extra structure not easily seen in the table definition above. Refer to the implementation for details.


Table

cm_email_addresses

Description

Email Addresses

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

mail

varchar(256)

Internet mail address

RFC 4524 inetOrgPerson

 

descriptionvarchar(128)Description Added in Registry v3.1.0.

type

varchar(32)

Type of mail, as enumerated

 

When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model.

See also Recommendations For Email Addresses.

verified

boolean

Was this address verified?

  • true: Verified
  • false: Not verified

Verification is via a URL sent to the address

co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

Only one of co_person_idorg_identity_id, or co_department_id may be specified

org_identity_id

integer, foreign key

Org Identity Record ID

cm_org_identities:id

Only one of co_person_idorg_identity_id, or co_department_id may be specified

co_department_idinteger, foreign keyCO Department Record IDcm_co_departments:idOnly one of co_person_idorg_identity_id, or co_department_id may be specified. Added in Registry v3.1.0.
source_email_address_idinteger, foreign keyIf Pipelines are in use, the Email Address ID for the Org Identity Email Address that created this Namecm_email_addresses:idAdded in Registry v2.0.0.


Table

cm_env_sources

Description

Env Organizational Identity Sources

Plugin

Env Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

org_identity_source_id

integer, foreign key

Organizational Identity Source ID

cm_org_identity_sources:id

 

env_name_honorific

varchar(80)

Environment variable holding official honorific

cm_names

 

env_name_given

varchar(80)

Environment variable holding official given name

cm_names

 

env_name_middle

varchar(80)

Environment variable holding official middle name

cm_names

 

env_name_family

varchar(80)

Environment variable holding official family name

cm_names

 

env_name_suffix

varchar(80)

Environment variable holding official suffix

cm_names

 

env_affiliation

varchar(80)

Environment variable holding affiliation

cm_co_person_roles

 

env_title

varchar(80)

Environment variable holding title

cm_co_person_roles

 

env_o

varchar(80)

Environment variable holding organization

cm_co_person_roles

 

env_ou

varchar(80)

Environment variable holding department

cm_co_person_roles

 

env_mail

varchar(80)

Environment variable holding official email address

cm_email_addresses

 

env_telephone_number

varchar(80)

Environment variable holding office telephone number

cm_telephone_numbers 

env_address_street

varchar(80)

Environment variable holding office street

cm_addresses 

env_address_locality

varchar(80)

Environment variable holding office locality/city

cm_addresses 

env_address_state

varchar(80)

Environment variable holding office state

cm_addresses 

env_address_postalcode

varchar(80)

Environment variable holding office postal code

cm_addresses 

env_address_country

varchar(80)

Environment variable holding office country

cm_addresses 
env_identifier_eppnvarchar(80)Environment variable holding eppncm_identifiers 
env_identifier_eppn_loginbooleanWhether eppn should be allowed to login to Registrycm_identifiers 
env_identifier_eptidvarchar(80)Environment variable holding eptidcm_identifiers 
env_identifier_eptid_loginbooleanWhether eptid should be allowed to login to Registrycm_identifiers 
env_identifier_epuidvarchar(80)Environment variable holding epuidcm_identifiers 
env_identifier_epuid_loginbooleanWhether epuid should be allowed to login to Registrycm_identifiers 
env_identifier_orcidvarchar(80)Environment variable holding orcidcm_identifiers 
env_identifier_orcid_loginbooleanWhether orcid should be allowed to login to Registrycm_identifiers 
env_identifier_soridvarchar(80)Environment variable holding soridcm_identifiers 
env_identifier_sorid_loginbooleanWhether sorid should be allowed to login to Registrycm_identifiers 
env_identifier_networkvarchar(80)Environment variable holding networkcm_identifiers 
env_identifier_network_loginbooleanWhether network should be allowed to login to Registrycm_identifiers 


Table

cm_file_sources

Description

File Organizational Identity Sources

Plugin

File Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

org_identity_source_id

integer, foreign key

Organizational Identity Source ID

cm_org_identity_sources:id

 

filepath

varchar(256)

Path to source file

 

 

archivedirvarchar(256)Directory for archive of source files Added v3.1.0


Table

cm_history

Description

Transaction history (human readable)

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_person_id

integer, foreign key

CO Person Record ID change applied to

cm_co_people:id

 

co_person_role_id

integer, foreign key

CO Person Role Record ID change applied to

cm_co_person_roles:id

 

org_identity_id

integer, foreign key

Organizational Identity Record ID change applied to

cm_org_identities:id

 

co_group_idinteger, foreign keyCO Group Record ID change applied tocm_co_group_members:id 
co_email_list_idinteger, foreign keyCO Email List ID change applied tocm_co_email_lists:id 

actor_co_person_id

integer, foreign key

CO Person who executed or requested this change

cm_co_people:id

 

action 

varchar(4)

Machine readable transaction code

As defined in ActionEnum

Local history should be identified with an action code beginning with the letter 'X'.

comment 

varchar(160)

Human readable transaction description

 

 


Table

cm_http_servers

Description

HTTP Servers

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


server_id

integer, foreign key

Server ID

cm_servers:id


serverurl

varchar(256)

URL describing HTTP server

RFC 7230

Use to describe hostname, port, and SSL

username

varchar(128)

Username to bind as

RFC 7235


password

varchar(64)

Password to bind with

RFC 7235

This column should be encrypted



Table

cm_identifiers

Description

Person identifiers

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


identifier

varchar(256)

Identifier

As per type definition


type

varchar(32)

Type of identifier

Arbitrary values may be configured via cm_co_extended_types (for identifiers attached to COs, only) or default values available are

mail is intended for CO generated mail aliases/addresses to be stored, regardless of whether or not they are in use. Email addresses intended to be reflected into directories or other downstream locations should be stored in the email_addresses table.

login

boolean

Registry login flag

  • true: This identifier can be used to login to Registry
  • false: This identifier cannot be used to login to Registry
Only applies to identifiers attached to Org Identities.

status

varchar(2)

Identifier's status

  • A: Active
  • S: Suspended

An identifier marked deleted is no longer considered in use by COmanage, but it cannot be reassigned.

Prior to v2.0.0, the status D/Deleted was used instead of S/Suspended.

co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

Only one of co_person_idorg_identity_id, co_group_id, or co_department_id may be specified

org_identity_id

integer, foreign key

Org Identity Record ID

cm_org_identities:id

Only one of co_person_idorg_identity_id, co_group_id, or co_department_id may be specified

co_department_idinteger, foreign keyCO Department Record IDcm_co_departments:idOnly one of co_person_idorg_identity_id, co_group_id, or co_department_id may be specified. Added in Registry v3.1.0.
co_group_idinteger, foreign keyCO Group Record IDcm_co_groups:idOnly one of co_person_idorg_identity_id, co_group_id, or co_department_id may be specified. Added in Registry v3.3.0.
source_identifier_idinteger, foreign keyIf Pipelines are in use, the Identifier ID for the Org Identity Identifier that created this record.cm_identifiers:idAdded in Registry v2.0.0.
co_provisioning_target_idinteger, foreign keyCO Provisioning Target IDcm_co_provisioning_targets:id

ie: The Provisioning Target that assigned (and is responsible for managing) this Identifier.

Added in Registry v3.1.0.


Table

cm_ldap_identifier_validators

Description

LDAP Identifier Validators

Plugin

LDAP Identifier Validator

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_identifier_validator_id

integer, foreign key

Identifier Validator ID

cm_co_identifier_validators:id

 

serverurl

varchar(256)

URL describing LDAP server to provision

RFC 4516

Use to describe hostname, port, and SSL (useldaps scheme for SSL)

binddn

varchar(128)

DN to bind as

RFC 4514

 
passwordvarchar(64)Password to bind withRFC 4513This column should be encrypted

basedn

varchar(128)

Base DN to search under

RFC 4514

 

filtervarchar(256)Search filter to execute to check availability

RFC 4514

%s used as a placeholder for identifier


Table

cm_ldap_servers

Description

LDAP Servers

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


server_id

integer, foreign key

Server ID

cm_servers:id


serverurl

varchar(256)

URL describing LDAP server

RFC 4516

Use to describe hostname, port, and SSL (use ldaps scheme for SSL)

binddn

varchar(128)

DN to bind as

RFC 4514


password

varchar(64)

Password to bind with

RFC 4513

This column should be encrypted

basedn

varchar(128)

Base DN to provision People entries under

RFC 4514



Table

cm_ldap_sources

Description

LDAP Organizational Identity Sources

Plugin

LDAP Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

org_identity_source_id

integer, foreign key

Organizational Identity Source ID

cm_org_identity_sources:id

 

serverurl

varchar(256)

URL describing LDAP server

RFC 4516

Use to describe hostname, port, and SSL (use ldaps scheme for SSL)

binddn

varchar(128)

DN to bind as

RFC 4514

 

password

varchar(64)

Password to bind with

RFC 4513

This column should be encrypted

basedn

varchar(128)

Base DN to provision People entries under

RFC 4514

 

key_attribute

varchar(64)

Attribute in LDAP record holding a persistent unique identifier

RFC 4511

 

search_filter

varchar(128)

Search filter to constrain retrieved objects

RFC 4511

 

uid_attrvarchar(64)Attribute to map to Org Identity Identifier of type UID Temporary, will be replaced by CO-1346
uid_attr_loginbooleanWhether to flag the attribute created from uid_attr as for login Temporary, will be replaced by CO-1346



Table

cm_match_servers

Description

ID Match Servers

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


server_id

integer, foreign key

Server ID

cm_servers:id


serverurl

varchar(256)

URL describing HTTP server

RFC 7230

Use to describe hostname, port, and SSL

username

varchar(128)

Username to bind as

RFC 7235


password

varchar(64)

Password to bind with

RFC 7235

This column should be encrypted

sor_labelvarchar(40)SOR Label used in match requestsID Match API
is_comanage_matchboolean
  • true: Defined Server is an instance of COmanage Match
  • false: Defined Server is any other ID Match server



Table

cm_meta

Description

Platform Meta Information

Column

Format

Description

Definition

Comments

upgrade_version

varchar(16)

Current platform version (via upgrade shell)

 

 


Table

cm_names

Description

Person names

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

honorific

varchar(32)

Dr, Mr, Ms, etc

 

 

given

varchar(128)

First/Given name(s)

 

 

middle

varchar(128)

Middle name(s)

 

 

family

varchar(128)

Last/Family name(s)

 

 

suffix

varchar(32)

Jr, III, PhD, etc

 

 

language

varchar(16)

Language encoding of this name

RFC 5646

For supported values, see lang.php

type

varchar(2)

 

 

When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model.

primary_name

boolean

  • true: This name is the primary name for the CO Person or Org Identity
  • false: This name is not the primary name

 

Exactly one name per CO Person and one per Org Identity should have primary_name true at all times

co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

Only one of co_person_id or org_identity_id may be specified

org_identity_id

integer, foreign key

Org Identity Record ID

cm_org_identities:id

Only one of co_person_id or org_identity_id may be specified

source_name_idinteger, foreign keyIf Pipelines are in use, the Name ID for the Org Identity Name that created this Namecm_names:id 


Table

cm_net_forum_sources

Description

netFORUM Organizational Identity Sources

Plugin

netFORUM Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

org_identity_source_id

integer, foreign key

Organizational Identity Source ID

cm_org_identity_sources:id

 

serverurl

varchar(256)

Prefix to the WSDL URL

 

eg: https://uat.netforumpro.com

username

varchar(128)

XML Username, as provided by support

 

 

password

varchar(64)

XML Password, as provided by support

 

This column should be encrypted

query_committeesbooleanWhether to also query committee memberships for group membership mappings
  • true: Also check committee memberships
  • false: Do not check committee memberships
 
query_eventsbooleanWhether to also query event records for group membership mappings
  • true: Also check event registrations
  • false: Do not check event registrations
 


Table

cm_oauth2_servers

Description

OAuth2 Servers

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


server_id

integer, foreign key

Server ID

cm_servers:id


serverurl

varchar(256)

OAuth2 Server endpoint

RFC 6749

Endpoint to OAuth2 services

clientid

varchar(120)

OAuth2 Client ID

RFC 6749


client_secret

varchar(80)

OAuth2 Client Secret

RFC 6749

This column should be encrypted

access_grant_typevarchar(2)OAuth2 Access Grant Type

RFC 6749

  • AC: Authorization Code
  • CC: Client Credentials
Implicit and Password Credentials not currently supported
scopevarchar(256)OAuth2 Token ScopeRFC 6749
refresh_tokenvarchar(160)Current refresh tokenRFC 6749
access_tokenvarchar(160)Current access tokenRFC 6749
token_responsetextFull token received from OAuth2Server
Intended so specific implementations can access vendor specific attributes


Table

cm_orcid_sources

Description

ORCID Organizational Identity Sources

Plugin

ORCID Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


org_identity_source_id

integer, foreign key

Organizational Identity Source ID

cm_org_identity_sources:id


server_idinteger, foreign keyServer IDcm_servers:idAdded v3.2.0

clientid

varchar(80)

Client ID used to authenticate to ORCID API

ORCID API

Removed v3.2.0

client_secret

varchar(80)

Client Secret used to authenticate to ORCID API

ORCID API 

This column should be encrypted

Removed v3.2.0

access_token

varchar(80)

Access token obtained from ORCID API

ORCID API 

This column should be encrypted

Removed v3.2.0



Table

cm_org_identities

Description

Person identity, from institutional source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


statusvarchar(2)Org Identity status
  • RM: Removed
  • SY: Synced
Added in v2.0.0. Currently intended primarily for org identities synced from an org identity source.
date_of_birthdatePerson's date of birth
Added in Registry v3.3.0

affiliation

varchar(8)  

Broad affiliation to source organization

eduPerson person


title

varchar(128)

Title at source organization

X.520 via RFC 4519 person


o

varchar(128)

Source organization

X.520 via RFC 4519 person


ou

varchar(128)

Departmental affiliation at source organization

X.520 via RFC 4519 person


valid_from

datetime

Org Identity is considered valid from this time

If null, valid any time through valid_through

Added in v2.0.0

valid_through

datetime

Org Identity is considered valid through (but not past) this time

If null, valid any time from valid_from

Added in v2.0.0

organization_id

integer, foreign key

Source organization via known organizations

cm_organizations:id

Unused column removed in v2.0.0

co_id

integer, foreign key

If pool_org_identities is false in the CMP Enrollment Configuration, the CO in which this Org Identity is available

cm_cos:id




Table

cm_org_identity_source_records

Description

Cached records from external org identity sources

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


org_identity_source_id

integer, foreign key

The Org Identity Source this record is from

cm_org_identity_sources:id


sorid

varchar(40)  

The Org Identity Source's unique key for this record



source_record

text

The raw (unprocessed) record from the Org Identity Source


May be used in a diff operation to detect changes

last_update

timestamp

Time of last retrieval from Org Identity Source



org_identity_idinteger, foreign keyOrg Identity created from and associated with this source recordcm_org_identities:id
co_petition_idinteger, foreign keyCO Petition that created this Org Identitycm_co_petitions:idAdded in Registry v3.1.0
reference_identifiervarchar(40)If this record was subject to ID Match, the Reference Identifier obtained from the Match requestID Match APIAdded in Registry v3.3.0


Table

cm_org_identity_sources

Description

External sources of organizational identities

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

If pool_org_identities is false in the CMP Enrollment Configuration, the CO in which this Org Identity Source is available

cm_cos:id


description

varchar(256)  

Description



plugin

varchar(32)

Org Identity Source Plugin


Corresponds to plugin name

status

varchar(2)

Status of Org Identity Source Plugin

  • A: Active 
  • S: Suspended


sync_modevarchar(2)How to process this Org Identity Source when processed via JobShell
  • F: Full
  • M: Manual
  • Q: Query
  • U: Update

sync_query_mismatch_modevarchar(2)How to process a Query that returns on an email search but the record does not actually contain that email
  • N: Create a new Org Identity
  • X: Ignore the returned record

sync_query_skip_knownbooleanWhen in Query mode, whether to skip email addresses already linked to records in the Org Identity Source
  • true: Skip known email addresses
  • false: Do not skip

sync_on_user_loginbooleanIf a CO Person has an Org Identity from this Source, perform a sync when the CO Person logs in to Registry
  • true: Perform sync on user login
  • false: Do not perform sync on user login
Added in Registry v3.1.0
eppn_identifier_typevarchar(128)Identifier type in Org Identity Source record to use to create an identifier of type ePPN associated with this Org Identity

eppn_suffixvarchar(128)Suffix (right hand side) to append to identifier of type eppn_identifier_type to create an identifier of type ePPN
Should not include @
hash_source_recordbooleanWhether to store a hash of the Org Identity Source Record rather than the full source record

Controls what is stored in cm_org_identity_source_records:source_record

Added in Registry v3.1.0

co_pipeline_idinteger, foreign keyCO Pipeline to run when an identity is added from this sourcecm_co_pipelines:id



Table

cm_password_authenticator

Description

Password Authenticator

PluginPassword Authenticator

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

authenticator_idinteger, foreign keyAuthenticator IDcm_authenticators:id 

min_length

integer

Minimum permitted password length

 

Between 8 and 64, default 8

max_lengthintegerMaximum permitted password length Between 8 and 64, default 64
format_crypt_phpbooleanHash the password in Crypt format, as implemented by PHP password_hash function using PASSWORD_DEFAULT, and suitable for use with password_verify
  • true: Hash the password in Crypt format
  • false: Do not hash the password in Crypt format
Added Registry v3.2.0
format_plaintextbooleanStore the password in plaintext
  • true: Store the password in plaintext format
  • false: Do not store the password in plaintext format
Added Registry v3.2.0
format_sha1_ldapbooleanHash the password in Salted SHA1 format, suitable for use in LDAP authentication
  • true: Hash the password in Salted SHA1 format
  • false: Do not hash the password in Salted SHA1 format
Added Registry v3.2.0


Table

cm_passwords

Description

Passwords

PluginPassword Authenticator

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

password_authenticator_idinteger, foreign keyPassword Authenticator IDcm_password_authenticators:id 
co_person_idinteger, primary keyCO Person IDcm_co_people:id 

password

varchar(256)

Password, in format specified by password_type

 

 

password_typevarchar(2)Format type of password
  • CR: Crypt
  • SH: Salted SHA 1
 


Table

cm_permissions

Description

Permissions for COoordinate

  • Special CO with id "1" and name "COmanage" (linked via cm_co_person_roles:co_id) is where COordinate Admins are listed

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_person_id

integer, foreign key

CO Person Record ID

cm_co_person_roles:id

 

permission

varchar(2)

Permission

  • A: Admin for CO

 


Table

cm_regex_identifier_validators

Description

Regular Expression Identifier Validators

Plugin

Regex Identifier Validator Plugin

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

co_identifier_validator_id

integer, foreign key

Identifier Validator ID

cm_co_identifier_validators:id

 

patternvarchar(256)Perl Compatible Regular Expression describing acceptable identifier format

PCRE

 


Table

cm_salesforce_sources

Description

Salesforce Organizational Identity Sources

Plugin

Salesforce Source

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


org_identity_source_id

integer, foreign key

Organizational Identity Source ID

cm_org_identity_sources:id


server_idinteger, foreign keyServer IDcm_servers:idAdded v3.2.0

serverurl

varchar(256)

Salesforce instance (may be production or sandbox)


eg: https://cs123.salesforce.com

Removed v3.2.0

clientid

varchar(120)

Client ID, for registered (connected) app


Removed v3.2.0

client_secret

varchar(80)

Client secret, for registered (connected) app


This column should be encrypted

Removed v3.2.0

search_contactsbooleanWhether to query Salesforce Contact objects
  • true: Query Contacts
  • false: Do not query Contacts
Unintuitively, if neither search_contacts nor search_users is true, then all objects will be searched
search_usersbooleanWhether to query Salesforce User objects
  • true: Query Users
  • false: Do not query Users

custom_objectsvarchar(256)Comma separated list of objects to query for additional attributes

refresh_tokenvarchar(160)Current refresh tokenSalesforce OAuthRemoved v3.2.0
access_tokenvarchar(160)Current access tokenSalesforce OAuthRemoved v3.2.0
instance_urlvarchar(256)Current Salesforce instanceSalesforce OAuth
groupable_attrsblobCached list of attributes available for CO Group mapping
Internal format based on response from Salesforce API


Table

cm_servers

Description

Servers

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


co_id

integer, foreign key

CO ID

cm_cos:id


description

varchar(128)  

Description



server_type

varchar(2)

Server Type

  • LD: LDAP
  • O2: OAuth2
  • SQ: SQL


status

varchar(2)

Status of Server

  • A: Active 
  • S: Suspended




Table

cm_ssh_key_authenticator

Description

SSH Key Authenticator

PluginSSH Key Authenticator

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement


authenticator_idinteger, foreign keyAuthenticator IDcm_authenticators:id



Table

cm_ssh_keys

Description

SSH Keys

PluginSSH Key Authenticator (as of Registry v3.3.0)

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

ssh_key_authenticator_idinteger, foreign keyAuthenticator IDcm_authenticators:idAdded v3.3.0

comment

varchar(256)

Comment associated with key

 

 

type

varchar(16)

Type of key

  • DSA: DSA
  • ecdsa-sha2-nistp256: ECDSA (256)
  • ecdsa-sha2-nistp384: ECDSA (384)
  • ecdsa-sha2-nistp521: ECDSA (521)
  • ssh-ed25519: ED25519
  • RSA: RSA
  • RSA1: RSA (protocol v1)

 

skey

text

Public key data

 

 

co_person_id

integer, foreign key

CO Person Record ID

cm_co_people:id

 


Table

cm_telephone_numbers

Description

Telephone Numbers

Column

Format

Description

Definition

Comments

id

integer, primary key

Row identifier

autoincrement

 

country_codevarchar(3)Telephone Country CodeITU E.164 
area_codevarchar(8)Telephone Area (National Destination) CodeITU E.164  

number

varchar(64)

Telephone Subscriber Number

ITU E.164

 

extensionvarchar(16)Telephone ExtensionLocation specific 
descriptionvarchar(128)Description Added in Registry v3.1.0.

type

varchar(2)

Type of telephone

 

When attached to a CO Person Role, types may be configured on a per-CO basis. See Extending the Registry Data Model.

co_person_role_id

integer, foreign key

CO Person Role Record ID

cm_co_person_roles:id

Only one of co_person_idorg_identity_id, or co_department_id may be specified

org_identity_id

integer, foreign key

Org Identity Record ID

cm_org_identities:id

Only one of co_person_idorg_identity_id, or co_department_id may be specified

co_department_idinteger, foreign keyCO Department Record IDcm_co_departments:idOnly one of co_person_idorg_identity_id, or co_department_id may be specified. Added in Registry v3.1.0.
source_telephone_number_idinteger, foreign keyIf Pipelines are in use, the Telephone Number ID for the Org Identity Telephone Number that created this record.cm_telephone_numbers:idAdded in Registry v2.0.0.

  • No labels