All Tables

Created by Benn Oshrin, last modified by Ioannis Eythymios Igoumenos on Aug 27, 2023

Table	cm_ad_hoc_attributes
Description	Ad Hoc Attributes

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
tag	varchar(128)	Attribute Tag		Key is a reserved word for MySQL, so this column is called Tag.
value	varchar(256)	Attribute Value
co_person_role_id	integer, foreign key	CO Person Role Record ID	cm_co_person_roles:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
co_department_id	integer, foreign key	CO Department Record ID	cm_co_departments:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified.
source_ad_hoc_attribute_id	integer, foreign key	If Pipelines are in use, the Ad Hoc Attribute ID for the Org Identity Ad Hoc Attribute that created this record.	cm_ad_hoc_attributes:id

Table	cm_addresses
Description	Addresses

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
street	varchar(400)	Street	X.520 via RFC 4519 organizationalPerson
room	varchar(64)	Room	X.520 via RFC 4519 organizationalPerson
locality	varchar(128)	Locality (eg: city)	X.520 via RFC 4519 organizationalPerson
state	varchar(128)	State or Province	X.520 via RFC 4519 organizationalPerson
postal_code	varchar(16)	Postal Code	X.520 via RFC 4519 organizationalPerson
country	varchar(128)	Country	X.521 via RFC 4519 country
description	varchar(128)	Description		Added in Registry v3.1.0.
type	varchar(2)	Type of mail, as enumerated		When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model.
language	varchar(16)	Language encoding of this address	RFC 5646	For supported values, see `lang.php`
co_person_role_id	integer, foreign key	CO Person Record ID	cm_co_person_roles:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
co_department_id	integer, foreign key	CO Department Record ID	cm_co_departments:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified. Added in Registry v3.1.0.
source_address_id	integer, foreign key	If Pipelines are in use, the Address ID for the Org Identity Address that created this record.	cm_addresses:id	Added in Registry v2.0.0.

Table	cm_api_source_records
Description	API Source Record Cache
Plugin	API Source

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
api_source_id	integer, foreign key	API Source ID	cm_api_sources:id
sorid	varchar(1024)	SOR Record ID
source_record	text	Unprocessed Source Record

Table	cm_api_sources
Description	API Organizational Identity Sources
Plugin	API Source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
sor_label	varchar(32)	SOR Label		Removed in Registry v4.1.0
api_user_id	integer, foreign key	API User ID	cm_api_users:id	For use in Push Mode
poll_mode	varchar(2)	Poll Mode	AK: Apache Kafka	Added in Registry v4.0.0
kafka_server_id	integer, foreign key	Server ID for use with Apache Kafka mode	cm_servers:id	Note foreign key is to Server model, not to KafkaServer model Added in Registry v4.0.0
kafka_groupid	varchar(80)	Kafka Client Group ID string		Added in Registry v4.0.0, removed in Registry v4.1.0
kafka_topic	varchar(80)	Kafka Topic to consume		Added in Registry v4.0.0, removed in Registry v4.1.0

Table	cm_api_users
Description	API (Programmatic) Users

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id	If `co_id` is 1 (COmanage CO), the API User is a Platform API User Added Registry v3.3.0
username	varchar(50)	User (login) name
password	varchar(40)	Hashed password	SHA1, as used by CakePHP	Will be renamed `api_key` in Registry v5.0.0
privileged	boolean	If this API User is a "superuser" within its CO	true: API User is privileged false: API User is not privileged	Added Registry v3.3.0
status	varchar(2)	API User status	A: Active S: Suspended	Added Registry v3.3.0
valid_from	datetime	API User is valid from this time	If null, valid any time through valid_through	Added Registry v3.3.0
valid_through	datetime	API User is valid through (but not past) this time	If null, valid any time from valid_from	Added Registry v3.3.0
remote_ip	varchar(80)	IP addresses this API User may connect from	Defined as regular expression, or null for any IP address	Added Registry v3.3.0

Table	cm_applications
Description	Known applications

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
name	varchar(256)	Application name
enabled	boolean	Enabled applications are available to COs	0: No 1: Yes

Table	cm_attribute_enumerations
Description	Attribute enumerations (per-CO or platform wide)

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id	Null when Org Identities are pooled and enumeration applies to an Org Identity attribute
attribute	varchar(80)	Attribute this enumeration applies to	Model.attribute	Only attributes that support enumerations may be used here
optvalue	varchar(128)	Enumerated option		Deprecated in v4.0.0, but maintained for data migration purposes; will be removed in PE
status	varchar(2)	Type status	A: Active S: Suspended	Suspending an enumeration does not remove any uses of it from operation records
dictionary_id	integer, foreign key	Dictionary ID	cm_dictionaries:id	Added v4.0.0
allow_other	boolean	Allow non-enumerated, "other" values		Added v4.0.0

Table	cm_authentication_events
Description	Registry authentication events

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
authenticated_identifier	varchar(256)	User (login) name		Should typically correlate with cm_identifiers:identifier
authentication_event	varchar(2)	Type of authentication event	AI: API Login IN: Registry Login
remote_ip	varchar(40)	IP address of remote connection, if known

Table	cm_authenticator_statuses
Description	Authenticator Statuses

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
authenticator_id	integer, foreign key	Authenticator ID	cm_authenticators:id
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id
locked	boolean	Whether a given CO Person's Authenticator is locked	true: The Authenticator is locked for this CO Person false: The Authenticator is not locked for this CO Person

Table	cm_authenticators
Description	Authenticators

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
description	varchar(256)	Description
plugin	varchar(32)	Authenticator Plugin
status	varchar(2)	Status	A: Active S: Suspended
co_message_template_id	integer, foreign key	CO Message Template ID	cm_co_message_templates:id	Added Registry v4.0.0

Table	cm_clusters
Description	Clusters

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
description	varchar(256)	Description
plugin	varchar(32)	Cluster Plugin
status	varchar(2)	Status	A: Active S: Suspended

Table	cm_cmp_enrollment_attributes
Description	CMP enrollment attribute configuration

There is no REST interface to this table since it is intended to configure the COmanage Registry UI.

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
cmp_enrollment_configuration_id	integer, foreign key	CMP Enrollment Configuration ID	cm_cmp_enrollment_configurations:id
attribute	varchar(80)	Organizational Identity attribute name	Attributes defined in cm_org_identities or related tables (such as cm_addresses)
type	varchar(2)	If attribute definition includes a type, associate this enrollment attribute with the specified type
required	integer	If the flow requires this attribute	1: Required 0: Not required (ie: optional) -1: Not permitted
ldap_name	varchar(80)	Name of LDAP attribute used to populate this attribute		If enabled, attribute is authoritative to the originating organization. May be enabled along with saml_name.
saml_name	varchar(80)	Name of SAML attribute used to populate this attribute		If enabled, attribute is authoritative to the originating organization. May be enabled along with ldap_name.

Table	cm_cmp_enrollment_configurations
Description	CMP enrollment configuration

Although the data model permits multiple CMP enrollment configurations to be defined, COmanage Registry currently only permits one active configuration for the platform.
There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
CO enrollment flows are handled via cm_co_enrollment_flows.

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
name	varchar(128)	Configuration Name
attrs_from_ldap	boolean	Should CMP enrollment attempt to pull attributes from an organizational LDAP server before prompting for attributes?	true: CMP enrollment attempts to query for LDAP attributes false: CMP enrollment does not query LDAP	Deprecated
attrs_from_saml	boolean	If the enrollee must authenticate, should CMP enrollment attempt to extract attributes from a SAML assertion before prompting for attributes?	true: CMP enrollment attempts to extract SAML attributes false: CMP enrollment does not examine SAML attributes	Deprecated
attrs_from_env	boolean	Should organizational identity attributes be extracted from the server environment? (eg: those that might be set by the web server auth module.)	true: Accept server environment variables as a source of organizational identity false: Do not accept server environment variables as a source of organizational identity
attrs_from_coef	boolean	Should CO enrollment flows be able to prompt for organizational identity attributes? (These attributes will be considered less authoritative than if they had been obtained via LDAP or SAML.)	true: CO enrollment may prompt for organizational identity attributes false: CO enrollment may not prompt for organizational identity attributes
pool_org_identities	boolean	Should organizational identities be pooled and made available to all COs on the CMP?	true: All org identities are available to all COs false: Org identities are only available to the CO that invoked the enrollment	See CO-193 for additional information
sponsor_enroll	boolean	Do enrollees need to have a sponsor to enroll?	true: must have a sponsor to enroll false: sponsor not necessary	Not implemented
sponsor_active	boolean	Do enrollees need to have a sponsor to stay enrolled?	true: must have a sponsor to stay enrolled false: sponsor not necessary	Not implemented
eds_help_url	varchar(256)	For the Shibboleth Embedded Discovery Service, the help URL to publish
eds_preferred_idps	text(4000)	For the Shibboleth Embedded Discovery Service, the entityIds to always show (one per line)
eds_hidden_idps	text(4000)	For the Shibboleth Embedded Discovery Service, the entityIds to hide (one per line)
redirect_on_logout	varchar(1024)	Redirect URL when user logs out		Added in Registry v4.0.0
app_base	varchar(64)	Cached application base for use in generating notification URLs		Added in Registry v4.0.0
status	varchar(2)	Configuration status	A: Active S: Suspended	Only one CMP configuration may be active

Table	cm_co_announcement_channels
Description	Per-CO Announcement Channels
Plugin	AnnouncementsWidget

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
name	varchar(128)	Name
status	varchar(2)	Status	A: Active S: Suspended
author_co_group_id	integer, foreign key	CO Group ID	cm_co_groups:id	Members of this group may post to this channel
reader_co_group_id	integer, foreign key	CO Group ID	cm_co_groups:id	Members of this group may read posts in this channel
publish_html	boolean	Whether this channel may render HTML	true: HTML may be rendered false: Plain Text only

Table	cm_co_announcements
Description	Per-CO Announcements
Plugin	AnnouncementsWidget

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_announcement_channel_id	integer, foreign key	CO Announcement Channel ID	cm_co_announcement_channels:id
title	varchar(256)	Announcement title
body	text	Announcement body
valid_from	datetime	CO Announcement will be published from this time	If null, published any time through valid_through
valid_through	datetime	CO Announcement will be published through (but not past) this time	If null, published any time from valid_from
poster_co_person_id	integer, foreign key	Poster CO Person ID	cm_co_people:id

Table	cm_co_announcements_widgets
Description	Per-CO Announcements Widgets configuration
Plugin	AnnouncementsWidget

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_dashboard_widget_id	integer, foreign key	CO Dashboard Widget Record ID	cm_co_dashboard_widgets:id
co_announcement_channel_id	integer	CO Announcement Channel ID	cm_co_announcement_channels:id

Table	cm_co_applications
Description	Per-CO configured applications

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
name	varchar(256)	Application name
provisioned	boolean	Provisioned applications are available in the CO	0: No 1: Yes

Table	cm_co_changelog_provisioner_targets
Description	Per-CO Changelog provisioning target configurations
Plugin	ChangelogProvisioner

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
logfile	varchar(256)	Logfile to write to

Table	cm_co_dashboard_widgets
Description	Per-CO Dashboard Widgets

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_dashboard_id	integer, foreign key	CO Dashboard Record ID	cm_co_dashboards:id
description	varchar(256)	Description
plugin	varchar(32)	Dashboard Widget Plugin
status	varchar(2)	Status of Dashboard Widget	A: Active S: Suspended
ordr	integer	Order widget is rendered (lower numbers = earlier)

Table	cm_co_dashboards
Description	Per-CO Dashboards

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
name	varchar(128)	Name
description	varchar(128)	Description
visibility	varchar(2)	Visibility of this Dashboard	CA: CO Admin CG: CO Group Member (of the specified visibility_co_group_id) CP: CO Person P: Unauthenticated (Public)
visibility_co_group_id	integer, foreign key	CO Group ID	cm_co_groups:id	If set, visibility of this Dashboard is controlled by the specified group
status	varchar(2)	Status	A: Active S: Suspended

Table	cm_co_departments
Description	Per-CO Departments

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
cou_id	integer, foreign key	COU Record ID	cm_cous:id
name	varchar(128)	Name
description	varchar(128)	Description
type	varchar(32)	CO Department type		Added in Registry v3.3.0. May be configured on a per-CO basis. See Extending the Registry Data Model.
introduction	text(4000)	Brief introduction describing department		Intended for rendering in Service Portal or Department Directory
leadership_co_group_id	integer, foreign key	CO Group ID describing the leadership (eg: chairs, VPs, etc) of the Department	cm_co_groups:id
administrative_co_group_id	integer, foreign key	CO Group ID describing the administrators (eg: department admin) of the Department	cm_co_groups:id
support_co_group_id	integer, foreign key	CO Group ID describing the support staff (eg: technical or administrative assistants) of the Department	cm_co_groups:id

Table	cm_co_directory_permissions
Description	Per-CO restrictions on publishing of directory information

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
cm_org_person_id	integer, foreign key	Org Person Record ID	cm_org_identities:id
attribute	varchar(256)	Schema attribute name	Correlate to cm_co_person_roles columns	Use attribute '*' to apply to entire record
release	boolean	Released attributes are public	0: No 1: Yes

Table	cm_co_email_lists
Description	Per-CO Email Lists

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
name	varchar(256)	Name
description	varchar(256)	Description
admins_co_group_id	integer, foreign key	CO Group ID for list administrators	cm_co_groups:id
members_co_group_id	integer, foreign key	CO Group ID for list members	cm_co_groups:id
moderators_co_group_id	integer, foreign key	CO Group ID for list moderators	cm_co_groups:id
status	varchar(2)	Status	A: Active S: Suspended

Table	cm_co_enrollment_attributes
Description	Per-CO enrollment flow attribute configurations

There is no REST interface to this table since it is intended to configure the COmanage Registry UI.

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_id	integer, foreign key	CO Enrollment Flow ID	cm_co_enrollment_flows:id
label	varchar(80)	Name of attribute as presented during enrollment
description	varchar(256)	Description of attribute, presented during enrollment
attribute	varchar(80)	CO Person, CO Person Role, or Org Identity attribute name	Attributes defined in cm_co_people, cm_co_person_roles, cm_org_identities or related tables (such as cm_addresses), including cm_co_extended_attributes
type	varchar(2)	If attribute definition includes a type, associate this enrollment attribute with the specified type
required	integer	If the flow requires this attribute	1: Required 0: Not required (ie: optional) -1: Not permitted
required_fields	varchar(160)	If this attribute has subfields, a comma separated list of which of those fields are required		Currently applies only to cm_names and cm_addresses See also cm_co_settings
ordr	integer	Order attribute is presented (lower numbers = earlier)
hidden	boolean	Whether or not to display this attribute	true: Do not display this attribute false: Display this attribute	Only honored when there is a non-modifiable default attribute value
copy_to_coperson	boolean	When the Petition is created, duplicate the value in the attribute from the Org Identity to the corresponding attribute in the CO Person or CO Person Role record		Applies only to Org Identity attributes.
ignore_authoritative	boolean	Whether or not to ignore authoritative values	true: Ignore authoritative values for this attribute false: Allow authoritative values for this attribute	Deprecated, to be removed in Registry v4.0.0
default_env	varchar(80)	If specified, the value held in this environment variable will be used as a default value for this attribute		Added in Registry v3.1.0
login	boolean	For attributes of type Identifier, whether or not to flag the Identifier as able to login to Registry	true: Identifier can be used to login to Registry false: Identifier cannot be used to login to Registry	Correlates to cm_identifiers:login
language	varchar(16)	Language encoding of this attributes	RFC 5646	For supported values, see `lang.php`

Table	cm_co_enrollment_attribute_defaults
Description	Default values for CO enrollment flow attributes configuration

There is no REST interface to this table since it is intended to configure the COmanage Registry UI.

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_enrollment_attribute_id	integer, foreign key	CO Enrollment Flow ID	cm_co_enrollment_attributes:id
affiliation	varchar(32)	This default value applies when the enrollment CO Person Role affiliation matches	cm_co_person_roles:affiliation	Not yet implemented (CO-626)
value	varchar(80)	Default value for this attribute	For all types except dates, default value For dates YYYY-MM-DD: Exact date MM-DD: Next MM-DD +#: # days from today
modifiable	boolean	Whether or not the Petitioner may change the default value when the petition is created	true: Value may be changed false: Value may not be changed

Table	cm_co_enrollment_authenticators
Description	Authenticators attached to Enrollment Flows

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_id	integer, foreign key	CO Enrollment Flow ID	cm_co_enrollment_flows:id
authenticator_id	integer, foreign key	Authenticator ID	cm_authenticators:id
required	integer	Whether establishing this Authenticator is required	1: Required 0: Not required (ie: optional) -1: Not permitted

Table	cm_co_enrollment_clusters
Description	Clusters attached to Enrollment Flows

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_id	integer, foreign key	CO Enrollment Flow ID	cm_co_enrollment_flows:id
cluster_id	integer, foreign key	Cluster ID	cm_clusters:id
enabled	boolean	Whether establishing this Cluster is enabled	true: Enabled false: Disabled

Table	cm_co_enrollment_flow_wedges
Description	Enroller Plugins attached to Enrollment Flows

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_id	integer, foreign key	CO Enrollment Flow ID	cm_co_enrollment_flows:id
description	varchar(256)	Description
plugin	varchar(32)	Enroller Plugin
status	varchar(2)	Status	A: Active S: Suspended
ordr	integer	Order plugin is run in within its step (lower numbers = earlier)

Table	cm_co_enrollment_flows
Description	Per-CO enrollment flow configurations

There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
CO enrollment flows are subject to the CMP enrollment configuration (cm_cmp_enrollment_configurations).

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
name	varchar(128)	Flow Name
sor_label	varchar(40)	SOR Label used in match requests	ID Match API	Added in Registry v4.1.0
co_id	integer, foreign key	CO Record ID	cm_cos:id
authz_level	varchar(2)	Authorization required to execute this enrollment flow	A: CO or COU admin (administrator enrollment) N: No authorization required (open, self enrollment) CA: CO admin (administrator enrollment) CG: Member of specified CO group (self or delegated enrollment) CP: CO Person (self or delegated enrollment) UA: COU admin (administrator enrollment) UP: CO Person in specified COU (self or delegated enrollment)
authz_cou_id	integer, foreign key	COU Record ID when authz_level is UA or UP	cm_cous:id
authz_co_group_id	integer, foreign key	CO Group Record ID when authz_level is CG	cm_co_groups:id
my_identity_shortcut	boolean	Whether a link to this flow should be rendered in the "My Identity" menu	true: Render a link false: Do not render a link	Added Registry v3.2.0
co_pipeline_id	integer, foreign key	CO Pipeline to run for Org Identities created using this Flow	cm_co_pipelines:id	Unused, removed as of Registry v3.3.0
match_policy	varchar(2)	Policy for matching against existing CO People	A: Advisory (suggestions are provided but not automatically selected) E: External (using ID Match API) N: None (no matching performed) P: Select ("Pick" from existing CO People) S: Self (can only re-enroll self)
match_server_id	integer, foreign key	Match Server ID when match_policy is External	cm_servers:id	Added Registry v4.1.0
enable_person_find	boolean	Enable People Picker API for unregistered petitioners associated with this Enrollment Flow	true: People Picker API enabled false: People Picker API disabled	Added Registry v3.3.0
approval_required	boolean	Is approval required before any provisioning may occur?	true: Approval required false: Approval not requested	Approvers defined by `CO:admin.approvers` or `CO:admin.approvers:COU` group membership
approver_co_group_id	integer, foreign key	CO Group Record ID for group whose members are authorized to approve petitions created by this flow	cm_co_groups:id
verify_email	boolean	Do org identity email addresses need to be verified?	true: Verification required false: Verification not requested	Verification sends an email to the address with a URL Deprecated as of v2.0.0, use email_verification_mode instead
email_verification_mode	varchar(2)	If/how org identity email addresses should be verified	A: Automatic R: Review X: None	Added in v2.0.0 See also Email Verification
invitation_validity	integer	For invitations used to verify email addresses, the length of time (in minutes) the invitation is valid for		See also cm_co_settings
regenerate_expired_verification	boolean	Automatically regenerate confirmation links on validation of an expired link?	true: Regenerate confirmations on validation of expired links false: Do not regenerate confirmations on validation of expired links	Added in v4.1.0
require_authn	boolean	Is the authentication required by the enrollee?	true: Approval required false: Approval not requested
notification_co_group_id	integer, foreign key	CO Group Record ID whose members will be notified when petitions generated from the enrollment flow trigger certain events	cm_co_groups:id
status	varchar(2)	Configuration status	A: Active S: Suspended
notify_from	varchar(256)	Address to send notifications from	RFC 5322 Address	Used in coinvite as source email address when sending out notifications
verification_template_id	integer, foreign key	Template for verification email	cm_co_message_templates:id
verification_subject	varchar(256)	Subject for verification email		Deprecated as of v2.0.0, use message templates instead
verification_body	text(4000)	Body for verification email		Deprecated as of v2.0.0, use message templates instead
request_vetting	boolean	Request Vetting for the Enrollee	true: Vetting is requested false: Vetting is not requested	Added in Registry v4.1.0
notify_on_approval	boolean	Notify the enrollee on Petition approval?	true: Notification is sent false: Notification is not sent	As of v3.3.0, also triggers notification on denial
approval_template_id	integer, foreign key	Template for approval email	cm_co_message_templates:id
approval_subject	varchar(256)	Subject for approval email		Deprecated as of v2.0.0, use message templates instead
approval_body	text(4000)	Body for approval email		Deprecated as of v2.0.0, use message templates instead
approver_template_id	integer, foreign key	Template for approver email	cm_co_message_templates:id	Added in Registry v4.3.0
denial_template_id	integer, foreign key	Template for denial email	cm_co_message_templates:id
notify_on_finalize	boolean	Notify the enrollee on Petition finalization?	true: Notification is sent false: Notification is not sent
finalization_template_id	integer, foreign key	Template for finalization email	cm_co_message_templates:id
introduction_text	text(4000)	Introductory text displayed at the start of an Enrollment Flow
conclusion_text	text(4000)	Conclusion text displayed at the bottom of a Petition form
introduction_text_pa	text(4000)	Introductory text displayed at the top of a Petition form		Added in Registry v4.1.0
t_and_c_mode	varchar(2)	Terms and Conditions mode	EC: Explicit Consent IC: Implied Consent S: Splash Page after enrollment X: Ignore T&C during enrollment
redirect_on_submit	varchar(256)	After a Petition is submitted, a URL (relative or absolute) to redirect the browser to
redirect_on_confirm	varchar(256)	After the email address associated with a Petition is confirmed, a URL (relative or absolute) to redirect the browser to
redirect_on_finalize	varchar(256)	After a Petition is finalized, a URL (relative or absolute) to redirect the browser to		Added in v3.1.0
return_url_allowlist	text(4000)	Newline separated list of regular expressions representing permitted values to be passed into the petition as a URL to redirect to after the Petition is finalized		Added in v3.1.0, renamed from return_url_whitelist in v3.3.0
ignore_authoritative	boolean	Whether or not to ignore authoritative values	true: Ignore authoritative values for all attributes in this enrollment flow false: Allow authoritative values for this attribute (subject to per-attribute override)
duplicate_mode	varchar(2)	How to handle a detected duplicate enrollment	C: Create a new role if in a different COU D: Flag as duplicate R: Create a new role
co_theme_id	integer, foreign key	Theme to use when executing this Enrollment Flow	cm_co_themes:id	Added v2.0.0
theme_stacking	varchar(2)	Whether to enable Theme Stacking for this Enrollment Flow.	A: Active S: Suspended (disabled)	Added v4.0.0
establish_authenticators	boolean	Whether to establish authenticators as part of enrollment	true: Establish authenticators, as per configuration false: Do not establish authenticators	Added v3.3.0
establish_cluster_accounts	boolean	Whether to establish cluster accounts as part of enrollment	true: Establish cluster accounts, as per configuration false: Do not establish clusters	Added v3.3.0

Table	cm_co_enrollment_sources
Description	Organizational Identity Sources attached to Enrollment Flows

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_id	integer, foreign key	CO Enrollment Flow ID	cm_co_enrollment_flows:id
org_identity_source_id	integer, foreign key	Org Identity Source ID	cm_org_identity_sources:id
org_identity_mode	varchar(2)	Enrollment Source Mode	N: None OA: Authenticate OC: Claim OI: Identify OS: Search SL: Select SR: Search, Required
verify_family_name	boolean	Whether to verify the family name when creating an Org Identity from this Enrollment Source		Added in Registry v3.2.0
ordr	integer	Order attribute is presented (lower numbers = earlier)

Table	cm_co_expiration_policies
Description	Per-CO expiration policies

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
description	varchar(256)	Description
status	varchar(2)	Expiration policy's status	A: Active S: Suspended
cond_cou_id	integer, foreign key	COU this expiration policy applies to	cm_cous:id	Conditions are AND'd together
cond_affiliation	varchar(32)	Affiliation this expiration policy applies to	cm_co_person_roles:affiliation
cond_before_expiry	integer	Number of days prior to expiration from which this policy will apply		Policy continues to apply until role valid_through
cond_after_expiry	integer	Number of days after expiration at which point this policy will apply
cond_count	integer	Number of times this policy will be applied	cm_co_expiration_counts:expiration_count	Since v1.1.0
cond_status	varchar(2)	Status this expiration policy applies to	cm_co_person_roles:status
cond_sponsor_invalid	boolean	If true, this expiration policy applies to CO Person Roles sponsored by a CO Person who is no longer Active
act_affiliation	varchar(32)	CO Person Roles matching this expiration policy will be set to this affiliation, if defined	cm_co_person_roles:affiliation
act_clear_expiry	boolean	CO Person Roles matching this expiration policy will have their valid_through date cleared, if true
act_cou_id	integer, foreign key	CO Person Roles matching this expiration policy will be moved to tis COU, if set	cm_cous:id
act_notify_co_admin	boolean	If true, the CO Administrator(s) will be notified when this expiration policy matches
act_notify_cou_admin	boolean	If true, the COU Administrator(s) will be notified when this expiration policy matches
act_notify_co_group_id	integer, foreign key	If true, the members of the specified CO Group will be notified when this expiration policy matches	cm_co_groups:id
act_notify_co_person	boolean	If true, the CO Person attached to the matching CO Person Role will be notified when this expiration policy matches
act_notify_sponsor	boolean	If true, the Sponsor attached to the matching CO Person Role will be notified when this expiration policy matches
act_notification_template_id	integer, foreign key	Template for notification email	cm_co_message_templates:id
act_notification_subject	varchar(256)	Subject for notification email		Deprecated, use message templates instead
act_notification_body	text	Body for notification email		Deprecated, use message templates instead

Table	cm_co_extended_attributes
Description	Per-CO extended attribute definitions

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
name	varchar(64)	Database column name for attribute
display_name	varchar(64)	Display name for attribute
type	varchar(32)	Database type for attribute	INTEGER TIMESTAMP VARCHAR(32)	Once set, type cannot be changed
index	boolean	Create database index for attribute	true: Index false: Do not index

Table	cm_co_extended_types
Description	Per-CO attribute custom type configurations

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
attribute	varchar(32)	Attribute this type name applies to		Only attributes that support extended types may be used here.
name	varchar(32)	Database value for type		As used by cm_identifiers:type
display_name	varchar(64)	Display name for type
edupersonaffiliation	varchar(32)	Optional mapping to eduPersonAffiliation	eduPerson	Applies only when `attribute` is `CoPersonRole.affiliation`
status	varchar(2)	Type status	A: Active S: Suspended	A deleted status cannot exist in any active attribute. A suspended status cannot be added to any new or updated attributes, but may continue to be used by existing active attributes.

Unable to render {include} The included page could not be found.

Table	cm_co_github_provisioner_targets
Description	Per-CO GitHub provisioning target configurations
Plugin	GithubProvisioner

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
github_user	varchar(80)	GitHub username		Account must have admin privileges for the GitHub Organization to be managed
github_org	varchar(80)	GitHub organization name		GitHub Organization to be managed
client_id	varchar(80)	Client ID as returned by GitHub		Provided at registration
client_secret	varchar(80)	Client secret as returned by GitHub		Provided at registration
access_token	varchar(80)	Access token as returned by GitHub
provision_group_members	boolean	Whether the provisioner should provision CO Group Memberships to GitHub Team Memberships
remove_unknown_members	boolean	Whether the provisioner should remove unknown GitHub Team Members
provision_ssh_keys	boolean	Whether the provisioner should provision SSH Keys to GitHub		Not currently implemented

Table	cm_co_groups
Description	Per-CO group definitions

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
cou_id	integer, foreign key	COU Record ID	cm_cous:id	Added v2.0.0. Initially intended for special groups, may be used for manual groups in the future.
name	varchar(128)	Group name
description	varchar(256)	Description
open	boolean	An open group allows anyone to self-subscribe	true: Open false: Closed
status	varchar(2)	Group's status within CO	A: Active S: Suspended
group_type	varchar(2)	Group Type	A: Admins M: All Members MA: Active Members S: Standard	Added v2.0.0.
auto	boolean	Automatic Group	true: Group is automatically managed false: Group is manually managed	Added v2.0.0.
nesting_mode_all	boolean	Nested Group Memberships calculation mode	true: Member must be a member of ALL nested groups false: Member may be a member of ANY nested group	Added v4.0.0.

Table	cm_co_group_members
Description	Per-CO group memberships

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_group_id	integer, foreign key	CO Group Record ID	cm_co_groups:id
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id
member	boolean	Person is a member of the group	true: Member false: Not a member
owner	boolean	Person is an owner of the group	true: Owner false: Not an owner
valid_from	datetime	CO Group Membership is considered valid from this time	If null, valid any time through valid_through	Added in v3.2.0
valid_through	datetime	CO Group Membership is considered valid through (but not past) this time	If null, valid any time from valid_from	Added in v3.2.0
source_org_identity_id	integer, foreign key	If Pipelines are in use, the Org Identity ID of record that created this Group Membership	cm_org_identities:id
co_group_nesting_id	integer, foreign key	If set, this membership was created via a Nested Group and cannot be manually edited	cm_co_group_nestings:id	Added in v3.3.0

Table	cm_co_group_ois_mappings
Description	Per-CO mappings from OIS records to group memberships

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Org Identity Source ID	cm_org_identity_sources:id
attribute	varchar(80)	OIS attribute to examine
comparison	varchar(4)	Comparison to perform	CTI: Contains (case insensitive) CTS: Contains EQI: Equals (case insensitive) EQS: Equals NCT: Does not contain NCTI: Does not contain (case insensitive) NEQ: Does not equal NEQI: Does not equal (case insensitive) REGX: Regular Expression Match
pattern	varchar(80)	Pattern to match against
co_group_id	nteger, foreign key	For match strategy of Email Address or Identifier, the type of the email address or identifier to use for matching	cm_co_extended_types:name

Table	cm_co_homedir_provisioner_targets
Description	Per-CO Home Directory provisioning target configurations
Plugin	HomedirProvisioner

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id

Table	cm_co_identifier_assignments
Description	Per-CO rules for identifier assignment

There is currently no REST interface to this table.

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
status	varchar(2)	Identifier Assignment status	A: Active S: Suspended	Added v3.3.0
context	varchar(2)	Context (object type) this Identifier Assignment applies to	CD: CoDepartment CG: CoGroup CP: CoPerson	Added v3.3.0
co_group_id	integer, foreign key	If set, subject CO Person must be a member of this CO Group ID for for this Identifier Assignment to run	cm_co_groups:id	Added v4.1.0
identifier_type	varchar(32)	Type of identifier	cm_identifiers:type	A given identifier type may be used more than once
email_type	varchar(32)	Type of email address to assign, if identifier_type is email	cm_email_addresses:type	If not blank and identifier type to be assigned is email, then an entry in cm_email_addresses will also be created, of this type
description	varchar(256)	Description
login	boolean	Registry login flag		Will be used to populate cm_identifiers:login
algorithm	varchar(2)	Algorithm to use to assign this identifier	R: Random assignment S: Sequential assignment
plugin	varchar(64)	Plugin to use for identifier assignment, if set		Added v4.1.0
format	varchar(256)	Format to use for this identifier
permitted	varchar(2)	Valid characters permitted to substitute into format	AD: Alphanumeric characters, dot, dash, and underscore AL: All characters AN: Alphanumeric characters AQ: Alphanumeric characters, dot, dash, underscore, and apostrophe (single quote)
minimum	integer	Minimum value to assign (for numeric identifiers). For sequential, this is the first number to assign.
maximum	integer	Maximum value to assign. For sequential, if this number is reached identifier assignment will fail.
collision_resolution	varchar(64)	Collision resolution mechanism		Not implemented
exclusions	varchar(8)	Characters and words to avoid in assignments	C: Confusing (0 vs O, 1 vs l) O: Offensive S: Superstitions (4, 13, etc)	Not implemented
ordr	integer	Order identifier assignment is run (lower numbers = earlier)		Added v3.3.0, need only be unique within context

Table	cm_co_identifier_validators
Description	Per-CO identifier validators

There is currently no REST interface to this table.

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
description	varchar(256)	Description
plugin	varchar(32)	Identifier Validator plugin
co_extended_type_id	integer, foreign key	Extended Type this plugin is configured to validate	cm_co_extended_types:id	Only EmailAddresses and Identifiers are supported
status	varchar(2)	Status of Identifier Validator	A: Active S: Suspended

Table	cm_co_invites
Description	Per-CO invitations to join

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id
mail	varchar(256)	Email address invited	cm_email_addresses:mail	Copied rather than linked since the linked reference could change
skip_invite	boolean	Whether to skip the invitation step due to an already verified email address being present		Added in Registry v4.0.0 as a workaround for `SkipIfVerified` mode
email_address_id	integer, foreign key	Email Address ID to confirm	cm_email_addresses:id	If set, the invite is intended to verify the linked email address
invitation	varchar(16)	Randomly generated activation key
expires	datetime	Time at which invitation is no longer valid

Table	cm_co_job_history_records
Description	Per-CO Job History Records

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_job_id	integer, foreign key	CO Job Record ID	cm_co_jobs:id
record_key	varchar(64)	Record key associated with Job and Job Type
co_person_id	integer, foreign key	CO Person ID this record applies to	cm_co_people:id
org_identity_id	integer, foreign key	Org Identity ID this record applies to	cm_org_identities:id
comment	varchar(256)	Description of the job task associated with this job history record
status	varchar(2)	Status of the job task associated with this job history record	GO: In Progress OK: Complete Q: Queued X: Failed

Table	cm_co_jobs
Description	Per-CO Job Records

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
job_type	varchar(32)	Job Type	Plugin Name EX: Expiration OS: Org Identity Sync	Plugin name added as of Registry v3.3.0. Enum style values deprecated, will be removed in v4.0.0
job_type_fk	integer	Foreign key value associated with Job Type		eg: cm_org_identity_sources:id Deprecated, will be removed in Registry v4.0.0
job_mode	varchar(16)	Job Type-specific mode
job_params	text	JSON encoded list of parameters to pass to the Job plugin		Added in Registry v3.3.0 Although this is a json document, native json types are not used since they are only available in relatively new versions of the RDBMSs. Also, ADOdb schema support for the json type is limited.
requeue_interval	integer	Upon successful completion, requeue a new copy of the same job after this many seconds		Added in Registry v4.0.0
retry_interval	integer	Upon failure, retry the job after this many seconds		Added in Registry v4.0.0 A new copy of the job will be queued, and the original will be placed in failed status.
max_retry	integer	Maximum retries for this Job		Added in Registry v4.3.0
max_retry_count	integer	Retry count		Added in Registry v4.3.0
requeued_from_co_job_id	integer, foreign key	If this is a requeue or retry job, the original job	cm_co_jobs:id	Added in Registry v4.0.0
status	varchar(2)	Job Status	GO: InProgress OK: Complete Q: Queued X: Failed
register_summary	varchar(256)	Summary description for status at time of job registration
start_summary	varchar(256)	Summary description for status at time of job start
finish_summary	varchar(256)	Summary description for status at time of job completion
queue_time	timestamp	Time Job was queued
start_after_time	timestamp	Time Job should be started after, or null for ASAP		Added in Registry v4.0.0
start_time	timestamp	Time Job was started
complete_time	timestamp	Time Job was completed
percent_complete	integer	For In Progress Jobs, percent complete		Added in Registry v3.3.0

Table	cm_co_ldap_provisioner_attributes
Description	Per-CO per-LDAP target attribute grouping definitions
Plugin	LdapProvisioner

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_ldap_provisioner_target_id	integer, foreign key	CO LDAP Provisioner Target ID	cm_co_ldap_provisioner_targets:id
grouping	varchar(80)	Grouping of LDAP attributes		eg: "Address" includes street, l, st, and postal_code
type	varchar(32)	When populating attributes within this grouping, the type to use (or use all types if null/empty)

Table	cm_co_ldap_provisioner_attributes
Description	Per-CO per-LDAP target attribute definitions
Plugin	LdapProvisioner

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_ldap_provisioner_target_id	integer, foreign key	CO LDAP Provisioner Target ID	cm_co_ldap_provisioner_targets:id
attribute	varchar(80)	LDAP attribute name
objectclass	varchar(80)	Associated object class		Some attributes can occur in more than one object class (eg: cn can appear in person and groupOfNames)
type	varchar(32)	For attributes populated from typed sources, the type to use (or null/empty for all types)
export	boolean	If true, export this attribute
use_org_value	boolean	If true, use the appropriate Organizational Identity value instead of the CO Person value		Only applies to supported models (currently Identifier)

Table	cm_co_ldap_provisioner_dns
Description	Per-CO per-LDAP target DN map
Plugin	LdapProvisioner

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_ldap_provisioner_target_id	integer, foreign key	CO LDAP Provisioner Target ID	cm_co_ldap_provisioner_targets:id
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id
dn	varchar(256)	Assigned Distinguished Name	RFC 4514

Table	cm_co_ldap_provisioner_targets
Description	Per-CO LDAP provisioning target configurations
Plugin	LdapProvisioner

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
serverurl	varchar(256)	URL describing LDAP server to provision	RFC 4516	Use to describe hostname, port, and SSL (use `ldaps` scheme for SSL)
binddn	varchar(128)	DN to bind as	RFC 4514
password	varchar(64)	Password to bind with	RFC 4513	This column should be encrypted
basedn	varchar(128)	Base DN to provision People entries under	RFC 4514
dn_attribute_name	varchar(32)	When constructing the DN, the attribute name to use for the unique component	RFC 4514
dn_identifier_type	varchar(32)	When constructing the DN, the indentifier type to use to populate the attribute value for the unique component	cm_identifiers:type
group_basedn	varchar(128)	Base DN to provision Group entries under	RFC 4514
person_ocs	varchar(256)	Additional objectclasses to attach to a person record	RFC 4512	Added v1.0.3
group_ocs	varchar(256)	Additional objectclasses to attach to a group record	RFC 4512	Added v1.0.3
attr_opts	boolean	Enable attribute option support	RFC 4512	Added v3.2.0
scope_suffix	varchar(128)	For eduPerson attributes requiring scope, the scope to append	eduPerson	Added v2.0.0
unconf_attr_mode	varchar(2)	How to handle unconfigured attributes within a schema	I: Ignore R: Remove	Added v2.0.0
oc_eduperson	boolean	Enable eduPerson schema support	eduPerson
oc_edumember	boolean	Enable eduMember schema support	eduMember
oc_groupofnames	boolean	Enable groupOfNames schema support	RFC 4519
oc_posixaccount	boolean	Enable posixAccount schema support	RFC 2307
oc_posixgroup	boolean	Enable posixGroup schema support	RFC 2307	Added v3.3.0
oc_voposixaccount	boolean	Enable voPosixAccount schema support	voPerson	Added v3.3.0
oc_voposixgroup	boolean	Enable voPosixGroup schema support	voPerson	Added v3.3.0
cluster_id	integer, foreign key	Cluster to provision for posixAccount/posixGroup purposes	cm_clusters:id	Currently only Unix Clusters are supported Added v3.3.0
oc_ldappublickey	boolean	Enable ldapPublicKey schema support	ldapPublicKey
oc_voperson	boolean	Enabled voPerson schema support	voPerson	Added v3.2.0

Table	cm_co_localizations
Description	Per-CO text localizations

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
lkey	varchar(40)	Text key	Corresponds to key in `$cm_texts` (lang.php)
language	varchar(16)	Language rendering for this key	Corresponds to `$cm_lang` (lang.php)
text	varchar(256)	Localization to replace the default text

Table	cm_co_mailman_lists
Description	Per-CO Mailman lists
Plugin	MailmanProvisioner

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_mailman_provisioner_target_id	integer, foreign key	CO Mailman Provisioner Target ID	cm_co_mailman_provisioner_targets:id
co_email_list_id	integer, foreign key	CO Email List ID	cm_co_email_lists:id
mailman_list_identifier	varchar(128)	Identifier assigned by Mailman for this CO Email List

Table	cm_co_mailman_provisioner_targets
Description	Per-CO Mailman provisioning target configurations
Plugin	MailmanProvisioner

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
serverurl	varchar(256)	URL for Mailman REST Admin server
adminuser	varchar(128)	Administrator user name
password	varchar(64)	Administrator password		This column should be encrypted
domain	varchar(128)	Mailman domain for this provisioner to manage
pref_email_type	varchar(32)	If specified, the email address type that will be used as a subscriber's preferred address	cm_email_addresses:type

Table	cm_co_message_templates
Description	Per-CO Message Templates

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
description	varchar(256)	Description of this message template
context	varchar(2)	Message context	AU: Authenticator AP: Enrollment Approver EA: Enrollment Approval EF: Enrollment Finalization EV: Enrollment Verification XN: Expiration Notification PL: Plugin	As of v3.3.0, EA templates are also available for denial messages
cc	varchar(256)	Comma separated list of addresses to cc
bcc	varchar(256)	Comma separated list of addresses to bcc
message_subject	varchar(256)	Message subject
message_body	text	Message body
status	varchar(2)	Template status	A: Active S: Suspended	A suspended template cannot be added to new contexts.

Table	cm_co_mid_point_provisioner_targets
Description	Per-CO midPoint provisioning target configurations
Plugin	MidPoint Provisioning Plugin

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
server_id	integer, foreign key	Server ID	cm_servers:id
user_name_identifier	varchar(32)	Type of identifier to use as Crowd person name	cm_identifiers:type

Table	cm_co_name_identifier_assignments
Description	Per-Identifier tracking of assigned name-based sequences *This table is obsolete*

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_identifier_assignment_id	integer, foreign key	CO Identifier Assignment ID	cm_co_identifier_assignments:id
sequence	varchar(256)	Name-based sequence		eg: pat.q.lee or pql
last	integer	Last value used to assign this identifier

Table	cm_co_notifications
Description	Per-CO text notifications

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
subject_co_person_id	integer, foreign key	CO Person Record ID this notification is about	cm_co_people:id
actor_co_person_id	integer, foreign key	CO Person Record ID this notification is from	cm_co_people:id
recipient_co_person_id	integer, foreign key	CO Person Record ID this notification was sent to	cm_co_people:id	Either this or `recipient_co_group_id` is required
recipient_co_group_id	integer, foreign key	CO Group Record ID this notification was sent to	cm_co_groups:id	Either this or `recipient_co_person_id` is required; Any member of the group may acknowledge or resolve the notification
resolver_co_person_id	integer, foreign key	CO Person Record ID this notification was resolved (acknowledged, canceled, resolved) by	cm_co_people:id
action	varchar(4)	Machine readable transaction code	As defined in ActionEnum	Local notifications should be identified with an action code beginning with the letter 'X'
comment	varchar(256)	Human readable transaction description
source_url	varchar(160)	URL associated with this notification, for more information or followup action		Either this or the set of `source_controller,action,id` is required
source_controller	varchar(80)	Cake controller, along with `source_action`, `source_id`, `source_arg0`, and `source_val0`, associated with this notification, for more information or followup action		Either this or `source_url` is required
source_action	varchar(80)	See `source_controller`
source_id	integer	See `source_controller`
source_arg0	varchar(80)	See `source_controller`
source_val0	varchar(80)	See `source_controller`
email_subject	varchar(256)	Subject used for email sent as part of this Notification
email_body	text	Message body used for email sent as part of this Notification
resolution_subject	varchar(256)	Subject used for email sent when this Notification is resolved
resolution_body	text	Message body used for email sent when this Notification is resolved
status	varchar(2)	Notification status	A: Acknowledged D: Deleted PA: Pending Acknowledgment PR: Pending Resolution R: Resolved X: Canceled (by actor)
notification_time	timestamp	Time of most recent notification delivery		Email notifications may be re-delivered, full history available via history records
resolution_time	timestamp	Time of acknowledgment or resolution

Table	cm_co_notifications_widgets
Description	Per-CO Notifications Widgets configuration
Plugin	NotificationsWidget

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_dashboard_widget_id	integer, foreign key	CO Dashboard Widget Record ID	cm_co_dashboard_widgets:id
max_notifications	integer	Maximum number of notifications to render

Table	cm_co_nsf_demographics
Description	Demographics for statistics

Based on http://www.nsf.gov/pubs/2000/00form1225/00form1225.doc

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id
gender	varchar(2)	self-asserted gender	M: Male F: Female
citizenship	varchar(2)	self-asserted citizenship	US: U.S. Citizen (see: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) P: U.S. Permanent Resident O: Other non-U.S. Citizen
ethnicity	varchar(2)	self-asserted ethnicity, may have multiple values selected	H: Hispanic or Latino - a person of Mexican, Puerto Rican, Cuban, South or Central American, or other Spanish culture or origin, regardless of race. N: Not Hispanic or Latino
race	varchar(5)	self-asserted race, may have multiple values selected	A: Asian - a person having origins in any of the original peoples of the Far East, Southeast Asia, or the Indian subcontinent including, for example, Cambodia, China, India, Japan, Korea, Malaysia, Pakistan, the Philippine Islands, Thailand, and Vietnam. I: American Indian or Alaskan Native - a person having origins in any of the original peoples of North and South America (including Central America), and who maintains tribal affiliation or community attachment. B: Black or African American - a person having origins in any of the black racial groups of Africa. N: Native Hawaiian or Pacific Islander - a person having origins in any of the original peoples of Hawaii, Guan, Samoa, or other Pacific Islands W: White - a person having origins in any of the original peoples of Europe, the Middle East, or North Africa.
disability	varchar(4)	self-asserted disability, may have multiple values selected	H: Hearing Impaired V: Visual Impaired M: Mobility/Orthopedic Impairment O: Other Impairment

Table	cm_co_org_identity_links
Description	Link from CO person role to Org identity

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id
org_identity_id	integer, foreign key	Organization Person Record ID	cm_org_identities:id

Table	cm_co_people
Description	Per-CO People

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
timezone	varchar(80)	Person's preferred timezone	IANA Timezone Database
date_of_birth	date	Person's date of birth		Added in Registry v3.3.0
status	varchar(2)	Person's status within CO	A: Active C: Confirmed D: Deleted D2: Duplicate GP: Grace Period I: Invited L: Locked N: Denied P: Pending PA: Pending Approval PC: Pending Confirmation PV: Pending Vetting S: Suspended X: Declined XP: Expired Y: Approved

Table	cm_co_person_roles
Description	Per-CO person roles

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id
manager_co_person_id	integer, foreign key	CO Person ID of Manager	cm_co_people:id	Added in Registry v4.1.0
sponsor_co_person_id	integer, foreign key	CO Person ID of Sponsor for continued membership	cm_co_people:id	not necessarily the same as the enrollment sponsor in cm_co_petitions
cou_id	integer, foreign key	COU ID	cm_cous:id
affiliation	varchar(8)	Broad affiliation to CO	eduPerson person	Extended Type
title	varchar(128)	Title at CO	X.520 via RFC 4519 person
o	varchar(128)	CO	X.520 via RFC 4519 person
ou	varchar(128)	Departmental affiliation at CO	X.520 via RFC 4519 person
valid_from	datetime	Person Role is valid member of CO from this time	If null, valid any time through valid_through
valid_through	datetime	Person Role is valid member of CO through (but not past) this time	If null, valid any time from valid_from
ordr	integer	Order/Rank/Priority of this Person Role		Added in Registry v3.2.0
status	varchar(2)	Person's Role status within CO	A: Active C: Confirmed D: Deleted D2: Duplicate GP: Grace Period I: Invited N: Denied P: Pending PA: Pending Approval PC: Pending Confirmation PV: Pending Vetting S: Suspended X: Declined XP: Expired Y: Approved
source_org_identity_id	integer, foreign key	If Pipelines are in use, the Org Identity ID of record that created this Person Role	cm_org_identities:id

Table	cm_co_person_sources
Description	Link from CO person role to Org identity *This table is obsolete*

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
co_person_id	integer, foreign key	CO Person Record ID	cm_co_person_roles:id
cou_id	integer, foreign key	COU ID	cm_cous:id
org_person_id	integer, foreign key	Organization Person Record ID	cm_org_identities:id

Table	cm_co_petition_attributes
Description	Per-CO enrollment petition attributes

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_petition_id	integer, foreign key	CO Petition Record ID	cm_co_petitions:id
co_enrollment_attribute_id	integer, foreign key	CO Enrollment Attribute Record ID	cm_co_enrollment_attributes:id
attribute	varchar(80)	Name of this attribute		A single co_enrollment_attribute_id can point to more than one attribute, since (eg) the enrollment attribute 'Name' actually has several attributes (given, middle, surname, etc)
value	varchar(160)	Value of this attribute requested for this Petition		Note values are cast to varchar.
attribute_foreign_key	integer	Row identifier of this value in the table described by co_enrollment_attribute_id		The intent of this column is to link the attribute stored in the petition to the table that implements the production value. This linkage is primarily intended for the early part of the petition lifecycle, eg: to edit a petition. *There is no referential integrity enforced on this column*, and over time the foreign keys may become invalid.

Table	cm_co_petition_history_records
Description	Per-CO enrollment petition history records

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_petition_id	integer, foreign key	CO Petition Record ID	cm_co_petitions:id
actor_co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id	Person who triggered the action
action	varchar(4)	Machine readable transaction code	PY: Petition approved PC: Petition created PX: Petition declined PN: Petition denied
comment	varchar(160)	Human readable comment

Table	cm_co_petitions
Description	Per-CO enrollment petitions

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_id	integer, foreign key	CO Enrollment Flow Record ID	cm_co_enrollment_flows:id	Enrollment Flow controlling this Petition
co_id	integer, foreign key	CO Record ID	cm_cos:id	Same as co_enrollment_flow:co_id, repeated here to make retrieval by CO easier
cou_id	integer, foreign key	COU Record ID	cm_cous:id
enrollee_org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Populated if an Org Identity is created by form-based attribute collection during the flow. See also cm_org_identity_source_records:co_petition_id
archived_org_identity_id	integer, foreign key	Archived Org Identity Record ID	cm_org_identities:id	If an org identity is replaced during execution of an enrollment flow, this will hold the original org identity
enrollee_co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id	Populated if a CO Person is created by form-based attribute collection during the flow
enrollee_co_person_role_id	integer, foreign key	CO Person Role Record ID	cm_co_person_roles:id	Populated if a CO Person Role is created by form-based attribute collection during the flow
petitioner_co_person_id	integer, foreign key	CO Person Record ID of person initiating request	cm_co_people:id
sponsor_co_person_id	integer, foreign key	CO Person Record ID of person sponsoring request	cm_co_people:id
approver_co_person_id	integer, foreign key	CO Person Record ID of person approving request	cm_co_people:id
co_invite_id	integer, foreign key	CO Invite ID created as part of this Petition	cm_co_invites:id	This field is not persistant, and is only non-NULL when an invite is pending.
vetting_request_id	integer, foreign key	Vetting Request triggered as part of this Partition	cm_vetting_requests:id	Added in Registry v4.1.0
authenticated_identifier	varchar(256)	Authenticated identifier received as part of user authentication		Basically the contents of $REMOTE_USER
reference_identifier	varchar(40)	Reference Identifier returned from an ID Match service, when Match Type is External	TAP ID Match API	Added in Registry v4.1.0
petitioner_token	char(48)	For unauthenticated enrollments, token used to verify petitioner requests
enrollee_token	char(48)	For unauthenticated enrollments, token used to verify enrollee requests
return_url	varchar(256)	Upon completion of enrollment, URL to redirect to (superseding redirect_on_finalize)		Must match a whitelisted value in the associated Enrollment Flow configuration.
approver_comment	varchar(256)	Comment from approver upon reviewing petition		Added v3.3.0, intended to be suitable for display to enrollee.
status	varchar(2)		D2: Duplicate I: Invited N: Denied P: Pending PA: Pending Approval PC: Pending Confirmation PV: Pending Vetting X: Declined Y: Approved	Tentative

Table	cm_co_pipelines
Description	Per-CO pipelines

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
name	varchar(128)	Name
status	varchar(128)	Status of Org Identity Source Plugin	A: Active S: Suspended
match_strategy	varchar(2)	Match strategy on add of new record	EA: Email Address EX: External ID: Identifier NO: No Matching
match_type	varchar(32)	For match strategy of Email Address or Identifier, the type of the email address or identifier to use for matching	cm_co_extended_types:name
match_server_id	integer, foreign key	Match Server ID	cm_match_servers:id	Added in Registry v3.3.0
sync_on_add	boolean	Sync record on add
sync_on_update	boolean	Sync record on update
sync_on_delete	boolean	Sync record on delete
sync_coperson_status	varchar(2)	If set new CoPerson record will be created with this status	A: Active C: Confirmed D: Deleted D2: Duplicate GP: Grace Period I: Invited N: Denied P: Pending PA: Pending Approval PC: Pending Confirmation S: Suspended X: Declined XP: Expired Y: Approved	Added in Registry v3.3.1
create_role	boolean	Create a corresponding CO Person Role on sync
sync_cou_id	integer, foreign key	When adding or updating a record, the COU the resulting Person Role should be attached to	cm_cous:id
sync_affiliation	varchar(32)	When adding or updating a CO Person Role, the affiliation given to the Role (regardless of Org Identity affiliation)
sync_replace_cou_id	integer, foreign key	When adding a record, if a corresponding role is found in the specified COU delete/expire it	cm_cous:id
sync_status_on_delete	varchar(2)	When syncing a record on delete, set the corresponding Person Role to the specified status	D: Deleted GP: Grace Period S: Suspended XP: Expired
sync_identifier_type	varchar(32)	When syncing relationships, the identifier type to use for mapping	cm_co_extended_types:name	Added in Registry v4.1.0
co_enrollment_flow_id	integer, foreign key	CO Enrollment Flow ID to trigger during sync	cm_co_enrollment_flows:id	Added in Registry v3.3.0

Table	cm_co_provisioning_counts
Description	Per-provisioning target job execution counts

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_provisionig_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
co_job_id	integer, foreign key	CO Job ID	cm_co_jobs:id
provisioning_count	integer	Provisioning count

Table	cm_co_provisioning_exports
Description	Per-CO provisioning target export record

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id
co_group_id	integer, foreign key	CO Group ID	cm_co_groups:id
co_email_list_id	integer, foreign key	CO Email List ID	cm_co_email_lists:id
co_service_id	integer, foreign key	CO Service ID	cm_co_services:id	Added Registry v3.3.0
exporttime	timestamp	Time of latest export

Table	cm_co_provisioning_queued_events
Description	Per-CO provisioning events to process

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id	Person who triggered the action
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id
status	varchar(2)	Status of provisioning request	F: Failed (no retry) I: In Progress Q: Queued R: Failed (will retry) S: Success

Table	cm_co_provisioning_targets
Description	Per-CO provisioning targets

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
description	varchar(256)	Description
plugin	varchar(32)	Provisioning Plugin
provision_co_group_id	integer, foreign key	If set, only CO People who are members of this CO Group (and only this CO Group, if groups are also provisioned) will be provisioned using this Provisioning Target	cm_co_groups:id	Added v2.0.0
status	varchar(2)	Provisioning Target mode	A: Automatic Mode D: Disabled E: Enrollment Mode M: Manual Mode Q: Queue Mode QE: Queue On Error Mode	Enrollment Mode added v3.2.0 Queue Modes added v4.0.0
skip_org_identity_source_id	integer, foreign key	If set, provisioning will be skipped for CO Person records that have an Org Identity associated with the specified Org Identity Source	cm_org_identity_sources:id	Added v3.2.0
retry_interval	integer	For Queue Modes, interval in seconds to retry on failed provisioning		0 disables retrying Added v4.0.0
max_retry	integer	For Queue Mode, maximum number of times to retry		Added v4.3.0
ordr	integer	Order attribute is presented (lower numbers = earlier)		Added v1.0.3

Table	cm_co_role_assignments
Description	Per-CO person role assignments

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_role_id	integer, foreign key	CO Role Record ID	cm_co_roles:id
co_person_id	integer, foreign key	CO Person Record ID	cm_co_person_roles:id
percent_time	integer	Percent time Person is allocated to Role	0 (none) to 100 (full)

Table	cm_co_role_groups
Description	Per-CO group memberships implied by role

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_role_id	integer, foreign key	CO Role Record ID	cm_co_roles:id
co_group_id	integer, foreign key	CO Group Record ID	cm_co_groups:id

Table	cm_co_roles
Description	Per-CO role definitions

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
description	varchar(256)	Description
status	varchar(2)	Role's status within CO	A: Active D: Deleted

Table	cm_co_self_service_permissions
Description	Per-CO self service permissions

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
model	varchar(40)	Model this permission applies to
type	varchar(16)	Type within model this permission applies to, or blank for default		Default applies if there is no entry for a specific type
permission	varchar(16)	Permission to be applied	N: None (permission denied) RO: Read Only RW: Read Write

Table	cm_co_sequential_identifier_assignments
Description	Per-Identifier tracking of next values for sequentially assigned identifiers

There is currently no REST interface to this table.

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_identifier_assignment_id	integer, foreign key	CO Identifier Assignment ID	cm_co_identifier_assignments:id
affix	varchar(256)	String to attach the sequence number to		Basically the non-sequence portion of cm_co_identifier_assignments:format
last	integer	Last value used to assign this identifier

Table	cm_co_service_token_settings
Description	Per-CO service token settings
Plugin	Service Tokens

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_service_id	integer, foreign key	CO Service ID	cm_co_services:id
enabled	boolean	Whether this Service Token type is enabled
token_type	varchar(2)	Token type	08: 8 character alphanumeric plaintext 15: 15 character alphanumeric plaintext

Table	cm_co_service_tokens
Description	Per-CO service tokens
Plugin	Service Tokens

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_service_id	integer, foreign key	CO Service ID	cm_co_services:id	The service this token applies to
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id	The person this token is for
token	varchar(64)	Service (application) specific token		This column should be encrypted
token_type	varchar(2)	Token type	08: 8 character alphanumeric plaintext 15: 15 character alphanumeric plaintext

Table	cm_co_services
Description	Per-CO Services

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
cou_id	integer, foreign key	COU Record ID	cm_cous:id
name	varchar(256)	Name
description	varchar(256)	Description
short_label	varchar(32)	Service short label		Intended for use with LDAP attribute options
co_group_id	integer, foreign key	CO Group ID	cm_co_groups:id	If set, access to this service is controlled by the specified group, though the application is ultimately responsible for enforcement
authenticator_id	integer, foreign key	Authenticator ID	cm_authenticators:id	Added v3.3.0
cluster_id	integer, foreign key	Cluster ID	cm_clusters:id	Added v3.3.0
service_url	varchar(256)	Service URL		A clickable link that directs the user to the service
service_label	varchar(1024)	Protocol specific identifier or label of the service, eg SAML Entity ID or OIDC Client ID		Added v3.1.0 Deprecated in v3.2.0, will be removed in v4.0.0 (CO-1595)
contact_email	varchar(128)	Email Address of contact responsible for this Service	RFC 5322 Address
entitlement_uri	varchar(256)	Entitlement URI associated with this Service	eduPerson entitlement	For authorization purposes, eg: ldap attribute population
visibility	varchar(2)	Visibility of this Service	CA: CO Admin CG: CO Group Member (of the specified co_group_id) CP: CO Person P: Unauthenticated (Public)	In particular for use generating a user-visible list of Services
identifier_type	varchar(32)	Identifier type associated with this Service	cm_co_extended_types:name
status	varchar(2)	Status	A: Active S: Suspended

Table	cm_co_settings
Description	Per-CO configuration settings

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
co_theme_id	integer, foreign key	Theme to use by default for this CO	cm_co_themes:id	When specified for the COmanage CO, will also apply as platform default theme
co_dashboard_id	integer, foreign key	Primary Dashboard for this CO	cm_co_dashboards:id	Added Registry v3.2.0
enable_nsf_demo	boolean	Whether or not to enable NSF demographics tracking	true: Enabled false: Disabled
disable_expiration	boolean	Whether or not expirations may be run automatically	true: Disabled false: Enabled
disable_ois_sync	boolean	Whether or not Org Identity syncs may be run automatically	true: Disabled false: Enabled
enable_normalization	boolean	Whether or not to enable normalizations	true: Enabled false: Disabled
enable_empty_cou	boolean	Whether or not to permit empty COUs	true: Enabled false: Disabled	Added Registry v3.3.0
group_validity_sync_window	integer	For reprovisioning based on CoGroupMember validity dates, the "look back" window, in minutes, or 0 to disable		See Registry Validity Dates and Registry Job Shell Added in Registry v3.2.0
invitation_validity	integer	For invitations used as part of default enrollment, the length of time (in minutes) the invitation is valid for		See also cm_co_enrollment_flows:invitation_validity
permitted_fields_name	varchar(160)	A comma separated list of which of name fields are permitted
required_fields_addr	varchar(160)	A comma separated list of which of address fields are required		See also cm_cmp_enrollment_attributes:required_fields
required_fields_name	varchar(160)	A comma separated list of which of name fields are required		See also cm_cmp_enrollment_attributes:required_fields
person_picker_email_type	varchar(160)	The type of email to use in the people picker JavaScript widget		Added in Registry v4.1.0
person_picker_identifier_type	varchar(160)	The type of identifier to use in the people picker JavaScript widget		Added in Registry v4.1.0
person_picker_display_types	boolean	Whether or not to display email and identifier type labels in the people picker JavaScript widget	true: Enabled false: Disabled	Added in Registry v4.1.0
t_and_c_login_mode	varchar(2)	How to handle unacknowledged Terms and Conditions at login	D: Disable all services R: Require at login X: Not enforced
sponsor_eligibility	varchar(2)	What CO People are eligible to be sponsors	A: CO or COU Admin CA: CO Admin CG: CO Group Member CP: Valid CO Person N: Sponsors disabled
sponsor_co_group_id	integer, foreign key	If sponsor_eligibility is CO Group Member, the group of eligible sponsors	cm_co_groups:id
default_co_pipeline_id	integer, foreign ey	Pipeline to run for Org Identities if no other Pipeline applies	cm_co_pipelines:id
elect_strategy_primary_name	varchar(2)	Election strategy for Primary Name	FI: FIFO M: Manual
theme_stacking	varchar(2)	Whether to enable Theme Stacking within this CO.	A: Active S: Suspended (disabled)	Added in Registry v4.0.0
global_search_limit	integer	Maximum number of records per model to return via global search		Must be a positive integer, cannot be disabled (but can be set very large) Added in Registry v4.0.0

Table	cm_co_t_and_c_agreements
Description	Person agreements to terms and conditions

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_terms_and_conditions_id	integer, foreign key	CO Terms and Conditions Record ID	cm_co_terms_and_conditions:id
co_person_id	integer, foreign key	CO Person ID (Person agreeing to the T&C)	cm_co_people:id
agreement_time	timestamp	Time T&C were agreed to
identifier	varchar(256)	Identifier CO Person was authenticated as when T&C were agreed to		This is not a link to cm_identifiers in case the Identifier is subsequently deleted

eTable	cm_co_terms_and_conditions
Description	Per-CO terms and conditions

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
description	varchar(256)	Description
url	varchar(256)	URL to terms and conditions
body	text(4000)	Body of T&C, instead of URL		Since v3.2.0
cou_id	integer, foreign key	If set, T&C must be agreed to by members of this COU	cm_cous:id
status	varchar(2)	Status of T&C	A: Active S: Suspended
ordr	integer	Ascending order in which to display T&Cs		Since v3.1.0

Table	cm_co_themes
Description	Per-CO themes

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
name	varchar(80)	Name of this theme
hide_title	boolean	Whether to suppress the CO title bar
hide_footer_logo	boolean	Whether to suppress the "Powered by COmanage" logo
css	text	Custom CSS used by this theme	W3C CSS Official Definition
header	text	Page layout header to emit
footer	text	Page layout footer to emit

Table	cm_configuration
Description	COordinate configuration values This table was not implemented and is obsolete

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
attribute	varchar(256)	Configuration item
value	varchar(256)	Configuration value

Table	cm_cos
Description	Definitions of (virtual) organizations

CO Admins are defined by membership within the "admin" group within their CO
Special CO with name "COmanage" is where COmanage Admins are listed

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
name	varchar(128)	CO Name
description	varchar(256)	Description
status	varchar(2)	CO's status	A: Active S: Suspended T: Template	Template added Registry v3.2.0

Table	cm_cous
Description	Per-CO unit definitions

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
parent_cou_id	integer, foreign key	pointer to parent cou	cm_cous:id
lft	integer	Tree left value	required by CakePHP for tree functions	Automatically managed
rght	integer	Tree right value	required by CakePHP for tree functions	Automatically managed
name	varchar(128)	COU name
description	varchar(256)	Description

Note: The CakePHP implementation of the model that represents this table includes code that enables the model to support a tree structure and leverage class MPTT behavior. The result is extra structure not easily seen in the table definition above. Refer to the implementation for details.

Table	cm_dictionaries
Description	Dictionaries

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
description	varchar(128)	Description
mode	varchar(2)	Dictionary Mode	D: Departments O: Organizations S: Standard	In non-Standard mode, Dictionaries are dynamically constructed from the specified object registry

Table	cm_dictionary_entries
Description	Dictionary Entries

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
dictionary_id	integer, foreign key	Dictionary ID	cm_dictionaries:id
value	varchar(80)	Dictionary Entry value
code	varchar(16)	Dictionary Entry code
ordr	integer	Order of this Entry within the Dictionary

Table	cm_dictionary_identifier_validators
Description	Dictionary Identifier Validators
Plugin	Dictionary Identifier Validator

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_identifier_validator_id	integer, foreign key	Identifier Validator ID	cm_co_identifier_validators:id
dictionary_id	integer, foreign key	Dictionary ID	cm_dictionaries:id
mode	varchar(4)	Comparison to perform	CTI: Contains (case insensitive) EQI: Equals (case insensitive)

Table	cm_email_addresses
Description	Email Addresses

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
mail	varchar(256)	Internet mail address	RFC 4524 inetOrgPerson
description	varchar(128)	Description		Added in Registry v3.1.0.
type	varchar(32)	Type of mail, as enumerated		When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model. See also Recommendations For Email Addresses.
verified	boolean	Was this address verified?	true: Verified false: Not verified	Verification is via a URL sent to the address
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
co_department_id	integer, foreign key	CO Department Record ID	cm_co_departments:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified. Added in Registry v3.1.0.
source_email_address_id	integer, foreign key	If Pipelines are in use, the Email Address ID for the Org Identity Email Address that created this Name	cm_email_addresses:id	Added in Registry v2.0.0.

Table	cm_env_sources
Description	Env Organizational Identity Sources
Plugin	Env Source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
duplicate_mode	varchar(2)	Duplicate handling mode	AI: Any Identifier LI: Login Identifier SI: SOR Identifier	Added in Registry v4.1.0
sp_type	varchar(2)	Web Server SP Provider	SH: Shibboleth SP SS: SimpleSamlPHP SP O: Other	Added in Registry v4.3.0
redirect_on_duplicate	varchar(1024)	Redirect target on duplicate		Added in Registry v4.1.0
env_name_honorific	varchar(80)	Environment variable holding official honorific	cm_names
env_name_given	varchar(80)	Environment variable holding official given name	cm_names
env_name_middle	varchar(80)	Environment variable holding official middle name	cm_names
env_name_family	varchar(80)	Environment variable holding official family name	cm_names
env_name_suffix	varchar(80)	Environment variable holding official suffix	cm_names
env_affiliation	varchar(80)	Environment variable holding affiliation	cm_co_person_roles
env_title	varchar(80)	Environment variable holding title	cm_co_person_roles
env_o	varchar(80)	Environment variable holding organization	cm_co_person_roles
env_ou	varchar(80)	Environment variable holding department	cm_co_person_roles
env_mail	varchar(80)	Environment variable holding official email address	cm_email_addresses
env_telephone_number	varchar(80)	Environment variable holding office telephone number	cm_telephone_numbers
env_address_street	varchar(80)	Environment variable holding office street	cm_addresses
env_address_locality	varchar(80)	Environment variable holding office locality/city	cm_addresses
env_address_state	varchar(80)	Environment variable holding office state	cm_addresses
env_address_postalcode	varchar(80)	Environment variable holding office postal code	cm_addresses
env_address_country	varchar(80)	Environment variable holding office country	cm_addresses
env_identifier_eppn	varchar(80)	Environment variable holding eppn	cm_identifiers
env_identifier_eppn_login	boolean	Whether eppn should be allowed to login to Registry	cm_identifiers
env_identifier_eptid	varchar(80)	Environment variable holding eptid	cm_identifiers
env_identifier_eptid_login	boolean	Whether eptid should be allowed to login to Registry	cm_identifiers
env_identifier_epuid	varchar(80)	Environment variable holding epuid	cm_identifiers
env_identifier_epuid_login	boolean	Whether epuid should be allowed to login to Registry	cm_identifiers
env_identifier_orcid	varchar(80)	Environment variable holding orcid	cm_identifiers
env_identifier_orcid_login	boolean	Whether orcid should be allowed to login to Registry	cm_identifiers
env_identifier_sorid	varchar(80)	Environment variable holding sorid	cm_identifiers
env_identifier_sorid_login	boolean	Whether sorid should be allowed to login to Registry	cm_identifiers
env_identifier_network	varchar(80)	Environment variable holding network	cm_identifiers
env_identifier_network_login	boolean	Whether network should be allowed to login to Registry	cm_identifiers

Table	cm_file_sources
Description	File Organizational Identity Sources
Plugin	File Source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
filepath	varchar(256)	Path to source file
archivedir	varchar(256)	Directory for archive of source files		Added v3.1.0
threshold_warn	integer	Warning threshold for number of changed records to prevent processing of a full sync	Percentage of changed records	Added v4.0.0
threshold_override	boolean	If true, ignore threshold_warn for the next sync processing		Added v4.0.0
format	varchar(2)	File Format	C1: CSV v1 C2: CSV v2	Added v4.0.0

Table	cm_group_filter_rules
Description	Per-CO Group Filter Rules
Plugin	Group Filter

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
group_filter_id	integer, foreign key	Group Filter ID	cm_group_filters:id
name_pattern	varchar(1024)	Name Pattern to match	Regular expression, including `/` delimiters
ordr	integer	Order in which this Rule is applied	Lower values are processed first
required	integer	How this Rule is processed	1: Required, must match or group is excluded 0: Optional, if match group is included -1: Not permitted, if match group is excluded

Table	cm_group_filters
Description	Per-CO Group Filters
Plugin	Group Filter

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
data_filter_id	integer, foreign key	Data Filter ID	cm_data_filters:id

Table	cm_group_name_filters
Description	Per-CO Group Name Filters
Plugin	Group Name Filter

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
data_filter_id	integer, foreign key	Data Filter ID	cm_data_filters:id
identifier_type	varchar(32)	Identifier type to use for CO Group name	cm_identifiers:type

Table	cm_history
Description	Transaction history (human readable)

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_person_id	integer, foreign key	CO Person Record ID change applied to	cm_co_people:id
co_person_role_id	integer, foreign key	CO Person Role Record ID change applied to	cm_co_person_roles:id
org_identity_id	integer, foreign key	Organizational Identity Record ID change applied to	cm_org_identities:id
co_group_id	integer, foreign key	CO Group Record ID change applied to	cm_co_group_members:id
co_email_list_id	integer, foreign key	CO Email List ID change applied to	cm_co_email_lists:id
co_service_id	integer, foreign key	CO Service ID change applied to	cm_co_services:id	Added Registry v3.3.0
actor_co_person_id	integer, foreign key	CO Person who executed or requested this change	cm_co_people:id
action	varchar(4)	Machine readable transaction code	As defined in ActionEnum	Local history should be identified with an action code beginning with the letter 'X'.
comment	varchar(160)	Human readable transaction description

Table	cm_http_servers
Description	HTTP Servers

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
server_id	integer, foreign key	Server ID	cm_servers:id
serverurl	varchar(256)	URL describing HTTP server	RFC 7230	Use to describe hostname, port, and SSL
username	varchar(128)	Username to bind as	RFC 7235
password	varchar(400)	Password to bind with	RFC 7235	This column should be encrypted Resized from 80 in v4.0.0
auth_type	varchar(2)	HTTP Authentication Type	BA: Basic BE: Bearer X: None	Added Registry v4.1.0
ssl_verify_peer	boolean	Verify SSL Certificate		Added Registry v3.3.0
ssl_verify_host	boolean	Verify SSL Certificate Hostname		Added Registry v3.3.0

Table	cm_identifier_enrollers
Description	Identifier Enrollers
Plugin	IdentifierEnroller Plugin

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_wedge_id	integer, foreign key	Enrollment Flow Wedge ID	cm_co_enrollment_flow_wedges:id

Table	cm_identifier_enrollers
Description	Identifiers to be collected by an Identifier Enroller
Plugin	IdentifierEnroller Plugin

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
identifier_enroller_id	integer, foreign key	Enrollment Flow Wedge ID	cm_co_enrollment_flow_wedges:id
label	varchar(80)	Name of attribute as presented during enrollment
description	varchar(256)	Description of attribute, presented during enrollment
identifier_type	varchar(32)	Identifier type to be collected	cm_co_extended_types:name
default_env	varchar(80)	If specified, the value held in this environment variable will be used as a default value for this attribute
ordr	integer	Order attribute is presented (lower numbers = earlier)

Table	cm_identifiers
Description	Person identifiers

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
identifier	varchar(256)	Identifier	As per type definition
type	varchar(32)	Type of identifier	Arbitrary values may be configured via cm_co_extended_types (for identifiers attached to COs, only) or default values available are eppn: eduPersonPrincipalName eptid: eduPersonTargetedID mail: RFC 4524 inetOrgPerson openid: OpenID uid: RFC 4519 uidObject (previously userid)	mail is intended for CO generated mail aliases/addresses to be stored, regardless of whether or not they are in use. Email addresses intended to be reflected into directories or other downstream locations should be stored in the email_addresses table.
login	boolean	Registry login flag	true: This identifier can be used to login to Registry false: This identifier cannot be used to login to Registry	Only applies to identifiers attached to Org Identities.
status	varchar(2)	Identifier's status	A: Active S: Suspended	An identifier marked deleted is no longer considered in use by COmanage, but it cannot be reassigned. Prior to v2.0.0, the status D/Deleted was used instead of S/Suspended.
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id	Only one of `co_person_id`, `org_identity_id`, `co_group_id`, or `co_department_id` may be specified
org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Only one of `co_person_id`, `org_identity_id`, `co_group_id`, or `co_department_id` may be specified
co_department_id	integer, foreign key	CO Department Record ID	cm_co_departments:id	Only one of `co_person_id`, `org_identity_id`, `co_group_id`, or `co_department_id` may be specified. Added in Registry v3.1.0.
co_group_id	integer, foreign key	CO Group Record ID	cm_co_groups:id	Only one of `co_person_id`, `org_identity_id`, `co_group_id`, or `co_department_id` may be specified. Added in Registry v3.3.0.
source_identifier_id	integer, foreign key	If Pipelines are in use, the Identifier ID for the Org Identity Identifier that created this record.	cm_identifiers:id	Added in Registry v2.0.0.
co_provisioning_target_id	integer, foreign key	CO Provisioning Target ID	cm_co_provisioning_targets:id	ie: The Provisioning Target that assigned (and is responsible for managing) this Identifier. Added in Registry v3.1.0.

Table	cm_identity_documents
Description	Identity Documents

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_person_id	integer, foreign key	CO ID	cm_co_people:id
document_type	varchar(2)	Identity Document Type	TAP Core Schema (draft) BC: Birth Certificate DL: Driver's License L: Local (eg: a town government ID) N: National ND: Non Driver (ie: an identity card issued by a motor vehicle agency to non drivers) P: Passport R: Regional (eg: a state or province ID) RC: Residency (a residency card, such as a US Green Card) SA: Self Assertion T: Tribal V: Visa
document_subtype	varchar(80)	Identity Document Subtype		The Subtype varies by Type. For example, the Subtype for a Visa would be the Visa type (typically identified by a short sequence of letters and/or numbers)
issuing_authority	varchar(80)	The entity with legal authority for issuing the document		This will typically be (eg) the name of a country or state, as opposed to a department ("United States" and not "Passport Office")
subject	varchar(80)	The name for the subject as identified on the document		The name as printed on the document should be stored, even if it is not the preferred or common name for the subject
document_identifier	varchar(80)	Document Identifier		eg: Passport number
valid_from	datetime	Identity Document is valid from this time	If null, valid any time through valid_through
valid_through	datetime	Identity Document is valid through (but not past) this time	If null, valid any time from valid_from
verification_method	varchar(2)	How the Identity Document was verified	O: Online (validated via database or API lookup) P: Physical (in person visual inspection) R: Remote (via video call or similar) X: None
verifier_identifier	varchar(256)	Authenticated identifier of Verifier
verifier_comment	varchar(256)	Comment from Verifier at time of verification

Table	cm_kafka_servers
Description	Kafka Servers

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
server_id	integer, foreign key	Server ID	cm_servers:id
brokers	text	Broker(s) to connect to		A comma separated list in host:port notation; converted from varchar(256) in Registry v4.2.0
username	varchar(128)	Username to bind as
password	varchar(400)	Password to bind with
security_protocol	varchar(24)	Kafka security protocol
sasl_mechanism	varchar(24)	Kafka SASL mechanism
groupid	varchar(80)	Kafka Client Group ID string		Added in Registry v4.1.0
topic	varchar(80)	Kafka Topic to consume		Added in Registry v4.1.0
batch_size	integer	Number of records to consume per batchConsume operation		Added in Registry v4.1.0
partition	integer	Kafka Partition ID to consume from		Added in Registry v4.1.0
timeout	integer	Timeout (in seconds) when trying to consume		Added in Registry v4.1.0

Table	cm_ldap_identifier_validators
Description	LDAP Identifier Validators
Plugin	LDAP Identifier Validator

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_identifier_validator_id	integer, foreign key	Identifier Validator ID	cm_co_identifier_validators:id
serverurl	varchar(256)	URL describing LDAP server to provision	RFC 4516	Use to describe hostname, port, and SSL (use`ldaps` scheme for SSL)
binddn	varchar(128)	DN to bind as	RFC 4514
password	varchar(64)	Password to bind with	RFC 4513	This column should be encrypted
basedn	varchar(128)	Base DN to search under	RFC 4514
filter	varchar(256)	Search filter to execute to check availability	RFC 4514	`%s` used as a placeholder for identifier

Table	cm_ldap_servers
Description	LDAP Servers

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
server_id	integer, foreign key	Server ID	cm_servers:id
serverurl	varchar(256)	URL describing LDAP server	RFC 4516	Use to describe hostname, port, and SSL (use `ldaps` scheme for SSL)
binddn	varchar(128)	DN to bind as	RFC 4514
password	varchar(64)	Password to bind with	RFC 4513	This column should be encrypted
basedn	varchar(128)	Base DN to provision People entries under	RFC 4514

Table	cm_ldap_sources
Description	LDAP Organizational Identity Sources
Plugin	LDAP Source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
serverurl	varchar(256)	URL describing LDAP server	RFC 4516	Use to describe hostname, port, and SSL (use `ldaps` scheme for SSL)
binddn	varchar(128)	DN to bind as	RFC 4514
password	varchar(64)	Password to bind with	RFC 4513	This column should be encrypted
basedn	varchar(128)	Base DN to provision People entries under	RFC 4514
key_attribute	varchar(64)	Attribute in LDAP record holding a persistent unique identifier	RFC 4511
search_filter	varchar(128)	Search filter to constrain retrieved objects	RFC 4511
uid_attr	varchar(64)	Attribute to map to Org Identity Identifier of type UID		Temporary, will be replaced by CO-1346
uid_attr_login	boolean	Whether to flag the attribute created from uid_attr as for login		Temporary, will be replaced by CO-1346

Table	cm_match_servers
Description	ID Match Servers

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
server_id	integer, foreign key	Server ID	cm_servers:id
serverurl	varchar(256)	URL describing HTTP server	RFC 7230	Use to describe hostname, port, and SSL
username	varchar(128)	Username to bind as	RFC 7235
password	varchar(64)	Password to bind with	RFC 7235	This column should be encrypted
sor_label	varchar(40)	SOR Label used in match requests	ID Match API	Removed in Registry v4.1.0
is_comanage_match	boolean	true: Defined Server is an instance of COmanage Match false: Defined Server is any other ID Match server		Removed in Registry v4.0.0

Table	cm_meem_enrollers
Description	MEEM Enrollers
Plugin	MeemEnroller Plugin

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_wedge_id	integer, foreign key	Enrollment Flow Wedge ID	cm_co_enrollment_flow_wedges:id
env_idp	varchar(80)	If set, name of environment variable holding an identifier for the IdP
env_mfa	varchar(80)	If set, name of environment variable indicating if the IdP asserted MFA		Must hold the literal string "yes" if populated
mfa_exempt_co_group_id	varchar(80)	CO Group whose members are exempt from MFA	cm_co_groups:id
mfa_initial_exemption	integer	If set, the number of hours from enrollment during which the Enrollee is exempt from MFA
mfa_co_enrollment_flow_id	integer, foreign key	If set, the Enrollment Flow used to register a new MFA Authenticator	cm_co_enrollment_flows:id
enable_reminder_page	boolean	Whether to enable the MEEM Setup Reminder Splash Page	true: Splash Page enabled for this configuration false: Splash Page disabled for this configuration
return_url_allowlist	text(4000)	Newline separated list of regular expressions representing permitted values to be passed into the Splash Page as a URL to redirect to from the Splash Page
api_user_id	integer, foreign key	API User permitted to access the REST API for this configuration	cm_api_users:id

Table	cm_meem_mfa_statuses
Description	MEEM MFA Statuses
Plugin	MeemEnroller Plugin

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
meem_enroller_id	integer, foreign key	MEEM Enroller ID	cm_meem_enrollers:id
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id
idp_identifier	varchar(256)	Identifier for the IdP, as obtained from env_idp
mfa_asserted	boolean	Whether MFA was asserted by the IdP, as obtained from env_mfa	true: MFA was asserted false: MFA was not asserted	Must hold the literal string "yes" if populated

Table	cm_meta
Description	Platform Meta Information

Column	Format	Description	Definition	Comments
upgrade_version	varchar(16)	Current platform version (via upgrade shell)

Table	cm_names
Description	Person names

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
honorific	varchar(32)	Dr, Mr, Ms, etc
given	varchar(128)	First/Given name(s)
middle	varchar(128)	Middle name(s)
family	varchar(128)	Last/Family name(s)
suffix	varchar(32)	Jr, III, PhD, etc
language	varchar(16)	Language encoding of this name	RFC 5646	For supported values, see `lang.php`
type	varchar(2)			When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model.
primary_name	boolean	true: This name is the primary name for the CO Person or Org Identity false: This name is not the primary name		Exactly one name per CO Person and one per Org Identity should have primary_name true at all times
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id	Only one of `co_person_id` or `org_identity_id` may be specified
org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Only one of `co_person_id` or `org_identity_id` may be specified
source_name_id	integer, foreign key	If Pipelines are in use, the Name ID for the Org Identity Name that created this Name	cm_names:id

Table	cm_nationality_enrollers
Description	Nationality Enrollers
Plugin	N ationalityEnroller Plugin

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_enrollment_flow_wedge_id	integer, foreign key	Enrollment Flow Wedge ID	cm_co_enrollment_flow_wedges:id
collect_maximum	integer	The maximum number of Nationalities that may be asserted
collect_residency	boolean	Whether to collect Residency, as well as Nationality
collect_residency_authority	varchar(80)	If set, offer a tickbox to indicate residency in this authority (rather than offer a select list)

Table	cm_navigation_links
Description	Per-CMP navigation link definitions

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
title	varchar(256)	Title of the link to be displayed
url	varchar(256)	URL to link to
ordr	integer	Order in which to display links(lower numbers = earlier)
location	varchar(256)	Layout element to put link in	topbar: black bar along the top of the page
description	varchar(256)	Description of the link

Table	cm_net_forum_sources
Description	netFORUM Organizational Identity Sources
Plugin	netFORUM Source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
serverurl	varchar(256)	Prefix to the WSDL URL		eg: https://uat.netforumpro.com
username	varchar(128)	XML Username, as provided by support
password	varchar(64)	XML Password, as provided by support		This column should be encrypted
query_committees	boolean	Whether to also query committee memberships for group membership mappings	true: Also check committee memberships false: Do not check committee memberships
query_events	boolean	Whether to also query event records for group membership mappings	true: Also check event registrations false: Do not check event registrations

Table	cm_novi_sources
Description	Novi AMS Organizational Identity Sources
Plugin	Novi Source

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
server_id	integer, foreign key	Server ID	cm_servers:id

Table	cm_oauth2_servers
Description	OAuth2 Servers

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
server_id	integer, foreign key	Server ID	cm_servers:id
serverurl	varchar(256)	OAuth2 Server endpoint	RFC 6749	Endpoint to OAuth2 services
clientid	varchar(120)	OAuth2 Client ID	RFC 6749
client_secret	varchar(80)	OAuth2 Client Secret	RFC 6749	This column should be encrypted
access_grant_type	varchar(2)	OAuth2 Access Grant Type	RFC 6749 AC: Authorization Code CC: Client Credentials	Implicit and Password Credentials not currently supported
scope	varchar(256)	OAuth2 Token Scope	RFC 6749
refresh_token	varchar(160)	Current refresh token	RFC 6749
access_token	varchar(160)	Current access token	RFC 6749
token_response	text	Full token received from OAuth2Server		Intended so specific implementations can access vendor specific attributes

Table	cm_orcid_sources
Description	ORCID Organizational Identity Sources
Plugin	ORCID Source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
server_id	integer, foreign key	Server ID	cm_servers:id	Added v3.2.0
~~clientid~~	~~varchar(80)~~	~~Client ID used to authenticate to ORCID API~~	~~ORCID API~~	Removed v3.2.0
~~client_secret~~	~~varchar(80)~~	~~Client Secret used to authenticate to ORCID API~~	~~ORCID API~~	~~This column should be encrypted~~ Removed v3.2.0
~~access_token~~	~~varchar(80)~~	~~Access token obtained from ORCID API~~	~~ORCID API~~	~~This column should be encrypted~~ Removed v3.2.0

Table	cm_organizations
Description	Definitions of (external) organizations

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO Record ID	cm_cos:id
name	varchar(128)	Name
description	varchar(128)	Description
type	varchar(32)	Organization type		May be configured on a per-CO basis. See Extending the Registry Data Model.

Table	cm_org_identities
Description	Person identity, from institutional source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
status	varchar(2)	Org Identity status	RM: Removed SY: Synced	Added in v2.0.0. Currently intended primarily for org identities synced from an org identity source.
date_of_birth	date	Person's date of birth		Added in Registry v3.3.0
affiliation	varchar(8)	Broad affiliation to source organization	eduPerson person
title	varchar(128)	Title at source organization	X.520 via RFC 4519 person
o	varchar(128)	Source organization	X.520 via RFC 4519 person
ou	varchar(128)	Departmental affiliation at source organization	X.520 via RFC 4519 person
valid_from	datetime	Org Identity is considered valid from this time	If null, valid any time through valid_through	Added in v2.0.0
valid_through	datetime	Org Identity is considered valid through (but not past) this time	If null, valid any time from valid_from	Added in v2.0.0
manager_identifier	varchar(512)	Identifier for this Org Identity's manager	cm_identifiers:identifier	Added in v4.1.0
sponsor_identifier	varchar(512)	Identifier for this Org Identity's sponsor	cm_identifiers:identifier	Added in v4.1.0
~~organization_id~~	~~integer, foreign key~~	~~Source organization via known organizations~~	~~cm_organizations (obsolete):id~~	Unused column removed in v2.0.0
co_id	integer, foreign key	If `pool_org_identities` is false in the CMP Enrollment Configuration, the CO in which this Org Identity is available	cm_cos:id

Table	cm_org_identity_source_records
Description	Cached records from external org identity sources

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	The Org Identity Source this record is from	cm_org_identity_sources:id
sorid	varchar(1024)	The Org Identity Source's unique key for this record
source_record	text	The raw (unprocessed) record from the Org Identity Source		May be used in a diff operation to detect changes
last_update	timestamp	Time of last retrieval from Org Identity Source
org_identity_id	integer, foreign key	Org Identity created from and associated with this source record	cm_org_identities:id
co_petition_id	integer, foreign key	CO Petition that created this Org Identity	cm_co_petitions:id	Added in Registry v3.1.0
reference_identifier	varchar(40)	If this record was subject to ID Match, the Reference Identifier obtained from the Match request	TAP ID Match API	Added in Registry v3.3.0

Table	cm_org_identity_sources
Description	External sources of organizational identities

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	If `pool_org_identities` is false in the CMP Enrollment Configuration, the CO in which this Org Identity Source is available	cm_cos:id
description	varchar(256)	Description
sor_label	varchar(40)	SOR Label used in match requests	ID Match API	Added in Registry v4.1.0
plugin	varchar(32)	Org Identity Source Plugin		Corresponds to plugin name
status	varchar(2)	Status of Org Identity Source Plugin	A: Active S: Suspended
sync_mode	varchar(2)	How to process this Org Identity Source when processed via JobShell	F: Full M: Manual Q: Query U: Update
sync_query_mismatch_mode	varchar(2)	How to process a Query that returns on an email search but the record does not actually contain that email	N: Create a new Org Identity X: Ignore the returned record
sync_query_skip_known	boolean	When in Query mode, whether to skip email addresses already linked to records in the Org Identity Source	true: Skip known email addresses false: Do not skip
sync_on_user_login	boolean	If a CO Person has an Org Identity from this Source, perform a sync when the CO Person logs in to Registry	true: Perform sync on user login false: Do not perform sync on user login	Added in Registry v3.1.0
eppn_identifier_type	varchar(128)	Identifier type in Org Identity Source record to use to create an identifier of type ePPN associated with this Org Identity
eppn_suffix	varchar(128)	Suffix (right hand side) to append to identifier of type eppn_identifier_type to create an identifier of type ePPN		Should not include `@`
hash_source_record	boolean	Whether to store a hash of the Org Identity Source Record rather than the full source record		Controls what is stored in cm_org_identity_source_records:source_record Added in Registry v3.1.0
co_pipeline_id	integer, foreign key	CO Pipeline to run when an identity is added from this source	cm_co_pipelines:id

Table	cm_password_authenticator
Description	Password Authenticator
Plugin	Password Authenticator

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
authenticator_id	integer, foreign key	Authenticator ID	cm_authenticators:id
password_source	varchar(2)	How the password is generated and managed	AG: Autogenerate EX: External SL: Self Select	When set to External, the Password can only be set via the API Added Registry v3.3.0
min_length	integer	Minimum permitted password length		Between 8 and 64, default 8 Only applies if password_source is Self Select
max_length	integer	Maximum permitted password length		Between 8 and 64, default 64 Does not apply if password_source is External
format_crypt_php	boolean	Hash the password in Crypt format, as implemented by PHP password_hash function using PASSWORD_DEFAULT, and suitable for use with password_verify	true: Hash the password in Crypt format false: Do not hash the password in Crypt format	Added Registry v3.2.0
format_plaintext	boolean	Store the password in plaintext	true: Store the password in plaintext format false: Do not store the password in plaintext format	Added Registry v3.2.0
format_sha1_ldap	boolean	Hash the password in Salted SHA1 format, suitable for use in LDAP authentication	true: Hash the password in Salted SHA1 format false: Do not hash the password in Salted SHA1 format	Added Registry v3.2.0
enable_ssr	boolean	Enable Self Service Reset	true: Self Service Reset enabled false: Self Service Reset disabled	Added Registry v4.0.0, Removed Registry v4.1.0
ssr_validity	integer	Reset Token validity, in minutes		Added Registry v4.0.0, Removed Registry v4.1.0
co_message_template_id	integer, foreign key	CO Message Template ID for ssr message	cm_co_message_templates:id	Added Registry v4.0.0, Removed Registry v4.1.0
redirect_on_success_ssr	varchar(256)	URL to redirect to on success of ssr		Removed Registry v4.1.0
username_reminder_message_template_id	integer, foreign key	CO Message Template ID for Username Reminder message	cm_co_message_templates:id	Not implemented

Table	cm_passwords
Description	Passwords
Plugin	Password Authenticator

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
password_authenticator_id	integer, foreign key	Password Authenticator ID	cm_password_authenticators:id
co_person_id	integer, primary key	CO Person ID	cm_co_people:id
password	varchar(256)	Password, in format specified by password_type
password_type	varchar(2)	Format type of password	CR: Crypt EX: External NO: Plain (not hashed) SH: Salted SHA 1

Table	cm_permissions
Description	Permissions for COoordinate

Special CO with id "1" and name "COmanage" (linked via cm_co_person_roles:co_id) is where COordinate Admins are listed

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_person_id	integer, foreign key	CO Person Record ID	cm_co_person_roles:id
permission	varchar(2)	Permission	A: Admin for CO

Table	cm_privacy_idea_authenticator
Description	Privacy IDEA Authenticators
Plugin	Privacy IDEA Authenticator

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
authenticator_id	integer, foreign key	Authenticator ID	cm_authenticators:id
server_id	integer, foreign key	Server ID	cm_servers:id
validation_server_id	integer, foreign key	Server ID for token validation	cm_servers:id
realm	varchar(80)	privacyIDEA realm
token_type	varchar(2)	privacyIDEA token type	TO: TOTP
identifier_type	varchar(32)	Identifier type to use with privacyIDEA API	cm_identifiers:type

Table	cm_regex_identifier_validators
Description	Regular Expression Identifier Validators
Plugin	Regex Identifier Validator Plugin

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_identifier_validator_id	integer, foreign key	Identifier Validator ID	cm_co_identifier_validators:id
pattern	varchar(256)	Perl Compatible Regular Expression describing acceptable identifier format	PCRE

Table	cm_salesforce_sources
Description	Salesforce Organizational Identity Sources
Plugin	Salesforce Source

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
org_identity_source_id	integer, foreign key	Organizational Identity Source ID	cm_org_identity_sources:id
server_id	integer, foreign key	Server ID	cm_servers:id	Added v3.2.0
~~serverurl~~	~~varchar(256)~~	~~Salesforce instance (may be production or sandbox)~~		~~eg: https://cs123.salesforce.com~~ Removed v3.2.0
~~clientid~~	~~varchar(120)~~	~~Client ID, for registered (connected) app~~		Removed v3.2.0
~~client_secret~~	~~varchar(80)~~	~~Client secret, for registered (connected) app~~		~~This column should be encrypted~~ Removed v3.2.0
search_contacts	boolean	Whether to query Salesforce Contact objects	true: Query Contacts false: Do not query Contacts	Unintuitively, if neither search_contacts nor search_users is true, then all objects will be searched
search_users	boolean	Whether to query Salesforce User objects	true: Query Users false: Do not query Users
custom_objects	varchar(256)	Comma separated list of objects to query for additional attributes
~~refresh_token~~	~~varchar(160)~~	~~Current refresh token~~	~~Salesforce OAuth~~	Removed v3.2.0
~~access_token~~	~~varchar(160)~~	~~Current access token~~	~~Salesforce OAuth~~	Removed v3.2.0
instance_url	varchar(256)	Current Salesforce instance	Salesforce OAuth
groupable_attrs	blob	Cached list of attributes available for CO Group mapping		Internal format based on response from Salesforce API

Table	cm_servers
Description	Servers

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
co_id	integer, foreign key	CO ID	cm_cos:id
description	varchar(128)	Description
server_type	varchar(2)	Server Type	LD: LDAP O2: OAuth2 SQ: SQL
status	varchar(2)	Status of Server	A: Active S: Suspended

Table	cm_ssh_key_authenticator
Description	SSH Key Authenticator
Plugin	SSH Key Authenticator

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
authenticator_id	integer, foreign key	Authenticator ID	cm_authenticators:id

Table	cm_ssh_keys
Description	SSH Keys
Plugin	SSH Key Authenticator (as of Registry v3.3.0)

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
ssh_key_authenticator_id	integer, foreign key	Authenticator ID	cm_authenticators:id	Added v3.3.0
comment	varchar(256)	Comment associated with key
type	varchar(16)	Type of key	DSA: DSA ecdsa-sha2-nistp256: ECDSA (256) ecdsa-sha2-nistp384: ECDSA (384) ecdsa-sha2-nistp521: ECDSA (521) ssh-ed25519: ED25519 RSA: RSA RSA1: RSA (protocol v1)
skey	text	Public key data
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id

Table	cm_telephone_numbers
Description	Telephone Numbers

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
country_code	varchar(3)	Telephone Country Code	ITU E.164
area_code	varchar(8)	Telephone Area (National Destination) Code	ITU E.164
number	varchar(64)	Telephone Subscriber Number	ITU E.164
extension	varchar(16)	Telephone Extension	Location specific
description	varchar(128)	Description		Added in Registry v3.1.0.
type	varchar(2)	Type of telephone		When attached to a CO Person Role, types may be configured on a per-CO basis. See Extending the Registry Data Model.
co_person_role_id	integer, foreign key	CO Person Role Record ID	cm_co_person_roles:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
co_department_id	integer, foreign key	CO Department Record ID	cm_co_departments:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified. Added in Registry v3.1.0.
source_telephone_number_id	integer, foreign key	If Pipelines are in use, the Telephone Number ID for the Org Identity Telephone Number that created this record.	cm_telephone_numbers:id	Added in Registry v2.0.0.

Table	cm_totp_tokens
Description	TOTP Tokens
Plugin	Privacy IDEA Authenticator

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
privacy_idea_authenticator_id	integer, foreign key	Privacy IDEA Authenticator ID	cm_privacy_idea_authenticators:id
co_person_id	integer, primary key	CO Person ID	cm_co_people:id
serial	varchar(80)	Token serial, as issued by privacyIDEA server
confirmed	boolean	Whether this token has been confirmed by validating a TOTP code	true: The token is confirmed false: The token is not confirmed

Table	cm_unix_cluster_accounts
Description	Unix Cluster Accounts
Plugin	Unix Cluster

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
unix_cluster_id	integer, foreign key	Unix Cluster ID	cm_unix_clusters:id
co_person_id	integer, foreign key	CO Person ID	cm_co_people:id
sync_mode	varchar(2)	How to handle CO Person record updates	F: Full Sync M: Manual	Initially populated by cm_unix_clusters:sync_mode, but does not automatically follow changes to that value
status	varchar(2)	Status	A: Active D: Deleted D2: Duplicate XP: Expired GP: GracePeriod PA: PendingApproval S: Suspended
username	varchar(256)	Unix Account username	POSIX
uid	integer	Unix Account uid	POSIX
gecos	varchar(80)	Unix Account GECOS field
login_shell	varchar(64)	Unix Account shell	POSIX
home_directory	varchar(64)	Unix Account home directory
primary_co_group_id	integer, foreign key	Primary Group for Unix Account	cm_co_groups:id
valid_from	datetime	Unix Account is valid from this time	If null, valid any time through valid_through
valid_through	datetime	Unix Account is valid through (but not past) this time	If null, valid any time from valid_from

Table	cm_unix_cluster_groups
Description	Unix Cluster Groups
Plugin	Unix Cluster

Column	Format	Description	Definition
id	integer, primary key	Row identifier	autoincrement
unix_cluster_id	integer, foreign key	Unix Cluster ID	cm_unix_clusters:id
co_group_id	integer, foreign key	CO Group	cm_co_groups:id

Table	cm_unix_clusters
Description	Unix Clusters
Plugin	Unix Cluster

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
cluster_id	integer, foreign key	Cluster ID	cm_clusters:id
sync_mode	varchar(2)	How to handle CO Person record updates	F: Full Sync M: Manual
username_type	varchar(32)	Identifier type used to generate the Unix Account username	cm_co_extended_types:name where attribute is Identifier.type	For Identifiers attached to CO Person
uid_type	varchar(32)	Identifier type used to generate the Unix Account uid	cm_co_extended_types:name where attribute is Identifier.type	For Identifiers attached to CO Person
default_shell	varchar(64)	Default Unix shell	POSIX
homedir_prefix	varchar(64)	String prepended to Unix Account username to construct user's home directory
homedir_subdivisions	integer	Number of subdivisions to insert between homedir_prefix and username		For example, a value of 2 will (with a homedir_prefix of /home and a username of jsmith) result in a home directory of /home/j/s/jsmith
groupname_type	varchar(32)	Identifier type used to generate the Unix Group name	cm_co_extended_types:name where attribute is Identifier.type	For Identifiers attached to CO Group
gid_type	varchar(32)	Identifier type used to generate the Unix Group gid	cm_co_extended_types:name where attribute is Identifier.type	For Identifiers attached to CO Group
default_co_group_id	integer, foreign key	Default Group for new Unix Accounts, if configured	cm_co_groups:id

Table	cm_urls
Description	URLs

Column	Format	Description	Definition	Comments
id	integer, primary key	Row identifier	autoincrement
url	varchar(256)	URL	RFC 3986
description	varchar(128)	Description
type	varchar(32)	Type of url, as enumerated		When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model.
co_person_id	integer, foreign key	CO Person Record ID	cm_co_people:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
org_identity_id	integer, foreign key	Org Identity Record ID	cm_org_identities:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
co_department_id	integer, foreign key	CO Department Record ID	cm_co_departments:id	Only one of `co_person_id`, `org_identity_id`, or `co_department_id` may be specified
source_url_id	integer, foreign key	If Pipelines are in use, the URL ID for the Org Identity URL that created this record.	cm_urls:id

No labels

Space shortcuts

Page tree