Registry models are built on a basic CRUD model, however Registry implements additional logic in many places. This document provides a "contract" for these application (or "domain" or "business") rules that follows Semantic Versioning (beginning with Registry v5.0.0). ie: Rules documented here will not change in a backward-incompatible way between minor Registry versions.
General Model Rules (GMRs)
- Once an entity is created within a CO, it cannot be moved to another CO.
- Foreign keys from one entity to another cannot cross COs.
- The Primary Link key for an object cannot be changed once set. (For example, an object that populates
person_idcannot subsequently populate
- Timestamps (regardless of which time and/or date components are significant) are stored in the database as UTC.
- Add, delete, and edit actions on Provisionable Objects via StandardController or ApiV2Controller will trigger provisioning requests for the affected entity.
Plugin Application Rules (PARs)
Plugins may also define Application Rules, these are specified in the Plugin's documentation.
- API Users created in the COmanage CO (CO #1) have full access to the Registry API.
- API Users created in other COs may be privileged, in which case they have full access to the Registry API for that CO, or unprivileged, in which case access most be contextually granted.
- For namespacing purposes, API Users are named with a prefix consisting of the string
co, an underscore, the numeric ID of the CO, and a dot). API usernames must be unique across the entire platform.
- API Keys for API Users cannot be directly set, only generated.
- Authentication Events are tracked by authenticated identifiers, and therefore are not bound to any specific CO.
- A CO Administrator may view all Authentication Events associated with any authenticated (login) Identifier associated with any Person within their CO, even if the Authentication Event was intended for access to another CO.
- A Privileged CO API User may retrieve all Authentication Events associated with any authenticated (login) Identifier associated with any Person within its CO, even if the Authentication Event was intended for access to another CO.
- Because Authentication Event records are not part of any CO, they are not deleted under circumstances such as the deletion of a CO.
- Deleting a CO will cause a hard delete of all CO related data.
- The CO named
COmanagecannot be rename, deleted, or suspended.
- Two COs cannot share the same name.
- Duplicating a CO will duplicate configuration related objects (such as COUs, Groups, and Enrollment Flows) but not data related objects (such as People and Group Memberships).
- A CO cannot be deleted if it is in Active status.
- When a new CO is created, the special groups associated with the CO will also be created.
- If a CO is renamed, the special groups associated with the CO will also be renamed.
- A COU may not be deleted if it has any members (ie: People with a Person Role with the specified COU).
- A COU may not be deleted if it has any children.
- Two COUs within the same CO cannot share the same name.
- When a COU is created, the special groups associated with the COU will also be created.
- If a COU is renamed, the special groups associated with the COU will also be renamed.
- If a COU is deleted, the special groups associated with the COU will also be deleted.
- Two Groups within the same CO cannot share the same name.
- A Group cannot be set to Suspended if it is nested into a Target Group or is a Target Group for a nesting.
- A Group cannot be deleted if it is nested into a Target Group or is a Target Group for a nesting.
- The name, description, and status of a Group of type Owners cannot be manually changed.
- MVEAs cannot be attached to a Group of type Owners.
- Groups of type Owners cannot be provisioned.
- When a new Standard Group is created, if the Person who created it is not an Administrator, that Person will be set as the Group's initial Owner.
- When a Group is deleted, its corresponding Owners Group is also deleted.
- Standard Groups may not be named starting with the prefix
CO:, which is reserved for System Groups.
- A Person cannot be given two manually created GroupMember records for the same Group. A Person can have more than one GroupMember record for the same Group via other mechanisms, such as Group Nestings, or External Identity Sources connected to Pipelines.
- For Standard Groups, Group Memberships may be managed by any Group Member of the Group's corresponding Owners Group, and by any CO or COU Administrator.
- For Owners Groups, Group Memberships may be managed by any Group Member of that Group, and by any CO or COU Administrator.
- Only Active Groups may be nested into a Target Group.
- A Group may not be nested into itself.
- A Group may not be nested into an Automatic Group.
- A Group may not be nested into the same Target Group more than once, either directly or indirectly.
- Group Nestings may not loop.
- The login flag may only be set on an Identifier if it is attached to a Person.
- An Identifier must be (case sensitively) unique for the entity type within the CO.
- An IdentifierAssignment must apply to either an Identifier or an EmailAddress, but not both.
- Availability checks for newly generated Identifiers and EmailAddresses are case insensitive.
- EmailAddresses generated via Identifier Assignment are considered verified.
- A Job may not be registered if an existing Job with the same plugin and parameters is registered in either Queued or In Progress status, unless the Job Plugin supports.
- Exactly one Name for each Person and External Identity must be designated as Primary at all times. The Primary Name cannot be deleted, another Name must be designated Primary first.
- If a display name value is provided for any Name, it will be used within Registry whenever a full name representation of that Name is required.
- If a full name is constructed from the various Name components, by default the components will be assembled as given, middle, family, suffix. However, for Names with a language set to hu, ja, ko, za-Hans, or za-Hant, the components will be assembled as family, given.
- Each Person and External Identity must have at least one Name.
- When a Person is associated with a CO with any status other than Archived, the Person is added to the CO's All Members Group. If the Person is deleted from the COU, or the Person's status is set to Archived, the Person is removed from the CO's All Members Group.
- When a Person is in Active or Grace Period status, the associated Person is added to the CO's Active Members Group. If the Person is set to any other status or is deleted from the , the Person is removed from the CO's Active Members Group.
- When a Person Role is associated with a COU with any status other than Archived, the associated Person is added to the COU's All Members Group. If the Person Role is disassociated from the COU, or the Person Role status is Archived, the associated Person is removed from the COU's All Members Group.
- When a Person Role is in Active or Grace Period status and is associated with a COU, the associated Person is added to the COU's Active Members Group. If the Person Role is set to any other status or is disassociated from the COU, the associated Person is removed from the COU's Active Members Group.
- A Person Role is considered valid (and provisionable) if (1) the Person Role is in Active or Grace Period status, (2) the valid from date is unspecified or in the past, and (3) the valid through date is unspecified or in the future.
- Plugins must be uniquely named.
- Plugins installed in the core directory cannot be disabled.
- Plugins installed in the available directory are optional, and must be enabled prior to use.
- Plugins installed in the local directory are deployment specific, and must be enabled prior to use.
- If Plugins with the same name are installed in multiple locations, the resolution precedence is (1) core, (2) available, (3) local.
- Plugin schemas, if defined, are applied to the database for active Plugins only.
- If a Plugin is suspended, its associated database schema is not removed automatically.
- A Plugin cannot be suspended or deleted if it is in use (referenced in a configuration object).
- When a Plugin is instantiated, a skeletal record of the Entry Point Model is created, holding only a foreign key to the parent Pluggable Model. Validation and Application Rules are not executed when this record is created.
- If a Pluggable Model is deleted, the Entry Point Model associated with the Pluggable Model is also deleted.
- The Plugin Registry is refreshed upon loading of the Plugin Configuration page by the Platform Administrator.
- After a new Provisioning Target is added, the associated Plugin cannot be changed.
Additional rules around Provisionable Objects and Eligibility are declared here.
- When a new CO is created, the default Types will be instantiated into the CO. Afterwards, available Types are only updated by administrator action.
- A Type cannot be deleted once it has been used by at least one Registry object, even if that object is subsequently deleted.
- A Suspended Type can not be assigned to new Registry objects, but existing objects already referencing it will not be changed.