Overview
The COmanage Registry Data Model revolves around the CO Person, which conceptually represents one person associated with a CO.
- A COmanage installation is referred to as a Collaboration Management Platform, or CMP.
- A CMP is a multi-tenant installation, each tenant is referred to as a Collaborative Organization or CO.
- The core operational record of a participant within the CO is the CO Person.
- The CO Person record maintains information that is unique to a person within the CO, such as names and identifiers.
- An individual person should only have one CO Person record within a CO.
- However, an individual person may participate in multiple COs housed within the same CMP, and could therefore have multiple CO Person records (each isolated from the other) within the CMP.
- In order for a person to become a CO Person, they must first have at least one Organizational Identity, which conceptually represents their identity as asserted by a "home" or "external" institution, such as their University or a social identity provider.
- It is possible for Org Identity records to be pooled across all COs within the CMP, however this setting is deprecated and not recommended.
- A person's external credentials (federated or social login information) are attached to the Organizational Identity, and typically used for access to the platform's services.
- A CO Person record is created and one or more Org Identities are linked to it.
- A CO Person may have one or more CO Person Roles within the CO. A CO Person Role record maintains information that is unique to a role a person has within a CO, such as title and physical address.
- For some use cases, it is necessary for the CO to manage credentials such as SSH Keys. In this case, these Authenticators attach to the CO Person.
There are two ways to create sets of CO People within a CO.
- CO Groups are simple collections of CO People. Any CO Person can create a CO Group.
- CO Units (or COUs) are intended to represent an organizational hierarchy, including delegation of CO Person administration. Only CO Administrators can create COUs.
- When COUs are enabled, CO Person Roles are attached to COUs.
See Also: Understanding Registry People Types
Tables
Registry is a database oriented application, with quite a few tables under the hood. These tables fall into a few broad categories:
- Primary Objects: Primary objects are those that directly relate to the primary purpose of Registry: storing information about people and other entities related to the organization. Example include CO Person and CO Departments.
- Secondary Objects: Secondary objects store additional information about Primary objects, in particular when there is a many-to-one relationship. Examples include Name and Email Address.
- Configuration Objects: Configuration objects primarily relate to the behavior of the application.
Table Metadata
In addition to the column definitions available for each table below, all tables have additional columns used by the framework and supporting code. These columns include
- Timestamps managed by Cake (
created
,modified
) - Columns used in support of Changelog Behavior
Table Status
The statuses for each table are defined as
- Stable: The table definition will not change in a backwards-incompatible manner across minor releases. Stable tables may only be removed in major releases.
- Tentative: The table definition will likely become stable, but may change in a backwards-incompatible manner across minor and patch releases. Tentative tables may be refactored or removed without notice.
- Experimental: No specific assertion is made about the stability of the table. It may be changed significantly or even removed without notice.
- Obsolete: The table is no longer in use as of the specified version.
- Not Implemented: The table definition is for planning purposes only.
Major, minor, and patch releases are as defined in semantic versioning.
Table Inventory
Table Name | Description | Status | Introduced |
---|---|---|---|
cm_authenticator_statuses | Authenticator Statuses | Tentative | v3.1.0 |
cm_authenticators | Authenticators | Tentative | v3.1.0 |
cm_certificate_authenticators | Certificate Authenticators | Experimental | v3.1.0 |
cm_certificates | Certificates | Experimental | v3.1.0 |
cm_clusters | Clusters | Tentative | v3.3.0 |
CMP enrollment attribute configuration | Tentative | v0.3 | |
CMP enrollment configuration | Tentative | v0.3 | |
Per-CO configured applications | Not Implemented | ||
cm_co_changelog_provisioner_exports | Obsolete as of v0.8.2 | v0.8 | |
cm_co_crowd_provisioner_targets | Per-CO Crowd provisioning target configurations | Tentative | v3.2.0 |
cm_co_dashboard_widgets | Per-CO Dashboard Widgets | Tentative | v3.2.0 |
cm_co_dashboards | Per-CO Dashboards | Tentative | v3.2.0 |
cm_co_departments | Per-CO departments | Tentative | v3.1.0 |
Per-CO restrictions on publishing of directory information | Not Implemented | ||
cm_co_email_address_widgets | Per-CO Email Address Widgets configuration | Experimental | v4.1.0 |
cm_co_email_lists | Per-CO email lists | Tentative | v3.1.0 |
Per-CO enrollment flow attribute configurations | Stable | v0.3 | |
Default values for CO enrollment flow attributes configuration | Stable | v0.8.1 | |
cm_co_enrollment_authenticators | Authenticators attached to Enrollment Flows | Experimental | v3.3.0 |
cm_co_enrollment_clusters | Clusters attached to Enrollment Flows | Tentative | v3.3.0 |
cm_co_enrollment_flow_wedges | Enroller Plugins attached to Enrollment Flows | Tentative | v4.0.0 |
Per-CO enrollment flow configurations | Stable | v0.3 | |
cm_co_expiration_counts | Per-CO expiration counts | Tentative | v2.0.0 |
Per-CO expiration policies | Stable | v0.9.2 | |
Per-CO extended attributes | Stable | v0.3 | |
Per-CO attribute type configurations | Stable | v0.6 | |
Per-CO FIFER services | Not Implemented | ||
Per-CO GitHub provisioning target configurations | Tentative | v0.9.1 | |
Per-CO per-Grouper target Grouper group map | Tentative | v0.8.3 | |
Per-CO Grouper provisioning target configurations | Tentative | v0.8.3 | |
cm_co_group_nestings | Per-CO group nestings | Tentative | v3.3.0 |
cm_co_group_ois_mappings | Per-CO mappings from OIS records to group memberships | Tentative | v2.0.0 |
Per-CO Home Directory provisioning target configurations | Experimental | v0.9 | |
Per-CO rules for identifier assignment | Stable | v0.6 | |
cm_co_identifier_validators | Per-CO identifier validators | Tentative | v2.0.0 |
cm_co_jira_provisioner_targets | Per-CO Jira provisioning target configurations | Tentative | v4.0.0 |
cm_co_job_history_records | Per-CO Job History Records | Tentative | v2.0.0 |
cm_co_jobs | Per-CO Job Records | Tentative | v2.0.0 |
Per-CO per-LDAP target attribute grouping definitions | Stable | v0.8 | |
Per-CO per-LDAP target attribute definitions | Stable | v0.8 | |
Per-CO per-LDAP target DN map | Stable | v0.8 | |
Per-CO LDAP provisioning target configurations | Stable | v0.8 | |
cm_co_ldap_service_token_provisioner_targets | Per-CO Per-LDAP target service token provisioning configurations | Experimental | v2.0.0 |
Per-CO Text Localizations | Stable | v0.8.3 | |
cm_co_mailman_lists | Per-CO Mailman Lists | Tentative | v3.1.0 |
cm_co_mailman_provisioner_targets | Per-CO Mailman provisioning target configurations | Tentative | v3.1.0 |
cm_co_message_templates | Per-CO Message Templates | Tentative | v2.0.0 |
cm_co_mid_point_provisioner_targets | Per-CO MidPoint provisioning target configuration | Experimental | V3.3.0 |
Per-Identifier tracking of assigned name-based sequences | Obsolete | ||
Per-CO Navigation Links | Stable | v0.8.2 | |
cm_co_notifications_widgets | Per-CO Notifications Widgets configuration | Tentative | v3.2.0 |
Per-CO Notifications | Stable | v0.8.4 | |
Demographics for statistics | Stable | v0.3 | |
Per-CO link to org identity | Stable | v0.3 | |
Per-CO person role identity | Stable | v0.3 | |
Per-CO enrollment petition attributes | Stable | v0.3 | |
Per-CO enrollment petition history records | Stable | v0.3 | |
Per-CO enrollment petitions | Stable | v0.3 | |
cm_co_pipelines | Per-CO pipelines | Tentative | v2.0.0 |
Per-provisioning target job execution counts | Stable | v4.3.0 | |
Per-CO provisioning target export record | Stable | v0.8.2 | |
Per-CO provisioning events to process | Not Implemented, replaced by cm_co_jobs | v0.8 | |
cm_co_provisioning_target_filters | Data Filters attached to CO Provisioning Targets | Tentative | v3.3.0 |
Per-CO provisioning targets | Stable | v0.8 | |
cm_co_recovery_widgets | Per-CO Recovery Widgets configuration | Experimental | v4.1.0 |
Per-CO person role assignments | Not Implemented | ||
Per-CO group memberships implied by role | Not implemented | ||
Per-CO role definitions | Not Implemented | ||
cm_co_salesforce_provisioner_targets | Per-CO Salesforce provisioning target configurations | Tentative | v3.2.0 |
Stable | v0.9 | ||
Per-Identifier tracking of next values for sequentially assigned identifiers | Stable | v0.6 | |
cm_co_service_token_settings | Per-CO service token settings | Obsolete as of v3.3.0 | v2.0.0 |
cm_co_service_tokens | Per-CO service tokens | Obsolete as of v3.3.0 | v2.0.0 |
cm_co_services | Per-CO Services | Tentative | v2.0.0 |
Per-CO Settings | Stable | v0.9.1 | |
cm_co_sql_provisioner_targets | Per-CO SQL provisioning target configurations | Tentative | v3.3.0 |
Per-CO Person agreements to terms and conditions | Stable | v0.8.3 | |
Per-CO terms and conditions | Stable | v0.8.3 | |
cm_co_themes | Per-CO themes | Tentative | v2.0.0 |
cm_co_url_widgets | Per-CO URL Widgets configuration | Tentative | v3.2.0 |
COordinate configuration values | Obsolete | ||
cm_configuration_labels | Per-CO Configuration Labels | Experimental | v4.4.0 |
cm_contacts | Contact Records intended to track information for Contacts that are not otherwise registered in Registry | Experimental | v4.4.0 |
cm_core_apis | Core APIs | Tentative | v4.0.0 |
Definitions of (virtual) organization units | Stable | v0.3 | |
cm_data_filters | Data Filters | Tentative | v3.3.0 |
cm_data_scrubber_filter_attributes | Per-CO Data Scrubber Filter Attributes | Tentative | v4.1.0 |
cm_data_scrubber_filters | Per-CO Data Scrubber Filters | Tentative | v4.1.0 |
cm_dictionaries | Dictionaries | Tentative | v4.0.0 |
cm_dictionary_entries | Dictionary Entries | Tentative | v4.0.0 |
cm_dictionary_identifier_validators | Dictionary Identifier Validator configurations | Tentative | v4.0.0 |
cm_dictionary_vetters | Dictionary Vetters | Experimental | v4.1.0 |
cm_elector_data_filter_precedences | Per-CO Elector Data Filter Precedence Rules | Experimental | v4.1.0 |
cm_elector_data_filters | Per-CO Elector Data Filters | Experimental | v4.1.0 |
cm_email_address_widget_verifications | Email Address Self Service Dashboard Widget Verifications | Experimental | v4.1.0 |
Email Addresses | Stable | v0.2 | |
Fiddle Enrollers | Experimental | v4.4.0 | |
cm_group_filter_rules | Group Filter Rules | Experimental | v3.3.0 |
cm_group_filters | Group Filters | Tentative | v3.3.0 |
cm_group_name_filters | Group Name Filters | Tentative | v3.3.0 |
Transaction history (human readable) | Stable | v0.7 | |
cm_http_servers | HTTP Servers | Tentative | v3.2.0 |
cm_identifier_enroller_identifiers | Identifiers to be collected by an Identifier Enroller | Experimental | v4.0.0 |
cm_identifier_enrollers | Identifier Enrollers | Experimental | v4.0.0 |
Person identifiers, from organizational source | Stable | v0.2 | |
cm_identity_documents | Identity Documents | Tentative | v4.0.0 |
cm_kafka_servers | Kafka Servers | Experimental | v4.0.0 |
cm_kdc_servers | Kerberos KDC Servers | Tenative | v4.4.0 |
cm_ldap_identifier_validators | LDAP Identifier Validator configurations | Tentative | v2.0.0 |
cm_ldap_servers | LDAP Servers | Tentative | v3.2.0 |
cm_locks | Process Locks | Tentative | v3.3.0 |
cm_match_server_attributes | ID Match Server Attributes | Tentative | v4.0.0 |
cm_match_servers | ID Match Servers | Tentative | v3.3.0 |
cm_meem_enrollers | MEEM Enrollers | Experimental | v4.0.0 |
cm_meem_mfa_statuses | MEEM MFA Status | Experimental | v4.0.0 |
cm_meta | Meta (platform) information | Tentative | v0.9.4 |
Names | Stable | v0.2 | |
cm_namespace_assigner_settings | Namespace Assigner Settings | Experimental | v4.1.0 |
cm_nationality_enrollers | Nationality Enrollers | Tentative | v4.0.0 |
Navigation Links | Stable | v0.8.2 | |
cm_oauth2_servers | OAuth2 Servers | Tentative | v3.2.0 |
Person identity, from organizational source | Stable | v0.3 | |
cm_organizations | Definitions of (external) organizations | Tentative | v4.0.0 |
Definitions of (real) organizations | Obsolete as of v2.0.0 | v0.2 | |
cm_password_authenticators | Password Authenticators | Experimental | v3.1.0 |
cm_password_reset_tokens | Password Reset Tokens | Obsolete as of v4.1.0 | v4.0.0 |
cm_passwords | Passwords | Experimental | v3.1.0 |
Permissions for COoordinate | Not Implemented | ||
cm_privacy_idea_authenticators | Privacy IDEA Authenticators | Experimental | v4.0.0 |
cm_regex_identifier_validators | Regex Identifier Validator configurations | Tentative | v2.0.0 |
cm_servers | Servers | Tentative | v3.2.0 |
cm_service_eligibilities | Service Eligibilities | Experimental | v4.1.0 |
cm_service_eligibility_enrollers | Service Eligibility Enrollers | Experimental | v4.1.0 |
cm_service_eligibility_settings | Service Eligibility Enroller Settings | Experimental | v4.1.0 |
cm_sponsor_manager_settings | Sponsor Manager Settings | Experimental | v4.1.0 |
cm_sql_servers | SQL Servers | Tentative | v3.2.0 |
cm_ssh_key_authenticators | SSH Key Authenticators | Tentative | v3.3.0 |
SSH keys | Stable | v0.9 | |
Telephone numbers | Stable | v0.2 | |
Test Enrollers | Experimental | v4.0.0 | |
cm_totp_tokens | TOTP Tokens | Experimental | v4.0.0 |
cm_unix_cluster_accounts | Unix Cluster Accounts | Tentative | v3.3.0 |
cm_unix_cluster_groups | Unix Cluster Groups | Tentative | v3.3.0 |
cm_unix_clusters | Unix Clusters | Tentative | v3.3.0 |
cm_urls | URLs | Tentative | v3.1.0 |
cm_vetting_requests | Vetting Requests | Experimental | v4.1.0 |
cm_vetting_results | Vetting Results | Experimental | v4.1.0 |
cm_vetting_steps | Vetting Steps | Experimental | v4.1.0 |
cm_visual_compliance_vetters | Visual Compliance Vetters | Experimental | v4.1.0 |
Table Inventory
OR
- View All Tables in a list
- View data model as a high level ERD.
Core Tables
PRIMARY OBJECTS
Primary objects are those that directly relate to the primary purpose of Registry: storing information about people and other entities related to the organization. Examples include CO Person and CO Departments.
Table Name | Description | Status | Introduced | Last Updated |
---|---|---|---|---|
cm_co_people | Per-CO person identity | Stable | v0.2 | v3.3.0 |
SECONDARY OBJECTS
Secondary objects store additional information about Primary objects, in particular when there is a many-to-one relationship. Examples include Name and Email Address.
Per-CO group memberships Stable v0.2 v3.3.0 Per-CO group definitions Stable v0.2 v4.0.0 Addresses Stable v0.2 v3.1.0 Ad Hoc Attributes Tentative v3.3.0Table Name Description Status Introduced Last Updated cm_co_group_members cm_co_groups cm_addresses cm_ad_hoc_attributes
CONFIGURATION OBJECTS
Configuration objects primarily relate to the behavior of the application.
External sources of organizations Experimental v4.4.0 External sources of organizational identities Experimental v2.0.0 v4.1.0 Definitions of collaborative (virtual) organizations Stable v0.2 v3.2.0 API (Programmatic) Users Tentative v0.2 v3.3.0Table Name Description Status Introduced Last Updated cm_organization_sources cm_org_identity_sources cm_cos cm_api_users
OTHER CORE OBJECTS
Cached records from external org identity sources Artifact Experimental v4.4.0 Stores ORCID iD and access/refresh tokens Artifact Experimental v4.4.0 Organizational Identity Sources attached to Enrollment Flows Available Experimental v2.2.0 v3.2.0 Cached records from external org identity sources Artifact Experimental v2.0.0 Data Filters attached to Organizational Identity Sources Experimental v4.1.0 Known applications; NOT IMPLEMENTED, replaced by co_services OBSOLETE Link from CO person role to Org identity OBSOLETE v0.2 v0.3 Per-CO invitations to join Tentative v0.1 v4.0.0 Application Preferences (frontend state) Tentative v4.0.0 Registry authentication events Artifact Tentative v2.0.0 Attribute enumerations (per-CO or platform-wide) Tentative v2.0.0 v4.0.0Table Name Description Category Status Introduced Last Updated cm_organization_source_records cm_orcid_tokens cm_co_enrollment_sources cm_org_identity_source_records cm_org_identity_source_filters cm_applications cm_co_person_sources cm_co_invites cm_application_preferences cm_authentication_events cm_attribute_enumerations
Plugin Tables
Tables for Available Plugins will not be created until the Plugin is activated.
Table Name | Description | Category | Plugin | Status | Introduced | Last Updated |
---|---|---|---|---|---|---|
cm_federation_sources | Federation Organization Sources | Available | Federation Source | Experimental | v4.4.0 | |
cm_ror_sources | ROR Organization Sources | Available | ROR Organization Source | Experimental | v4.4.0 | |
cm_novi_sources | Novi AMS Organizational Identity Sources | Experimental | v4.1.0 | |||
cm_ldap_sources | LDAP Organizational Identity Sources | Experimental | v2.0.0 | |||
cm_file_sources | File Organizational Identity Sources | Experimental | v2.0.0 | |||
cm_env_sources | Env Organizational Identity Sources | Experimental | v3.1.0 | v4.1.0 | ||
cm_orcid_sources | ORCID Organizational Identity Sources | Available | Tentative as of v3.2.0 | v2.2.0 | v3.2.0 | |
cm_salesforce_sources | Salesforce Organizational Identity Sources | Available | Experimental | v3.1.0 | v3.2.0 | |
cm_sql_sources | SQL Organizational Identity Sources | Available | Experimental | v4.1.0 | ||
cm_api_source_records | API Source Record Cache | Available | Experimental | v3.3.0 | ||
cm_api_sources | API Organizational Identity Sources | Available | Experimental | v3.3.0 | v4.1.0 | |
cm_co_changelog_provisioner_targets | Per-CO Changelog provisioning target configurations | Available | Tentative | v0.8 | ||
cm_co_announcements_widgets | Per-CO Announcements Widgets configuration | AnnouncementsWidget | Tentative | v3.2.0 | ||
cm_co_announcements | Per-CO Announcements | AnnouncementsWidget | Tentative | v3.2.0 | ||
cm_co_announcement_channels | Per-CO Announcement Channels | AnnouncementsWidget | Tentative | v3.2.0 | ||
cm_authenticator_reset_tokens | Authenticator Reset Tokens | Recovery Dashboard Widget | Experimental | v4.1.0 |