Table | cm_addresses |
---|---|
Description | Addresses |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
street | varchar(400) | Street | X.520 via RFC 4519 organizationalPerson |
|
room | varchar(64) | Room | X.520 via RFC 4519 organizationalPerson |
|
locality | varchar(128) | Locality (eg: city) | X.520 via RFC 4519 organizationalPerson |
|
state | varchar(128) | State or Province | X.520 via RFC 4519 organizationalPerson |
|
postal_code | varchar(16) | Postal Code | X.520 via RFC 4519 organizationalPerson |
|
country | varchar(128) | Country | X.521 via RFC 4519 country |
|
description | varchar(128) | Description | Added in Registry v3.1.0. | |
type | varchar(2) | Type of mail, as enumerated |
| When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model. |
language | varchar(16) | Language encoding of this address | For supported values, see | |
co_person_role_id | integer, foreign key | CO Person Record ID | Only one of | |
org_identity_id | integer, foreign key | Org Identity Record ID | Only one of | |
co_department_id | integer, foreign key | CO Department Record ID | cm_co_departments:id | Only one of co_person_id , org_identity_id , or co_department_id may be specified. Added in Registry v3.1.0. |
source_address_id | integer, foreign key | If Pipelines are in use, the Address ID for the Org Identity Address that created this record. | cm_addresses:id | Added in Registry v2.0.0. |
Table | cm_api_source_records |
---|---|
Description | API Source Record Cache |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
api_source_id | integer, foreign key | API Source ID | ||
sorid | varchar(1024) | SOR Record ID | ||
source_record | text | Unprocessed Source Record |
Table | cm_api_sources |
---|---|
Description | API Organizational Identity Sources |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
org_identity_source_id | integer, foreign key | Organizational Identity Source ID | ||
sor_label | varchar(32) | SOR Label | Removed in Registry v4.1.0 | |
api_user_id | integer, foreign key | API User ID | cm_api_users:id | For use in Push Mode |
poll_mode | varchar(2) | Poll Mode |
| Added in Registry v4.0.0 |
kafka_server_id | integer, foreign key | Server ID for use with Apache Kafka mode | cm_servers:id | Note foreign key is to Server model, not to KafkaServer model Added in Registry v4.0.0 |
kafka_groupid | varchar(80) | Kafka Client Group ID string | Added in Registry v4.0.0, removed in Registry v4.1.0 | |
kafka_topic | varchar(80) | Kafka Topic to consume | Added in Registry v4.0.0, removed in Registry v4.1.0 |
Table | cm_api_users |
---|---|
Description | API (Programmatic) Users |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO ID | cm_cos:id | If Added Registry v3.3.0 |
username | varchar(50) | User (login) name | ||
password | varchar(40) | Hashed password | SHA1, as used by CakePHP | Will be renamed |
privileged | boolean | If this API User is a "superuser" within its CO |
| Added Registry v3.3.0 |
status | varchar(2) | API User status |
| Added Registry v3.3.0 |
valid_from | datetime | API User is valid from this time | If null, valid any time through valid_through | Added Registry v3.3.0 |
valid_through | datetime | API User is valid through (but not past) this time | If null, valid any time from valid_from | Added Registry v3.3.0 |
remote_ip | varchar(80) | IP addresses this API User may connect from | Defined as regular expression, or null for any IP address | Added Registry v3.3.0 |
Table |
cm_applications |
---|---|
Description |
Known applications |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
name |
varchar(256) |
Application name |
|
|
enabled |
boolean |
Enabled applications are available to COs |
|
|
Table | cm_attribute_enumerations |
---|---|
Description | Attribute enumerations (per-CO or platform wide) |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO ID | cm_cos:id | Null when Org Identities are pooled and enumeration applies to an Org Identity attribute |
attribute | varchar(80) | Attribute this enumeration applies to | Model.attribute | Only attributes that support enumerations may be used here |
optvalue | varchar(128) | Enumerated option | Deprecated in v4.0.0, but maintained for data migration purposes; will be removed in PE | |
status | varchar(2) | Type status |
| Suspending an enumeration does not remove any uses of it from operation records |
dictionary_id | integer, foreign key | Dictionary ID | cm_dictionaries:id | Added v4.0.0 |
allow_other | boolean | Allow non-enumerated, "other" values | Added v4.0.0 |
Table | cm_authentication_events |
---|---|
Description | Registry authentication events |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
authenticated_identifier | varchar(256) | User (login) name |
| Should typically correlate with cm_identifiers:identifier |
authentication_event | varchar(2) | Type of authentication event |
|
|
remote_ip | varchar(40) | IP address of remote connection, if known |
Table | cm_authenticator_statuses |
---|---|
Description | Authenticator Statuses |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
authenticator_id | integer, foreign key | Authenticator ID | cm_authenticators:id | |
co_person_id | integer, foreign key | CO Person ID | cm_co_people:id | |
locked | boolean | Whether a given CO Person's Authenticator is locked |
|
Table | cm_authenticators |
---|---|
Description | Authenticators |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
description | varchar(256) | Description | ||
plugin | varchar(32) | Authenticator Plugin | ||
status | varchar(2) | Status |
| |
co_message_template_id | integer, foreign key | CO Message Template ID | cm_co_message_templates:id | Added Registry v4.0.0 |
Table |
cm_cmp_enrollment_attributes |
---|---|
Description |
CMP enrollment attribute configuration |
- There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
cmp_enrollment_configuration_id |
integer, foreign key |
CMP Enrollment Configuration ID |
|
|
attribute |
varchar(80) |
Organizational Identity attribute name |
Attributes defined in cm_org_identities or related tables (such as cm_addresses) |
|
type |
varchar(2) |
If attribute definition includes a type, associate this enrollment attribute with the specified type |
|
|
required |
integer |
If the flow requires this attribute |
|
|
ldap_name |
varchar(80) |
Name of LDAP attribute used to populate this attribute |
|
If enabled, attribute is authoritative to the originating organization. May be enabled along with saml_name. |
saml_name |
varchar(80) |
Name of SAML attribute used to populate this attribute |
|
If enabled, attribute is authoritative to the originating organization. May be enabled along with ldap_name. |
Table | cm_cmp_enrollment_configurations |
---|---|
Description | CMP enrollment configuration |
- Although the data model permits multiple CMP enrollment configurations to be defined, COmanage Registry currently only permits one active configuration for the platform.
- There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
- CO enrollment flows are handled via cm_co_enrollment_flows.
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
name | varchar(128) | Configuration Name | ||
attrs_from_ldap | boolean | Should CMP enrollment attempt to pull attributes from an organizational LDAP server before prompting for attributes? |
| Deprecated |
attrs_from_saml | boolean | If the enrollee must authenticate, should CMP enrollment attempt to extract attributes from a SAML assertion before prompting for attributes? |
| Deprecated |
attrs_from_env | boolean | Should organizational identity attributes be extracted from the server environment? (eg: those that might be set by the web server auth module.) |
| |
attrs_from_coef | boolean | Should CO enrollment flows be able to prompt for organizational identity attributes? (These attributes will be considered less authoritative than if they had been obtained via LDAP or SAML.) |
| |
pool_org_identities | boolean | Should organizational identities be pooled and made available to all COs on the CMP? |
| See CO-193 for additional information |
sponsor_enroll | boolean | Do enrollees need to have a sponsor to enroll? |
| Not implemented |
sponsor_active | boolean | Do enrollees need to have a sponsor to stay enrolled? |
| Not implemented |
eds_help_url | varchar(256) | For the Shibboleth Embedded Discovery Service, the help URL to publish | ||
eds_preferred_idps | text(4000) | For the Shibboleth Embedded Discovery Service, the entityIds to always show (one per line) | ||
eds_hidden_idps | text(4000) | For the Shibboleth Embedded Discovery Service, the entityIds to hide (one per line) | ||
redirect_on_logout | varchar(1024) | Redirect URL when user logs out | Added in Registry v4.0.0 | |
app_base | varchar(64) | Cached application base for use in generating notification URLs | Added in Registry v4.0.0 | |
status | varchar(2) | Configuration status |
| Only one CMP configuration may be active |
Table | cm_co_announcement_channels |
---|---|
Description | Per-CO Announcement Channels |
Plugin | AnnouncementsWidget |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
name | varchar(128) | Name | ||
status | varchar(2) | Status |
| |
author_co_group_id | integer, foreign key | CO Group ID | cm_co_groups:id | Members of this group may post to this channel |
reader_co_group_id | integer, foreign key | CO Group ID | cm_co_groups:id | Members of this group may read posts in this channel |
publish_html | boolean | Whether this channel may render HTML |
|
Table | cm_co_announcements |
---|---|
Description | Per-CO Announcements |
Plugin | AnnouncementsWidget |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_announcement_channel_id | integer, foreign key | CO Announcement Channel ID | ||
title | varchar(256) | Announcement title | ||
body | text | Announcement body | ||
valid_from | datetime | CO Announcement will be published from this time | If null, published any time through valid_through | |
valid_through | datetime | CO Announcement will be published through (but not past) this time | If null, published any time from valid_from | |
poster_co_person_id | integer, foreign key | Poster CO Person ID | cm_co_people:id |
Table | cm_co_announcements_widgets |
---|---|
Description | Per-CO Announcements Widgets configuration |
Plugin | AnnouncementsWidget |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_dashboard_widget_id | integer, foreign key | CO Dashboard Widget Record ID | ||
co_announcement_channel_id | integer | CO Announcement Channel ID | cm_co_announcement_channels:id |
Table |
cm_co_applications |
---|---|
Description |
Per-CO configured applications |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_id |
integer, foreign key |
CO Record ID |
cm_cos:id |
|
name |
varchar(256) |
Application name |
|
|
provisioned |
boolean |
Provisioned applications are available in the CO |
|
|
Table | cm_co_changelog_provisioner_targets |
---|---|
Description | Per-CO Changelog provisioning target configurations |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID | ||
logfile | varchar(256) | Logfile to write to |
Table | cm_co_dashboard_widgets |
---|---|
Description | Per-CO Dashboard Widgets |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_dashboard_id | integer, foreign key | CO Dashboard Record ID | ||
description | varchar(256) | Description | ||
plugin | varchar(32) | Dashboard Widget Plugin | ||
status | varchar(2) | Status of Dashboard Widget |
| |
ordr | integer | Order widget is rendered (lower numbers = earlier) |
Table | cm_co_dashboards |
---|---|
Description | Per-CO Dashboards |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
name | varchar(128) | Name | ||
description | varchar(128) | Description | ||
visibility | varchar(2) | Visibility of this Dashboard |
| |
visibility_co_group_id | integer, foreign key | CO Group ID | cm_co_groups:id | If set, visibility of this Dashboard is controlled by the specified group |
status | varchar(2) | Status |
|
Table | cm_co_departments |
---|---|
Description | Per-CO Departments |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
cou_id | integer, foreign key | COU Record ID | cm_cous:id | |
name | varchar(128) | Name | ||
description | varchar(128) | Description | ||
type | varchar(32) | CO Department type | Added in Registry v3.3.0. May be configured on a per-CO basis. See Extending the Registry Data Model. | |
introduction | text(4000) | Brief introduction describing department | Intended for rendering in Service Portal or Department Directory | |
leadership_co_group_id | integer, foreign key | CO Group ID describing the leadership (eg: chairs, VPs, etc) of the Department | cm_co_groups:id | |
administrative_co_group_id | integer, foreign key | CO Group ID describing the administrators (eg: department admin) of the Department | cm_co_groups:id | |
support_co_group_id | integer, foreign key | CO Group ID describing the support staff (eg: technical or administrative assistants) of the Department | cm_co_groups:id |
Table |
cm_co_directory_permissions |
---|---|
Description |
Per-CO restrictions on publishing of directory information |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
cm_org_person_id |
integer, foreign key |
Org Person Record ID |
|
|
attribute |
varchar(256) |
Schema attribute name |
Correlate to cm_co_person_roles columns |
Use attribute '*' to apply to entire record |
release |
boolean |
Released attributes are public |
|
|
Table | cm_co_email_lists |
---|---|
Description | Per-CO Email Lists |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_id | integer, foreign key | CO Record ID | cm_cos:id |
|
name | varchar(256) | Name | ||
description | varchar(256) | Description | ||
admins_co_group_id | integer, foreign key | CO Group ID for list administrators | cm_co_groups:id |
|
members_co_group_id | integer, foreign key | CO Group ID for list members | cm_co_groups:id | |
moderators_co_group_id | integer, foreign key | CO Group ID for list moderators | cm_co_groups:id | |
status | varchar(2) | Status |
|
|
Table | cm_co_enrollment_attributes |
---|---|
Description | Per-CO enrollment flow attribute configurations |
- There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_enrollment_flow_id | integer, foreign key | CO Enrollment Flow ID |
| |
label | varchar(80) | Name of attribute as presented during enrollment |
|
|
description | varchar(256) | Description of attribute, presented during enrollment |
|
|
attribute | varchar(80) | CO Person, CO Person Role, or Org Identity attribute name | Attributes defined in cm_co_people, cm_co_person_roles, cm_org_identities or related tables (such as cm_addresses), including cm_co_extended_attributes |
|
type | varchar(2) | If attribute definition includes a type, associate this enrollment attribute with the specified type |
|
|
required | integer | If the flow requires this attribute |
|
|
required_fields | varchar(160) | If this attribute has subfields, a comma separated list of which of those fields are required |
| Currently applies only to cm_names and cm_addresses |
ordr | integer | Order attribute is presented (lower numbers = earlier) |
|
|
hidden | boolean | Whether or not to display this attribute |
| Only honored when there is a non-modifiable default attribute value |
copy_to_coperson | boolean | When the Petition is created, duplicate the value in the attribute from the Org Identity to the corresponding attribute in the CO Person or CO Person Role record |
| Applies only to Org Identity attributes. |
ignore_authoritative | boolean | Whether or not to ignore authoritative values |
| Deprecated, to be removed in Registry v4.0.0 |
default_env | varchar(80) | If specified, the value held in this environment variable will be used as a default value for this attribute | Added in Registry v3.1.0 | |
login | boolean | For attributes of type Identifier, whether or not to flag the Identifier as able to login to Registry |
| Correlates to cm_identifiers:login |
language | varchar(16) | Language encoding of this attributes | For supported values, see |
Table |
cm_co_enrollment_attribute_defaults |
---|---|
Description |
Default values for CO enrollment flow attributes configuration |
- There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_enrollment_attribute_id |
integer, foreign key |
CO Enrollment Flow ID |
|
|
affiliation |
varchar(32) |
This default value applies when the enrollment CO Person Role affiliation matches |
cm_co_person_roles:affiliation |
Not yet implemented (CO-626) |
value |
varchar(80) |
Default value for this attribute |
|
|
modifiable |
boolean |
Whether or not the Petitioner may change the default value when the petition is created |
|
|
Table | cm_co_enrollment_authenticators |
---|---|
Description | Authenticators attached to Enrollment Flows |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_enrollment_flow_id | integer, foreign key | CO Enrollment Flow ID | ||
authenticator_id | integer, foreign key | Authenticator ID | ||
required | integer | Whether establishing this Authenticator is required |
|
Table | cm_co_enrollment_flows |
---|---|
Description | Per-CO enrollment flow configurations |
- There is no REST interface to this table since it is intended to configure the COmanage Registry UI.
- CO enrollment flows are subject to the CMP enrollment configuration (cm_cmp_enrollment_configurations).
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
name | varchar(128) | Flow Name | ||
sor_label | varchar(40) | SOR Label used in match requests | ID Match API | Added in Registry v4.1.0 |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
authz_level | varchar(2) | Authorization required to execute this enrollment flow |
| |
authz_cou_id | integer, foreign key | COU Record ID when authz_level is UA or UP | cm_cous:id | |
authz_co_group_id | integer, foreign key | CO Group Record ID when authz_level is CG | cm_co_groups:id | |
my_identity_shortcut | boolean | Whether a link to this flow should be rendered in the "My Identity" menu |
| Added Registry v3.2.0 |
co_pipeline_id | integer, foreign key | CO Pipeline to run for Org Identities created using this Flow | cm_co_pipelines:id | Unused, removed as of Registry v3.3.0 |
match_policy | varchar(2) | Policy for matching against existing CO People |
| |
match_server_id | integer, foreign key | Match Server ID when match_policy is External | cm_servers:id | Added Registry v4.1.0 |
enable_person_find | boolean | Enable People Picker API for unregistered petitioners associated with this Enrollment Flow |
| Added Registry v3.3.0 |
approval_required | boolean | Is approval required before any provisioning may occur? |
| Approvers defined by |
approver_co_group_id | integer, foreign key | CO Group Record ID for group whose members are authorized to approve petitions created by this flow | cm_co_groups:id | |
verify_email | boolean | Do org identity email addresses need to be verified? |
| Verification sends an email to the address with a URL Deprecated as of v2.0.0, use email_verification_mode instead |
email_verification_mode | varchar(2) | If/how org identity email addresses should be verified |
| Added in v2.0.0 See also Email Verification |
invitation_validity | integer | For invitations used to verify email addresses, the length of time (in minutes) the invitation is valid for | See also cm_co_settings | |
regenerate_expired_verification | boolean | Automatically regenerate confirmation links on validation of an expired link? |
| Added in v4.1.0 |
require_authn | boolean | Is the authentication required by the enrollee? |
| |
notification_co_group_id | integer, foreign key | CO Group Record ID whose members will be notified when petitions generated from the enrollment flow trigger certain events | cm_co_groups:id | |
status | varchar(2) | Configuration status |
| |
notify_from | varchar(256) | Address to send notifications from | RFC 5322 Address | Used in coinvite as source email address when sending out notifications |
verification_template_id | integer, foreign key | Template for verification email | cm_co_message_templates:id | |
verification_subject | varchar(256) | Subject for verification email | Deprecated as of v2.0.0, use message templates instead | |
verification_body | text(4000) | Body for verification email | Deprecated as of v2.0.0, use message templates instead | |
request_vetting | boolean | Request Vetting for the Enrollee |
| Added in Registry v4.1.0 |
notify_on_approval | boolean | Notify the enrollee on Petition approval? |
| As of v3.3.0, also triggers notification on denial |
approval_template_id | integer, foreign key | Template for approval email | cm_co_message_templates:id | |
approval_subject | varchar(256) | Subject for approval email | Deprecated as of v2.0.0, use message templates instead | |
approval_body | text(4000) | Body for approval email | Deprecated as of v2.0.0, use message templates instead | |
approver_template_id | integer, foreign key | Template for approver email | Added in Registry v4.3.0 | |
denial_template_id | integer, foreign key | Template for denial email | cm_co_message_templates:id | |
notify_on_finalize | boolean | Notify the enrollee on Petition finalization? |
| |
finalization_template_id | integer, foreign key | Template for finalization email | cm_co_message_templates:id | |
introduction_text | text(4000) | Introductory text displayed at the start of an Enrollment Flow | ||
conclusion_text | text(4000) | Conclusion text displayed at the bottom of a Petition form | ||
introduction_text_pa | text(4000) | Introductory text displayed at the top of a Petition form | Added in Registry v4.1.0 | |
t_and_c_mode | varchar(2) | Terms and Conditions mode |
| |
redirect_on_submit | varchar(256) | After a Petition is submitted, a URL (relative or absolute) to redirect the browser to | ||
redirect_on_confirm | varchar(256) | After the email address associated with a Petition is confirmed, a URL (relative or absolute) to redirect the browser to | ||
redirect_on_finalize | varchar(256) | After a Petition is finalized, a URL (relative or absolute) to redirect the browser to | Added in v3.1.0 | |
return_url_allowlist | text(4000) | Newline separated list of regular expressions representing permitted values to be passed into the petition as a URL to redirect to after the Petition is finalized | Added in v3.1.0, renamed from return_url_whitelist in v3.3.0 | |
ignore_authoritative | boolean | Whether or not to ignore authoritative values |
| |
duplicate_mode | varchar(2) | How to handle a detected duplicate enrollment |
| |
co_theme_id | integer, foreign key | Theme to use when executing this Enrollment Flow | cm_co_themes:id | Added v2.0.0 |
theme_stacking | varchar(2) | Whether to enable Theme Stacking for this Enrollment Flow. |
| Added v4.0.0 |
establish_authenticators | boolean | Whether to establish authenticators as part of enrollment |
| Added v3.3.0 |
establish_cluster_accounts | boolean | Whether to establish cluster accounts as part of enrollment |
| Added v3.3.0 |
Table | cm_co_enrollment_sources |
---|---|
Description | Organizational Identity Sources attached to Enrollment Flows |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_enrollment_flow_id | integer, foreign key | CO Enrollment Flow ID | ||
org_identity_source_id | integer, foreign key | Org Identity Source ID | ||
org_identity_mode | varchar(2) | Enrollment Source Mode |
| |
verify_family_name | boolean | Whether to verify the family name when creating an Org Identity from this Enrollment Source | Added in Registry v3.2.0 | |
ordr | integer | Order attribute is presented (lower numbers = earlier) |
Table | cm_co_expiration_policies |
---|---|
Description | Per-CO expiration policies |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_id | integer, foreign key | CO Record ID | cm_cos:id |
|
description | varchar(256) | Description |
|
|
status | varchar(2) | Expiration policy's status |
|
|
cond_cou_id | integer, foreign key | COU this expiration policy applies to | cm_cous:id | Conditions are AND'd together |
cond_affiliation | varchar(32) | Affiliation this expiration policy applies to | cm_co_person_roles:affiliation |
|
cond_before_expiry | integer | Number of days prior to expiration from which this policy will apply |
| Policy continues to apply until role valid_through |
cond_after_expiry | integer | Number of days after expiration at which point this policy will apply |
|
|
cond_count | integer | Number of times this policy will be applied | cm_co_expiration_counts:expiration_count | Since v1.1.0 |
cond_status | varchar(2) | Status this expiration policy applies to | cm_co_person_roles:status |
|
cond_sponsor_invalid | boolean | If true, this expiration policy applies to CO Person Roles sponsored by a CO Person who is no longer Active |
|
|
act_affiliation | varchar(32) | CO Person Roles matching this expiration policy will be set to this affiliation, if defined | cm_co_person_roles:affiliation |
|
act_clear_expiry | boolean | CO Person Roles matching this expiration policy will have their valid_through date cleared, if true |
|
|
act_cou_id | integer, foreign key | CO Person Roles matching this expiration policy will be moved to tis COU, if set | cm_cous:id |
|
act_notify_co_admin | boolean | If true, the CO Administrator(s) will be notified when this expiration policy matches |
|
|
act_notify_cou_admin | boolean | If true, the COU Administrator(s) will be notified when this expiration policy matches |
|
|
act_notify_co_group_id | integer, foreign key | If true, the members of the specified CO Group will be notified when this expiration policy matches | cm_co_groups:id |
|
act_notify_co_person | boolean | If true, the CO Person attached to the matching CO Person Role will be notified when this expiration policy matches |
|
|
act_notify_sponsor | boolean | If true, the Sponsor attached to the matching CO Person Role will be notified when this expiration policy matches | ||
act_notification_template_id | integer, foreign key | Template for notification email | cm_co_message_templates:id | |
act_notification_subject | varchar(256) | Subject for notification email |
| Deprecated, use message templates instead |
act_notification_body | text | Body for notification email |
| Deprecated, use message templates instead |
Table |
cm_co_extended_attributes |
---|---|
Description |
Per-CO extended attribute definitions |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_id |
integer, foreign key |
CO Record ID |
cm_cos:id |
|
name |
varchar(64) |
Database column name for attribute |
|
|
display_name |
varchar(64) |
Display name for attribute |
|
|
type |
varchar(32) |
Database type for attribute |
|
Once set, type cannot be changed |
index |
boolean |
Create database index for attribute |
|
|
Table |
cm_co_extended_types |
---|---|
Description |
Per-CO attribute custom type configurations |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_id |
integer, foreign key |
CO ID |
cm_cos:id |
|
attribute |
varchar(32) |
Attribute this type name applies to |
|
Only attributes that support extended types may be used here. |
name |
varchar(32) |
Database value for type |
|
As used by
|
display_name |
varchar(64) |
Display name for type |
|
|
edupersonaffiliation |
varchar(32) |
Optional mapping to eduPersonAffiliation |
Applies only when |
|
status |
varchar(2) |
Type status |
|
A deleted status cannot exist in any active attribute. A suspended status cannot be added to any new or updated attributes, but may continue to be used by existing active attributes. |
Table | cm_co_github_provisioner_targets |
---|---|
Description | Per-CO GitHub provisioning target configurations
|
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID | ||
github_user | varchar(80) | GitHub username | Account must have admin privileges for the GitHub Organization to be managed | |
github_org | varchar(80) | GitHub organization name | GitHub Organization to be managed | |
client_id | varchar(80) | Client ID as returned by GitHub | Provided at registration | |
client_secret | varchar(80) | Client secret as returned by GitHub | Provided at registration | |
access_token | varchar(80) | Access token as returned by GitHub | ||
provision_group_members | boolean | Whether the provisioner should provision CO Group Memberships to GitHub Team Memberships | ||
remove_unknown_members | boolean | Whether the provisioner should remove unknown GitHub Team Members | ||
provision_ssh_keys | boolean | Whether the provisioner should provision SSH Keys to GitHub | Not currently implemented |
Table | cm_co_groups |
---|---|
Description | Per-CO group definitions |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
cou_id | integer, foreign key | COU Record ID | cm_cous:id | Added v2.0.0. Initially intended for special groups, may be used for manual groups in the future. |
name | varchar(128) | Group name | ||
description | varchar(256) | Description | ||
open | boolean | An open group allows anyone to self-subscribe |
| |
status | varchar(2) | Group's status within CO |
| |
group_type | varchar(2) | Group Type |
| Added v2.0.0. |
auto | boolean | Automatic Group |
| Added v2.0.0. |
nesting_mode_all | boolean | Nested Group Memberships calculation mode |
| Added v4.0.0. |
Table | cm_co_group_members |
---|---|
Description | Per-CO group memberships |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_group_id | integer, foreign key | CO Group Record ID | cm_co_groups:id | |
co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id | |
member | boolean | Person is a member of the group |
| |
owner | boolean | Person is an owner of the group |
| |
valid_from | datetime | CO Group Membership is considered valid from this time | If null, valid any time through valid_through | Added in v3.2.0 |
valid_through | datetime | CO Group Membership is considered valid through (but not past) this time | If null, valid any time from valid_from | Added in v3.2.0 |
source_org_identity_id | integer, foreign key | If Pipelines are in use, the Org Identity ID of record that created this Group Membership | cm_org_identities:id | |
co_group_nesting_id | integer, foreign key | If set, this membership was created via a Nested Group and cannot be manually edited | cm_co_group_nestings:id | Added in v3.3.0 |
Table | cm_co_group_ois_mappings |
---|---|
Description | Per-CO mappings from OIS records to group memberships |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
org_identity_source_id | integer, foreign key | Org Identity Source ID | ||
attribute | varchar(80) | OIS attribute to examine | ||
comparison | varchar(4) | Comparison to perform |
|
|
pattern | varchar(80) | Pattern to match against | ||
co_group_id | nteger, foreign key | For match strategy of Email Address or Identifier, the type of the email address or identifier to use for matching | cm_co_extended_types:name |
Table | cm_co_homedir_provisioner_targets |
---|---|
Description | Per-CO Home Directory provisioning target configurations |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID |
Table | cm_co_identifier_assignments |
---|---|
Description | Per-CO rules for identifier assignment |
- There is currently no REST interface to this table.
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO ID | cm_cos:id | |
status | varchar(2) | Identifier Assignment status |
| Added v3.3.0 |
context | varchar(2) | Context (object type) this Identifier Assignment applies to |
| Added v3.3.0 |
co_group_id | integer, foreign key | If set, subject CO Person must be a member of this CO Group ID for for this Identifier Assignment to run | cm_co_groups:id | Added v4.1.0 |
identifier_type | varchar(32) | Type of identifier | cm_identifiers:type | A given identifier type may be used more than once |
email_type | varchar(32) | Type of email address to assign, if identifier_type is email | cm_email_addresses:type | If not blank and identifier type to be assigned is email, then an entry in cm_email_addresses will also be created, of this type |
description | varchar(256) | Description | ||
login | boolean | Registry login flag | Will be used to populate cm_identifiers:login | |
algorithm | varchar(2) | Algorithm to use to assign this identifier |
| |
plugin | varchar(64) | Plugin to use for identifier assignment, if set | Added v4.1.0 | |
format | varchar(256) | Format to use for this identifier | ||
permitted | varchar(2) | Valid characters permitted to substitute into format |
| |
minimum | integer | Minimum value to assign (for numeric identifiers). For sequential, this is the first number to assign. | ||
maximum | integer | Maximum value to assign. For sequential, if this number is reached identifier assignment will fail. | ||
collision_resolution | varchar(64) | Collision resolution mechanism | Not implemented | |
exclusions | varchar(8) | Characters and words to avoid in assignments |
| Not implemented |
ordr | integer | Order identifier assignment is run (lower numbers = earlier) | Added v3.3.0, need only be unique within context |
Table | cm_co_identifier_validators |
---|---|
Description | Per-CO identifier validators |
- There is currently no REST interface to this table.
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_id | integer, foreign key | CO ID | cm_cos:id |
|
description | varchar(256) | Description |
|
|
plugin | varchar(32) | Identifier Validator plugin |
| |
co_extended_type_id | integer, foreign key | Extended Type this plugin is configured to validate | Only EmailAddresses and Identifiers are supported | |
status | varchar(2) | Status of Identifier Validator |
|
|
Table | cm_co_invites |
---|---|
Description | Per-CO invitations to join |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id | |
varchar(256) | Email address invited | cm_email_addresses:mail | Copied rather than linked since the linked reference could change | |
skip_invite | boolean | Whether to skip the invitation step due to an already verified email address being present | Added in Registry v4.0.0 as a workaround for SkipIfVerified mode | |
email_address_id | integer, foreign key | Email Address ID to confirm | If set, the invite is intended to verify the linked email address | |
invitation | varchar(16) | Randomly generated activation key | ||
expires | datetime | Time at which invitation is no longer valid |
Table | cm_co_job_history_records |
---|---|
Description | Per-CO Job History Records |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_job_id | integer, foreign key | CO Job Record ID | cm_co_jobs:id |
|
record_key | varchar(64) | Record key associated with Job and Job Type |
|
|
co_person_id | integer, foreign key | CO Person ID this record applies to | cm_co_people:id | |
org_identity_id | integer, foreign key | Org Identity ID this record applies to | cm_org_identities:id | |
comment | varchar(256) | Description of the job task associated with this job history record |
|
|
status | varchar(2) | Status of the job task associated with this job history record |
|
Table | cm_co_jobs |
---|---|
Description | Per-CO Job Records |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
job_type | varchar(32) | Job Type |
| Plugin name added as of Registry v3.3.0. Enum style values deprecated, will be removed in v4.0.0 |
job_type_fk | integer | Foreign key value associated with Job Type | eg: cm_org_identity_sources:id Deprecated, will be removed in Registry v4.0.0 | |
job_mode | varchar(16) | Job Type-specific mode | ||
job_params | text | JSON encoded list of parameters to pass to the Job plugin | Added in Registry v3.3.0 Although this is a json document, native json types are not used since they are only available in relatively new versions of the RDBMSs. Also, ADOdb schema support for the json type is limited. | |
requeue_interval | integer | Upon successful completion, requeue a new copy of the same job after this many seconds | Added in Registry v4.0.0 | |
retry_interval | integer | Upon failure, retry the job after this many seconds | Added in Registry v4.0.0 A new copy of the job will be queued, and the original will be placed in failed status. | |
max_retry | integer | Maximum retries for this Job | Added in Registry v4.3.0 | |
max_retry_count | integer | Retry count | Added in Registry v4.3.0 | |
requeued_from_co_job_id | integer, foreign key | If this is a requeue or retry job, the original job | cm_co_jobs:id | Added in Registry v4.0.0 |
status | varchar(2) | Job Status |
| |
register_summary | varchar(256) | Summary description for status at time of job registration | ||
start_summary | varchar(256) | Summary description for status at time of job start | ||
finish_summary | varchar(256) | Summary description for status at time of job completion | ||
queue_time | timestamp | Time Job was queued | ||
start_after_time | timestamp | Time Job should be started after, or null for ASAP | Added in Registry v4.0.0 | |
start_time | timestamp | Time Job was started | ||
complete_time | timestamp | Time Job was completed | ||
percent_complete | integer | For In Progress Jobs, percent complete | Added in Registry v3.3.0 |
Table | cm_co_ldap_provisioner_attributes |
---|---|
Description | Per-CO per-LDAP target attribute grouping definitions |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_ldap_provisioner_target_id | integer, foreign key | CO LDAP Provisioner Target ID | ||
grouping | varchar(80) | Grouping of LDAP attributes | eg: "Address" includes street, l, st, and postal_code | |
type | varchar(32) | When populating attributes within this grouping, the type to use (or use all types if null/empty) |
Table | cm_co_ldap_provisioner_attributes |
---|---|
Description | Per-CO per-LDAP target attribute definitions |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_ldap_provisioner_target_id | integer, foreign key | CO LDAP Provisioner Target ID | ||
attribute | varchar(80) | LDAP attribute name | ||
objectclass | varchar(80) | Associated object class | Some attributes can occur in more than one object class (eg: cn can appear in person and groupOfNames) | |
type | varchar(32) | For attributes populated from typed sources, the type to use (or null/empty for all types) | ||
export | boolean | If true, export this attribute | ||
use_org_value | boolean | If true, use the appropriate Organizational Identity value instead of the CO Person value | Only applies to supported models (currently Identifier) |
Table | cm_co_ldap_provisioner_dns |
---|---|
Description | Per-CO per-LDAP target DN map |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_ldap_provisioner_target_id | integer, foreign key | CO LDAP Provisioner Target ID | ||
co_person_id | integer, foreign key | CO Person ID | cm_co_people:id | |
dn | varchar(256) | Assigned Distinguished Name |
Table | cm_co_ldap_provisioner_targets |
---|---|
Description | Per-CO LDAP provisioning target configurations |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID | ||
serverurl | varchar(256) | URL describing LDAP server to provision | Use to describe hostname, port, and SSL (use | |
binddn | varchar(128) | DN to bind as | ||
password | varchar(64) | Password to bind with | This column should be encrypted | |
basedn | varchar(128) | Base DN to provision People entries under | ||
dn_attribute_name | varchar(32) | When constructing the DN, the attribute name to use for the unique component | ||
dn_identifier_type | varchar(32) | When constructing the DN, the indentifier type to use to populate the attribute value for the unique component | cm_identifiers:type | |
group_basedn | varchar(128) | Base DN to provision Group entries under | ||
person_ocs | varchar(256) | Additional objectclasses to attach to a person record | RFC 4512 | Added v1.0.3 |
group_ocs | varchar(256) | Additional objectclasses to attach to a group record | RFC 4512 | Added v1.0.3 |
attr_opts | boolean | Enable attribute option support | Added v3.2.0 | |
scope_suffix | varchar(128) | For eduPerson attributes requiring scope, the scope to append | eduPerson | Added v2.0.0 |
unconf_attr_mode | varchar(2) | How to handle unconfigured attributes within a schema |
| Added v2.0.0 |
oc_eduperson | boolean | Enable eduPerson schema support | ||
oc_edumember | boolean | Enable eduMember schema support | ||
oc_groupofnames | boolean | Enable groupOfNames schema support | ||
oc_posixaccount | boolean | Enable posixAccount schema support | RFC 2307 | |
oc_posixgroup | boolean | Enable posixGroup schema support | RFC 2307 | Added v3.3.0 |
oc_voposixaccount | boolean | Enable voPosixAccount schema support | voPerson | Added v3.3.0 |
oc_voposixgroup | boolean | Enable voPosixGroup schema support | voPerson | Added v3.3.0 |
cluster_id | integer, foreign key | Cluster to provision for posixAccount/posixGroup purposes | cm_clusters:id | Currently only Unix Clusters are supported Added v3.3.0 |
oc_ldappublickey | boolean | Enable ldapPublicKey schema support | ldapPublicKey | |
oc_voperson | boolean | Enabled voPerson schema support | voPerson | Added v3.2.0 |
Table |
cm_co_localizations |
---|---|
Description |
Per-CO text localizations |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_id |
integer, foreign key |
CO Record ID |
cm_cos:id |
|
lkey |
varchar(40) |
Text key |
Corresponds to key in |
|
language |
varchar(16) |
Language rendering for this key |
Corresponds to |
|
text |
varchar(256) |
Localization to replace the default text |
|
|
Table | cm_co_mailman_lists |
---|---|
Description | Per-CO Mailman lists |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_mailman_provisioner_target_id | integer, foreign key | CO Mailman Provisioner Target ID |
| |
co_email_list_id | integer, foreign key | CO Email List ID |
| |
mailman_list_identifier | varchar(128) | Identifier assigned by Mailman for this CO Email List |
|
|
Table | cm_co_mailman_provisioner_targets |
---|---|
Description | Per-CO Mailman provisioning target configurations |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID | ||
serverurl | varchar(256) | URL for Mailman REST Admin server | ||
adminuser | varchar(128) | Administrator user name | ||
password | varchar(64) | Administrator password | This column should be encrypted | |
domain | varchar(128) | Mailman domain for this provisioner to manage | ||
pref_email_type | varchar(32) | If specified, the email address type that will be used as a subscriber's preferred address | cm_email_addresses:type |
Table | cm_co_message_templates |
---|---|
Description | Per-CO Message Templates |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO ID | cm_cos:id | |
description | varchar(256) | Description of this message template | ||
context | varchar(2) | Message context |
| As of v3.3.0, EA templates are also available for denial messages |
cc | varchar(256) | Comma separated list of addresses to cc | ||
bcc | varchar(256) | Comma separated list of addresses to bcc | ||
message_subject | varchar(256) | Message subject | ||
message_body | text | Message body | ||
status | varchar(2) | Template status |
| A suspended template cannot be added to new contexts. |
Table |
cm_co_name_identifier_assignments |
---|---|
Description |
Per-Identifier tracking of assigned name-based sequences |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_identifier_assignment_id |
integer, foreign key |
CO Identifier Assignment ID |
|
|
sequence |
varchar(256) |
Name-based sequence |
|
eg: pat.q.lee or pql |
last |
integer |
Last value used to assign this identifier |
|
|
Table |
cm_co_notifications |
---|---|
Description |
Per-CO text notifications |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
subject_co_person_id |
integer, foreign key |
CO Person Record ID this notification is about |
cm_co_people:id |
|
actor_co_person_id |
integer, foreign key |
CO Person Record ID this notification is from |
cm_co_people:id |
|
recipient_co_person_id |
integer, foreign key |
CO Person Record ID this notification was sent to |
cm_co_people:id |
Either this or |
recipient_co_group_id |
integer, foreign key |
CO Group Record ID this notification was sent to |
cm_co_groups:id |
Either this or |
resolver_co_person_id |
integer, foreign key |
CO Person Record ID this notification was resolved (acknowledged, canceled, resolved) by |
cm_co_people:id |
|
action |
varchar(4) |
Machine readable transaction code |
As defined in ActionEnum |
Local notifications should be identified with an action code beginning with the letter 'X' |
comment |
varchar(256) |
Human readable transaction description |
|
|
source_url |
varchar(160) |
URL associated with this notification, for more information or followup action |
|
Either this or the set of |
source_controller |
varchar(80) |
Cake controller, along with |
|
Either this or |
source_action |
varchar(80) |
See |
|
|
source_id |
integer |
See |
|
|
source_arg0 |
varchar(80) |
See |
|
|
source_val0 |
varchar(80) |
See |
|
|
email_subject |
varchar(256) |
Subject used for email sent as part of this Notification |
|
|
email_body |
text |
Message body used for email sent as part of this Notification |
|
|
resolution_subject |
varchar(256) |
Subject used for email sent when this Notification is resolved |
|
|
resolution_body |
text |
Message body used for email sent when this Notification is resolved |
|
|
status |
varchar(2) |
Notification status |
|
|
notification_time |
timestamp |
Time of most recent notification delivery |
|
Email notifications may be re-delivered, full history available via history records |
resolution_time |
timestamp |
Time of acknowledgment or resolution |
|
|
Table | cm_co_notifications_widgets |
---|---|
Description | Per-CO Notifications Widgets configuration |
Plugin | NotificationsWidget |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_dashboard_widget_id | integer, foreign key | CO Dashboard Widget Record ID | ||
max_notifications | integer | Maximum number of notifications to render |
Table |
cm_co_nsf_demographics |
---|---|
Description |
Demographics for statistics |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_person_id |
integer, foreign key |
CO Person ID |
cm_co_people:id |
|
gender |
varchar(2) |
self-asserted gender |
|
|
citizenship |
varchar(2) |
self-asserted citizenship |
|
|
ethnicity |
varchar(2) |
self-asserted ethnicity, may have multiple values selected |
|
|
race |
varchar(5) |
self-asserted race, may have multiple values selected |
|
|
disability |
varchar(4) |
self-asserted disability, may have multiple values selected |
|
|
Table |
cm_co_org_identity_links |
---|---|
Description |
Link from CO person role to Org identity |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_person_id |
integer, foreign key |
CO Person Record ID |
cm_co_people:id |
|
org_identity_id |
integer, foreign key |
Organization Person Record ID |
|
Table | cm_co_people |
---|---|
Description | Per-CO People |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO ID | cm_cos:id | |
timezone | varchar(80) | Person's preferred timezone | IANA Timezone Database | |
date_of_birth | date | Person's date of birth | Added in Registry v3.3.0 | |
status | varchar(2) | Person's status within CO |
|
Table | cm_co_person_roles |
---|---|
Description | Per-CO person roles |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_person_id | integer, foreign key | CO Person ID | cm_co_people:id | |
manager_co_person_id | integer, foreign key | CO Person ID of Manager | cm_co_people:id | Added in Registry v4.1.0 |
sponsor_co_person_id | integer, foreign key | CO Person ID of Sponsor for continued membership | cm_co_people:id | not necessarily the same as the enrollment sponsor in cm_co_petitions |
cou_id | integer, foreign key | COU ID | cm_cous:id | |
affiliation | varchar(8) | Broad affiliation to CO | eduPerson person | Extended Type |
title | varchar(128) | Title at CO | X.520 via RFC 4519 person | |
o | varchar(128) | CO | X.520 via RFC 4519 person | |
ou | varchar(128) | Departmental affiliation at CO | X.520 via RFC 4519 person | |
valid_from | datetime | Person Role is valid member of CO from this time | If null, valid any time through valid_through | |
valid_through | datetime | Person Role is valid member of CO through (but not past) this time | If null, valid any time from valid_from | |
ordr | integer | Order/Rank/Priority of this Person Role | Added in Registry v3.2.0 | |
status | varchar(2) | Person's Role status within CO |
| |
source_org_identity_id | integer, foreign key | If Pipelines are in use, the Org Identity ID of record that created this Person Role | cm_org_identities:id |
Table |
cm_co_person_sources |
---|---|
Description |
Link from CO person role to Org identity |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_id |
integer, foreign key |
CO ID |
cm_cos:id |
|
co_person_id |
integer, foreign key |
CO Person Record ID |
|
|
cou_id |
integer, foreign key |
COU ID |
cm_cous:id |
|
org_person_id |
integer, foreign key |
Organization Person Record ID |
|
Table |
cm_co_petition_attributes |
---|---|
Description |
Per-CO enrollment petition attributes |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_petition_id |
integer, foreign key |
CO Petition Record ID |
cm_co_petitions:id |
|
co_enrollment_attribute_id |
integer, foreign key |
CO Enrollment Attribute Record ID |
|
|
attribute |
varchar(80) |
Name of this attribute |
|
A single co_enrollment_attribute_id can point to more than one attribute, since (eg) the enrollment attribute 'Name' actually has several attributes (given, middle, surname, etc) |
value |
varchar(160) |
Value of this attribute requested for this Petition |
|
Note values are cast to varchar. |
attribute_foreign_key |
integer |
Row identifier of this value in the table described by co_enrollment_attribute_id |
|
The intent of this column is to link the attribute stored in the petition to the table that implements the production value. This linkage is primarily intended for the early part of the petition lifecycle, eg: to edit a petition. There is no referential integrity enforced on this column, and over time the foreign keys may become invalid. |
Table |
cm_co_petition_history_records |
---|---|
Description |
Per-CO enrollment petition history records |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_petition_id |
integer, foreign key |
CO Petition Record ID |
cm_co_petitions:id |
|
actor_co_person_id |
integer, foreign key |
CO Person Record ID |
cm_co_people:id |
Person who triggered the action |
action |
varchar(4) |
Machine readable transaction code |
|
|
comment |
varchar(160) |
Human readable comment |
|
|
Table | cm_co_petitions |
---|---|
Description | Per-CO enrollment petitions |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_enrollment_flow_id | integer, foreign key | CO Enrollment Flow Record ID | Enrollment Flow controlling this Petition | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | Same as co_enrollment_flow:co_id, repeated here to make retrieval by CO easier |
cou_id | integer, foreign key | COU Record ID | cm_cous:id | |
enrollee_org_identity_id | integer, foreign key | Org Identity Record ID | Populated if an Org Identity is created by form-based attribute collection during the flow. See also cm_org_identity_source_records:co_petition_id | |
archived_org_identity_id | integer, foreign key | Archived Org Identity Record ID | cm_org_identities:id | If an org identity is replaced during execution of an enrollment flow, this will hold the original org identity |
enrollee_co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id | Populated if a CO Person is created by form-based attribute collection during the flow |
enrollee_co_person_role_id | integer, foreign key | CO Person Role Record ID | Populated if a CO Person Role is created by form-based attribute collection during the flow | |
petitioner_co_person_id | integer, foreign key | CO Person Record ID of person initiating request | cm_co_people:id | |
sponsor_co_person_id | integer, foreign key | CO Person Record ID of person sponsoring request | cm_co_people:id | |
approver_co_person_id | integer, foreign key | CO Person Record ID of person approving request | cm_co_people:id | |
co_invite_id | integer, foreign key | CO Invite ID created as part of this Petition | This field is not persistant, and is only non-NULL when an invite is pending. | |
vetting_request_id | integer, foreign key | Vetting Request triggered as part of this Partition | cm_vetting_requests:id | Added in Registry v4.1.0 |
authenticated_identifier | varchar(256) | Authenticated identifier received as part of user authentication | Basically the contents of $REMOTE_USER | |
reference_identifier | varchar(40) | Reference Identifier returned from an ID Match service, when Match Type is External | TAP ID Match API | Added in Registry v4.1.0 |
petitioner_token | char(48) | For unauthenticated enrollments, token used to verify petitioner requests | ||
enrollee_token | char(48) | For unauthenticated enrollments, token used to verify enrollee requests | ||
return_url | varchar(256) | Upon completion of enrollment, URL to redirect to (superseding redirect_on_finalize) | Must match a whitelisted value in the associated Enrollment Flow configuration. | |
approver_comment | varchar(256) | Comment from approver upon reviewing petition | Added v3.3.0, intended to be suitable for display to enrollee. | |
status | varchar(2) |
| Tentative |
Table | cm_co_pipelines |
---|---|
Description | Per-CO pipelines |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO ID | cm_cos:id | |
name | varchar(128) | Name | ||
status | varchar(128) | Status of Org Identity Source Plugin |
| |
match_strategy | varchar(2) | Match strategy on add of new record |
| |
match_type | varchar(32) | For match strategy of Email Address or Identifier, the type of the email address or identifier to use for matching | cm_co_extended_types:name | |
match_server_id | integer, foreign key | Match Server ID | cm_match_servers:id | Added in Registry v3.3.0 |
sync_on_add | boolean | Sync record on add | ||
sync_on_update | boolean | Sync record on update | ||
sync_on_delete | boolean | Sync record on delete | ||
sync_coperson_status | varchar(2) | If set new CoPerson record will be created with this status |
| Added in Registry v3.3.1 |
create_role | boolean | Create a corresponding CO Person Role on sync | ||
sync_cou_id | integer, foreign key | When adding or updating a record, the COU the resulting Person Role should be attached to | cm_cous:id | |
sync_affiliation | varchar(32) | When adding or updating a CO Person Role, the affiliation given to the Role (regardless of Org Identity affiliation) | ||
sync_replace_cou_id | integer, foreign key | When adding a record, if a corresponding role is found in the specified COU delete/expire it | cm_cous:id | |
sync_status_on_delete | varchar(2) | When syncing a record on delete, set the corresponding Person Role to the specified status |
| |
sync_identifier_type | varchar(32) | When syncing relationships, the identifier type to use for mapping | cm_co_extended_types:name | Added in Registry v4.1.0 |
co_enrollment_flow_id | integer, foreign key | CO Enrollment Flow ID to trigger during sync | cm_co_enrollment_flows:id | Added in Registry v3.3.0 |
Table | cm_co_provisioning_exports |
---|---|
Description | Per-CO provisioning target export record |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID | ||
co_person_id | integer, foreign key | CO Person ID | cm_co_people:id | |
co_group_id | integer, foreign key | CO Group ID | cm_co_groups:id | |
co_email_list_id | integer, foreign key | CO Email List ID | cm_co_email_lists:id | |
co_service_id | integer, foreign key | CO Service ID | cm_co_services:id | Added Registry v3.3.0 |
exporttime | timestamp | Time of latest export |
Table | cm_co_provisioning_queued_events |
---|---|
Description |
|
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id | Person who triggered the action |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID | ||
status | varchar(2) | Status of provisioning request |
|
Table | cm_co_provisioning_targets |
---|---|
Description | Per-CO provisioning targets |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
description | varchar(256) | Description | ||
plugin | varchar(32) | Provisioning Plugin | ||
provision_co_group_id | integer, foreign key | If set, only CO People who are members of this CO Group (and only this CO Group, if groups are also provisioned) will be provisioned using this Provisioning Target | cm_co_groups:id | Added v2.0.0 |
status | varchar(2) | Provisioning Target mode |
| Enrollment Mode added v3.2.0 Queue Modes added v4.0.0 |
skip_org_identity_source_id | integer, foreign key | If set, provisioning will be skipped for CO Person records that have an Org Identity associated with the specified Org Identity Source | cm_org_identity_sources:id | Added v3.2.0 |
retry_interval | integer | For Queue Modes, interval in seconds to retry on failed provisioning | 0 disables retrying Added v4.0.0 | |
max_retry | integer | For Queue Mode, maximum number of times to retry | Added v4.3.0 | |
ordr | integer | Order attribute is presented (lower numbers = earlier) | Added v1.0.3 |
Table |
cm_co_role_assignments |
---|---|
Description |
Per-CO person role assignments |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_role_id |
integer, foreign key |
CO Role Record ID |
cm_co_roles:id |
|
co_person_id |
integer, foreign key |
CO Person Record ID |
|
|
percent_time |
integer |
Percent time Person is allocated to Role |
0 (none) to 100 (full) |
|
Table |
cm_co_role_groups |
---|---|
Description |
Per-CO group memberships implied by role |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_role_id |
integer, foreign key |
CO Role Record ID |
cm_co_roles:id |
|
co_group_id |
integer, foreign key |
CO Group Record ID |
cm_co_groups:id |
|
Table |
cm_co_roles |
---|---|
Description |
Per-CO role definitions |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_id |
integer, foreign key |
CO Record ID |
cm_cos:id |
|
description |
varchar(256) |
Description |
|
|
status |
varchar(2) |
Role's status within CO |
|
|
Table |
cm_co_self_service_permissions |
---|---|
Description |
Per-CO self service permissions |
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_id |
integer, foreign key |
CO Record ID |
cm_cos:id |
|
model |
varchar(40) |
Model this permission applies to |
|
|
type |
varchar(16) |
Type within model this permission applies to, or blank for default |
|
Default applies if there is no entry for a specific type |
permission |
varchar(16) |
Permission to be applied |
|
|
Table |
cm_co_sequential_identifier_assignments |
---|---|
Description |
Per-Identifier tracking of next values for sequentially assigned identifiers |
- There is currently no REST interface to this table.
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_identifier_assignment_id |
integer, foreign key |
CO Identifier Assignment ID |
|
|
affix |
varchar(256) |
String to attach the sequence number to |
|
Basically the non-sequence portion of cm_co_identifier_assignments:format |
last |
integer |
Last value used to assign this identifier |
|
|
Table | cm_co_service_token_settings |
---|---|
Description | Per-CO service token settings |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_service_id | integer, foreign key | CO Service ID |
| |
enabled | boolean | Whether this Service Token type is enabled |
| |
token_type | varchar(2) | Token type |
|
|
Table | cm_co_service_tokens |
---|---|
Description | Per-CO service tokens |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_service_id | integer, foreign key | CO Service ID | The service this token applies to | |
co_person_id | integer, foreign key | CO Person ID | cm_co_people:id | The person this token is for |
token | varchar(64) | Service (application) specific token |
| This column should be encrypted |
token_type | varchar(2) | Token type |
|
|
Table | cm_co_services |
---|---|
Description | Per-CO Services |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
cou_id | integer, foreign key | COU Record ID | cm_cous:id | |
name | varchar(256) | Name | ||
description | varchar(256) | Description | ||
short_label | varchar(32) | Service short label | Intended for use with LDAP attribute options | |
co_group_id | integer, foreign key | CO Group ID | cm_co_groups:id | If set, access to this service is controlled by the specified group, though the application is ultimately responsible for enforcement |
authenticator_id | integer, foreign key | Authenticator ID | cm_authenticators:id | Added v3.3.0 |
cluster_id | integer, foreign key | Cluster ID | cm_clusters:id | Added v3.3.0 |
service_url | varchar(256) | Service URL | A clickable link that directs the user to the service | |
service_label | varchar(1024) | Protocol specific identifier or label of the service, eg SAML Entity ID or OIDC Client ID | Added v3.1.0 Deprecated in v3.2.0, will be removed in v4.0.0 (CO-1595) | |
contact_email | varchar(128) | Email Address of contact responsible for this Service | RFC 5322 Address | |
entitlement_uri | varchar(256) | Entitlement URI associated with this Service | For authorization purposes, eg: ldap attribute population | |
visibility | varchar(2) | Visibility of this Service |
| In particular for use generating a user-visible list of Services |
identifier_type | varchar(32) | Identifier type associated with this Service | cm_co_extended_types:name | |
status | varchar(2) | Status |
|
Table | cm_co_settings |
---|---|
Description | Per-CO configuration settings |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
co_theme_id | integer, foreign key | Theme to use by default for this CO | cm_co_themes:id | When specified for the COmanage CO, will also apply as platform default theme |
co_dashboard_id | integer, foreign key | Primary Dashboard for this CO | cm_co_dashboards:id | Added Registry v3.2.0 |
enable_nsf_demo | boolean | Whether or not to enable NSF demographics tracking |
| |
disable_expiration | boolean | Whether or not expirations may be run automatically |
| |
disable_ois_sync | boolean | Whether or not Org Identity syncs may be run automatically |
| |
enable_normalization | boolean | Whether or not to enable normalizations |
| |
enable_empty_cou | boolean | Whether or not to permit empty COUs |
| Added Registry v3.3.0 |
group_validity_sync_window | integer | For reprovisioning based on CoGroupMember validity dates, the "look back" window, in minutes, or 0 to disable | See Registry Validity Dates and Registry Job Shell Added in Registry v3.2.0 | |
invitation_validity | integer | For invitations used as part of default enrollment, the length of time (in minutes) the invitation is valid for | See also cm_co_enrollment_flows:invitation_validity | |
permitted_fields_name | varchar(160) | A comma separated list of which of name fields are permitted | ||
required_fields_addr | varchar(160) | A comma separated list of which of address fields are required | See also cm_cmp_enrollment_attributes:required_fields | |
required_fields_name | varchar(160) | A comma separated list of which of name fields are required | See also cm_cmp_enrollment_attributes:required_fields | |
person_picker_email_type | varchar(160) | The type of email to use in the people picker JavaScript widget | Added in Registry v4.1.0 | |
person_picker_identifier_type | varchar(160) | The type of identifier to use in the people picker JavaScript widget | Added in Registry v4.1.0 | |
person_picker_display_types | boolean | Whether or not to display email and identifier type labels in the people picker JavaScript widget |
| Added in Registry v4.1.0 |
t_and_c_login_mode | varchar(2) | How to handle unacknowledged Terms and Conditions at login |
| |
sponsor_eligibility | varchar(2) | What CO People are eligible to be sponsors |
| |
sponsor_co_group_id | integer, foreign key | If sponsor_eligibility is CO Group Member, the group of eligible sponsors | cm_co_groups:id | |
default_co_pipeline_id | integer, foreign ey | Pipeline to run for Org Identities if no other Pipeline applies | cm_co_pipelines:id | |
elect_strategy_primary_name | varchar(2) | Election strategy for Primary Name |
| |
theme_stacking | varchar(2) | Whether to enable Theme Stacking within this CO. |
| Added in Registry v4.0.0 |
global_search_limit | integer | Maximum number of records per model to return via global search | Must be a positive integer, cannot be disabled (but can be set very large) Added in Registry v4.0.0 |
Table | cm_co_t_and_c_agreements |
---|---|
Description | Person agreements to terms and conditions |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_terms_and_conditions_id | integer, foreign key | CO Terms and Conditions Record ID | ||
co_person_id | integer, foreign key | CO Person ID (Person agreeing to the T&C) | cm_co_people:id | |
agreement_time | timestamp | Time T&C were agreed to | ||
identifier | varchar(256) | Identifier CO Person was authenticated as when T&C were agreed to | This is not a link to cm_identifiers in case the Identifier is subsequently deleted |
eTable | cm_co_terms_and_conditions |
---|---|
Description | Per-CO terms and conditions |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO Record ID | cm_cos:id | |
description | varchar(256) | Description | ||
url | varchar(256) | URL to terms and conditions | ||
body | text(4000) | Body of T&C, instead of URL | Since v3.2.0 | |
cou_id | integer, foreign key | If set, T&C must be agreed to by members of this COU | cm_cous:id | |
status | varchar(2) | Status of T&C |
| |
ordr | integer | Ascending order in which to display T&Cs | Since v3.1.0 |
Table | cm_co_themes |
---|---|
Description | Per-CO themes |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_id | integer, foreign key | CO Record ID | cm_cos:id |
|
name | varchar(80) | Name of this theme | ||
hide_title | boolean | Whether to suppress the CO title bar |
|
|
hide_footer_logo | boolean | Whether to suppress the "Powered by COmanage" logo | ||
css | text | Custom CSS used by this theme |
| |
header | text | Page layout header to emit |
|
|
footer | text | Page layout footer to emit |
Table | cm_configuration |
---|---|
Description | COordinate configuration values |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
attribute | varchar(256) | Configuration item |
|
|
value | varchar(256) | Configuration value |
|
|
Table | cm_cos |
---|---|
Description | Definitions of (virtual) organizations |
- CO Admins are defined by membership within the "admin" group within their CO
- Special CO with name "COmanage" is where COmanage Admins are listed
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
name | varchar(128) | CO Name |
|
|
description | varchar(256) | Description |
|
|
status | varchar(2) | CO's status |
| Template added Registry v3.2.0 |
Table | cm_cous |
---|---|
Description | Per-CO unit definitions |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_id | integer, foreign key | CO Record ID | cm_cos:id |
|
parent_cou_id | integer, foreign key | pointer to parent cou | cm_cous:id | |
lft | integer | Tree left value | required by CakePHP for tree functions | Automatically managed |
rght | integer | Tree right value | required by CakePHP for tree functions | Automatically managed |
name | varchar(128) | COU name |
|
|
description | varchar(256) | Description |
|
Note: The CakePHP implementation of the model that represents this table includes code that enables the model to support a tree structure and leverage class MPTT behavior. The result is extra structure not easily seen in the table definition above. Refer to the implementation for details.
Table | cm_email_addresses |
---|---|
Description | Email Addresses |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
varchar(256) | Internet mail address | RFC 4524 inetOrgPerson |
| |
description | varchar(128) | Description | Added in Registry v3.1.0. | |
type | varchar(32) | Type of mail, as enumerated |
| When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model. See also Recommendations For Email Addresses. |
verified | boolean | Was this address verified? |
| Verification is via a URL sent to the address |
co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id | Only one of |
org_identity_id | integer, foreign key | Org Identity Record ID | Only one of | |
co_department_id | integer, foreign key | CO Department Record ID | cm_co_departments:id | Only one of co_person_id , org_identity_id , or co_department_id may be specified. Added in Registry v3.1.0. |
source_email_address_id | integer, foreign key | If Pipelines are in use, the Email Address ID for the Org Identity Email Address that created this Name | cm_email_addresses:id | Added in Registry v2.0.0. |
Table | cm_env_sources |
---|---|
Description | Env Organizational Identity Sources |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
org_identity_source_id | integer, foreign key | Organizational Identity Source ID | ||
duplicate_mode | varchar(2) | Duplicate handling mode |
| Added in Registry v4.1.0 |
sp_type | varchar(2) | Web Server SP Provider |
| Added in Registry v4.3.0 |
redirect_on_duplicate | varchar(1024) | Redirect target on duplicate | Added in Registry v4.1.0 | |
env_name_honorific | varchar(80) | Environment variable holding official honorific | ||
env_name_given | varchar(80) | Environment variable holding official given name | ||
env_name_middle | varchar(80) | Environment variable holding official middle name | ||
env_name_family | varchar(80) | Environment variable holding official family name | ||
env_name_suffix | varchar(80) | Environment variable holding official suffix | ||
env_affiliation | varchar(80) | Environment variable holding affiliation | ||
env_title | varchar(80) | Environment variable holding title | ||
env_o | varchar(80) | Environment variable holding organization | ||
env_ou | varchar(80) | Environment variable holding department | ||
env_mail | varchar(80) | Environment variable holding official email address | ||
env_telephone_number | varchar(80) | Environment variable holding office telephone number | cm_telephone_numbers | |
env_address_street | varchar(80) | Environment variable holding office street | cm_addresses | |
env_address_locality | varchar(80) | Environment variable holding office locality/city | cm_addresses | |
env_address_state | varchar(80) | Environment variable holding office state | cm_addresses | |
env_address_postalcode | varchar(80) | Environment variable holding office postal code | cm_addresses | |
env_address_country | varchar(80) | Environment variable holding office country | cm_addresses | |
env_identifier_eppn | varchar(80) | Environment variable holding eppn | cm_identifiers | |
env_identifier_eppn_login | boolean | Whether eppn should be allowed to login to Registry | cm_identifiers | |
env_identifier_eptid | varchar(80) | Environment variable holding eptid | cm_identifiers | |
env_identifier_eptid_login | boolean | Whether eptid should be allowed to login to Registry | cm_identifiers | |
env_identifier_epuid | varchar(80) | Environment variable holding epuid | cm_identifiers | |
env_identifier_epuid_login | boolean | Whether epuid should be allowed to login to Registry | cm_identifiers | |
env_identifier_orcid | varchar(80) | Environment variable holding orcid | cm_identifiers | |
env_identifier_orcid_login | boolean | Whether orcid should be allowed to login to Registry | cm_identifiers | |
env_identifier_sorid | varchar(80) | Environment variable holding sorid | cm_identifiers | |
env_identifier_sorid_login | boolean | Whether sorid should be allowed to login to Registry | cm_identifiers | |
env_identifier_network | varchar(80) | Environment variable holding network | cm_identifiers | |
env_identifier_network_login | boolean | Whether network should be allowed to login to Registry | cm_identifiers |
Table | cm_file_sources |
---|---|
Description | File Organizational Identity Sources |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
org_identity_source_id | integer, foreign key | Organizational Identity Source ID | ||
filepath | varchar(256) | Path to source file | ||
archivedir | varchar(256) | Directory for archive of source files | Added v3.1.0 | |
threshold_warn | integer | Warning threshold for number of changed records to prevent processing of a full sync | Percentage of changed records | Added v4.0.0 |
threshold_override | boolean | If true, ignore threshold_warn for the next sync processing | Added v4.0.0 | |
format | varchar(2) | File Format |
| Added v4.0.0 |
Table | cm_history |
---|---|
Description | Transaction history (human readable) |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_person_id | integer, foreign key | CO Person Record ID change applied to | cm_co_people:id | |
co_person_role_id | integer, foreign key | CO Person Role Record ID change applied to | ||
org_identity_id | integer, foreign key | Organizational Identity Record ID change applied to | ||
co_group_id | integer, foreign key | CO Group Record ID change applied to | cm_co_group_members:id | |
co_email_list_id | integer, foreign key | CO Email List ID change applied to | cm_co_email_lists:id | |
co_service_id | integer, foreign key | CO Service ID change applied to | cm_co_services:id | Added Registry v3.3.0 |
actor_co_person_id | integer, foreign key | CO Person who executed or requested this change | cm_co_people:id | |
action | varchar(4) | Machine readable transaction code | As defined in ActionEnum | Local history should be identified with an action code beginning with the letter 'X'. |
comment | varchar(160) | Human readable transaction description |
Table | cm_http_servers |
---|---|
Description | HTTP Servers |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
server_id | integer, foreign key | Server ID | cm_servers:id | |
serverurl | varchar(256) | URL describing HTTP server | Use to describe hostname, port, and SSL | |
username | varchar(128) | Username to bind as | ||
password | varchar(400) | Password to bind with | This column should be encrypted Resized from 80 in v4.0.0 | |
auth_type | varchar(2) | HTTP Authentication Type |
| Added Registry v4.1.0 |
ssl_verify_peer | boolean | Verify SSL Certificate | Added Registry v3.3.0 | |
ssl_verify_host | boolean | Verify SSL Certificate Hostname | Added Registry v3.3.0 |
Table | cm_identifiers |
---|---|
Description | Person identifiers |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
identifier | varchar(256) | Identifier | As per type definition | |
type | varchar(32) | Type of identifier | Arbitrary values may be configured via cm_co_extended_types (for identifiers attached to COs, only) or default values available are
| mail is intended for CO generated mail aliases/addresses to be stored, regardless of whether or not they are in use. Email addresses intended to be reflected into directories or other downstream locations should be stored in the email_addresses table. |
login | boolean | Registry login flag |
| Only applies to identifiers attached to Org Identities. |
status | varchar(2) | Identifier's status |
| An identifier marked deleted is no longer considered in use by COmanage, but it cannot be reassigned. Prior to v2.0.0, the status D/Deleted was used instead of S/Suspended. |
co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id | Only one of |
org_identity_id | integer, foreign key | Org Identity Record ID | Only one of | |
co_department_id | integer, foreign key | CO Department Record ID | cm_co_departments:id | Only one of co_person_id , org_identity_id , co_group_id , or co_department_id may be specified. Added in Registry v3.1.0. |
co_group_id | integer, foreign key | CO Group Record ID | cm_co_groups:id | Only one of co_person_id , org_identity_id , co_group_id , or co_department_id may be specified. Added in Registry v3.3.0. |
source_identifier_id | integer, foreign key | If Pipelines are in use, the Identifier ID for the Org Identity Identifier that created this record. | cm_identifiers:id | Added in Registry v2.0.0. |
co_provisioning_target_id | integer, foreign key | CO Provisioning Target ID | cm_co_provisioning_targets:id | ie: The Provisioning Target that assigned (and is responsible for managing) this Identifier. Added in Registry v3.1.0. |
Table | cm_ldap_identifier_validators |
---|---|
Description | LDAP Identifier Validators |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_identifier_validator_id | integer, foreign key | Identifier Validator ID |
| |
serverurl | varchar(256) | URL describing LDAP server to provision | Use to describe hostname, port, and SSL (use | |
binddn | varchar(128) | DN to bind as | ||
password | varchar(64) | Password to bind with | RFC 4513 | This column should be encrypted |
basedn | varchar(128) | Base DN to search under |
| |
filter | varchar(256) | Search filter to execute to check availability | %s used as a placeholder for identifier |
Table | cm_ldap_servers |
---|---|
Description | LDAP Servers |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
server_id | integer, foreign key | Server ID | cm_servers:id | |
serverurl | varchar(256) | URL describing LDAP server | Use to describe hostname, port, and SSL (use | |
binddn | varchar(128) | DN to bind as | ||
password | varchar(64) | Password to bind with | This column should be encrypted | |
basedn | varchar(128) | Base DN to provision People entries under |
Table | cm_ldap_sources |
---|---|
Description | LDAP Organizational Identity Sources |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
org_identity_source_id | integer, foreign key | Organizational Identity Source ID |
| |
serverurl | varchar(256) | URL describing LDAP server | Use to describe hostname, port, and SSL (use | |
binddn | varchar(128) | DN to bind as |
| |
password | varchar(64) | Password to bind with | This column should be encrypted | |
basedn | varchar(128) | Base DN to provision People entries under |
| |
key_attribute | varchar(64) | Attribute in LDAP record holding a persistent unique identifier |
| |
search_filter | varchar(128) | Search filter to constrain retrieved objects |
| |
uid_attr | varchar(64) | Attribute to map to Org Identity Identifier of type UID | Temporary, will be replaced by CO-1346 | |
uid_attr_login | boolean | Whether to flag the attribute created from uid_attr as for login | Temporary, will be replaced by CO-1346 |
Table | cm_match_servers |
---|---|
Description | ID Match Servers |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
server_id | integer, foreign key | Server ID | cm_servers:id | |
serverurl | varchar(256) | URL describing HTTP server | Use to describe hostname, port, and SSL | |
username | varchar(128) | Username to bind as | ||
password | varchar(64) | Password to bind with | This column should be encrypted | |
sor_label | varchar(40) | SOR Label used in match requests | ID Match API | Removed in Registry v4.1.0 |
is_comanage_match | boolean |
| Removed in Registry v4.0.0 |
Table | cm_meta |
---|---|
Description | Platform Meta Information |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
upgrade_version | varchar(16) | Current platform version (via upgrade shell) |
|
|
Table | cm_names |
---|---|
Description | Person names |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
honorific | varchar(32) | Dr, Mr, Ms, etc |
|
|
given | varchar(128) | First/Given name(s) |
|
|
middle | varchar(128) | Middle name(s) |
|
|
family | varchar(128) | Last/Family name(s) |
|
|
suffix | varchar(32) | Jr, III, PhD, etc |
|
|
language | varchar(16) | Language encoding of this name | For supported values, see | |
type | varchar(2) |
|
| When attached to a CO Person, types may be configured on a per-CO basis. See Extending the Registry Data Model. |
primary_name | boolean |
|
| Exactly one name per CO Person and one per Org Identity should have primary_name true at all times |
co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id | Only one of |
org_identity_id | integer, foreign key | Org Identity Record ID | Only one of | |
source_name_id | integer, foreign key | If Pipelines are in use, the Name ID for the Org Identity Name that created this Name | cm_names:id |
Table | cm_net_forum_sources |
---|---|
Description | netFORUM Organizational Identity Sources |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
org_identity_source_id | integer, foreign key | Organizational Identity Source ID |
| |
serverurl | varchar(256) | Prefix to the WSDL URL |
| |
username | varchar(128) | XML Username, as provided by support |
|
|
password | varchar(64) | XML Password, as provided by support |
| This column should be encrypted |
query_committees | boolean | Whether to also query committee memberships for group membership mappings |
| |
query_events | boolean | Whether to also query event records for group membership mappings |
|
Table | cm_oauth2_servers |
---|---|
Description | OAuth2 Servers |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
server_id | integer, foreign key | Server ID | cm_servers:id | |
serverurl | varchar(256) | OAuth2 Server endpoint | Endpoint to OAuth2 services | |
clientid | varchar(120) | OAuth2 Client ID | ||
client_secret | varchar(80) | OAuth2 Client Secret | This column should be encrypted | |
access_grant_type | varchar(2) | OAuth2 Access Grant Type |
| Implicit and Password Credentials not currently supported |
scope | varchar(256) | OAuth2 Token Scope | RFC 6749 | |
refresh_token | varchar(160) | Current refresh token | RFC 6749 | |
access_token | varchar(160) | Current access token | RFC 6749 | |
token_response | text | Full token received from OAuth2Server | Intended so specific implementations can access vendor specific attributes |
Table | cm_orcid_sources |
---|---|
Description | ORCID Organizational Identity Sources |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
org_identity_source_id | integer, foreign key | Organizational Identity Source ID | ||
server_id | integer, foreign key | Server ID | cm_servers:id | Added v3.2.0 |
|
|
| Removed v3.2.0 | |
|
|
|
Removed v3.2.0 | |
|
|
|
Removed v3.2.0 |
Table | cm_org_identities |
---|---|
Description | Person identity, from institutional source |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
status | varchar(2) | Org Identity status |
| Added in v2.0.0. Currently intended primarily for org identities synced from an org identity source. |
date_of_birth | date | Person's date of birth | Added in Registry v3.3.0 | |
affiliation | varchar(8) | Broad affiliation to source organization | eduPerson person | |
title | varchar(128) | Title at source organization | X.520 via RFC 4519 person | |
o | varchar(128) | Source organization | X.520 via RFC 4519 person | |
ou | varchar(128) | Departmental affiliation at source organization | X.520 via RFC 4519 person | |
valid_from | datetime | Org Identity is considered valid from this time | If null, valid any time through valid_through | Added in v2.0.0 |
valid_through | datetime | Org Identity is considered valid through (but not past) this time | If null, valid any time from valid_from | Added in v2.0.0 |
manager_identifier | varchar(512) | Identifier for this Org Identity's manager | cm_identifiers:identifier | Added in v4.1.0 |
sponsor_identifier | varchar(512) | Identifier for this Org Identity's sponsor | cm_identifiers:identifier | Added in v4.1.0 |
|
|
| Unused column removed in v2.0.0 | |
co_id | integer, foreign key | If | cm_cos:id |
Table | cm_org_identity_source_records |
---|---|
Description | Cached records from external org identity sources |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
org_identity_source_id | integer, foreign key | The Org Identity Source this record is from | ||
sorid | varchar(1024) | The Org Identity Source's unique key for this record | ||
source_record | text | The raw (unprocessed) record from the Org Identity Source | May be used in a diff operation to detect changes | |
last_update | timestamp | Time of last retrieval from Org Identity Source | ||
org_identity_id | integer, foreign key | Org Identity created from and associated with this source record | cm_org_identities:id | |
co_petition_id | integer, foreign key | CO Petition that created this Org Identity | cm_co_petitions:id | Added in Registry v3.1.0 |
reference_identifier | varchar(40) | If this record was subject to ID Match, the Reference Identifier obtained from the Match request | TAP ID Match API | Added in Registry v3.3.0 |
Table | cm_org_identity_sources |
---|---|
Description | External sources of organizational identities |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | If | cm_cos:id | |
description | varchar(256) | Description | ||
sor_label | varchar(40) | SOR Label used in match requests | ID Match API | Added in Registry v4.1.0 |
plugin | varchar(32) | Org Identity Source Plugin | Corresponds to plugin name | |
status | varchar(2) | Status of Org Identity Source Plugin |
| |
sync_mode | varchar(2) | How to process this Org Identity Source when processed via JobShell |
| |
sync_query_mismatch_mode | varchar(2) | How to process a Query that returns on an email search but the record does not actually contain that email |
| |
sync_query_skip_known | boolean | When in Query mode, whether to skip email addresses already linked to records in the Org Identity Source |
| |
sync_on_user_login | boolean | If a CO Person has an Org Identity from this Source, perform a sync when the CO Person logs in to Registry |
| Added in Registry v3.1.0 |
eppn_identifier_type | varchar(128) | Identifier type in Org Identity Source record to use to create an identifier of type ePPN associated with this Org Identity | ||
eppn_suffix | varchar(128) | Suffix (right hand side) to append to identifier of type eppn_identifier_type to create an identifier of type ePPN | Should not include @ | |
hash_source_record | boolean | Whether to store a hash of the Org Identity Source Record rather than the full source record | Controls what is stored in cm_org_identity_source_records:source_record Added in Registry v3.1.0 | |
co_pipeline_id | integer, foreign key | CO Pipeline to run when an identity is added from this source | cm_co_pipelines:id |
Table | cm_password_authenticator |
---|---|
Description | Password Authenticator |
Plugin | Password Authenticator |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
authenticator_id | integer, foreign key | Authenticator ID | cm_authenticators:id | |
password_source | varchar(2) | How the password is generated and managed |
| When set to External, the Password can only be set via the API Added Registry v3.3.0 |
min_length | integer | Minimum permitted password length | Between 8 and 64, default 8 Only applies if password_source is Self Select | |
max_length | integer | Maximum permitted password length | Between 8 and 64, default 64 Does not apply if password_source is External | |
format_crypt_php | boolean | Hash the password in Crypt format, as implemented by PHP password_hash function using PASSWORD_DEFAULT, and suitable for use with password_verify |
| Added Registry v3.2.0 |
format_plaintext | boolean | Store the password in plaintext |
| Added Registry v3.2.0 |
format_sha1_ldap | boolean | Hash the password in Salted SHA1 format, suitable for use in LDAP authentication |
| Added Registry v3.2.0 |
enable_ssr | boolean | Enable Self Service Reset |
| Added Registry v4.0.0, Removed Registry v4.1.0 |
ssr_validity | integer | Reset Token validity, in minutes | Added Registry v4.0.0, Removed Registry v4.1.0 | |
co_message_template_id | integer, foreign key | CO Message Template ID for ssr message | cm_co_message_templates:id | Added Registry v4.0.0, Removed Registry v4.1.0 |
redirect_on_success_ssr | varchar(256) | URL to redirect to on success of ssr | Removed Registry v4.1.0 | |
username_reminder_message_template_id | integer, foreign key | CO Message Template ID for Username Reminder message | cm_co_message_templates:id | Not implemented |
Table | cm_passwords |
---|---|
Description | Passwords |
Plugin | Password Authenticator |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
password_authenticator_id | integer, foreign key | Password Authenticator ID | cm_password_authenticators:id | |
co_person_id | integer, primary key | CO Person ID | cm_co_people:id | |
password | varchar(256) | Password, in format specified by password_type | ||
password_type | varchar(2) | Format type of password |
|
Table |
cm_permissions |
---|---|
Description |
Permissions for COoordinate |
- Special CO with id "1" and name "COmanage" (linked via cm_co_person_roles:co_id) is where COordinate Admins are listed
Column |
Format |
Description |
Definition |
Comments |
---|---|---|---|---|
id |
integer, primary key |
Row identifier |
autoincrement |
|
co_person_id |
integer, foreign key |
CO Person Record ID |
|
|
permission |
varchar(2) |
Permission |
|
|
Table | cm_regex_identifier_validators |
---|---|
Description | Regular Expression Identifier Validators |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
co_identifier_validator_id | integer, foreign key | Identifier Validator ID |
| |
pattern | varchar(256) | Perl Compatible Regular Expression describing acceptable identifier format |
Table | cm_salesforce_sources |
---|---|
Description | Salesforce Organizational Identity Sources |
Plugin |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
org_identity_source_id | integer, foreign key | Organizational Identity Source ID | ||
server_id | integer, foreign key | Server ID | cm_servers:id | Added v3.2.0 |
|
|
|
Removed v3.2.0 | |
|
|
| Removed v3.2.0 | |
|
|
|
Removed v3.2.0 | |
search_contacts | boolean | Whether to query Salesforce Contact objects |
| Unintuitively, if neither search_contacts nor search_users is true, then all objects will be searched |
search_users | boolean | Whether to query Salesforce User objects |
| |
custom_objects | varchar(256) | Comma separated list of objects to query for additional attributes | ||
Removed v3.2.0 | ||||
Removed v3.2.0 | ||||
instance_url | varchar(256) | Current Salesforce instance | Salesforce OAuth | |
groupable_attrs | blob | Cached list of attributes available for CO Group mapping | Internal format based on response from Salesforce API |
Table | cm_servers |
---|---|
Description | Servers |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
co_id | integer, foreign key | CO ID | cm_cos:id | |
description | varchar(128) | Description | ||
server_type | varchar(2) | Server Type |
| |
status | varchar(2) | Status of Server |
|
Table | cm_ssh_key_authenticator |
---|---|
Description | SSH Key Authenticator |
Plugin | SSH Key Authenticator |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement | |
authenticator_id | integer, foreign key | Authenticator ID | cm_authenticators:id |
Table | cm_ssh_keys |
---|---|
Description | SSH Keys |
Plugin | SSH Key Authenticator (as of Registry v3.3.0) |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
ssh_key_authenticator_id | integer, foreign key | Authenticator ID | cm_authenticators:id | Added v3.3.0 |
comment | varchar(256) | Comment associated with key |
|
|
type | varchar(16) | Type of key |
|
|
skey | text | Public key data |
|
|
co_person_id | integer, foreign key | CO Person Record ID | cm_co_people:id |
|
Table | cm_telephone_numbers |
---|---|
Description | Telephone Numbers |
Column | Format | Description | Definition | Comments |
---|---|---|---|---|
id | integer, primary key | Row identifier | autoincrement |
|
country_code | varchar(3) | Telephone Country Code | ITU E.164 | |
area_code | varchar(8) | Telephone Area (National Destination) Code | ITU E.164 | |
number | varchar(64) | Telephone Subscriber Number | ITU E.164 |
|
extension | varchar(16) | Telephone Extension | Location specific | |
description | varchar(128) | Description | Added in Registry v3.1.0. | |
type | varchar(2) | Type of telephone |
| When attached to a CO Person Role, types may be configured on a per-CO basis. See Extending the Registry Data Model. |
co_person_role_id | integer, foreign key | CO Person Role Record ID | Only one of | |
org_identity_id | integer, foreign key | Org Identity Record ID | Only one of | |
co_department_id | integer, foreign key | CO Department Record ID | cm_co_departments:id | Only one of co_person_id , org_identity_id , or co_department_id may be specified. Added in Registry v3.1.0. |
source_telephone_number_id | integer, foreign key | If Pipelines are in use, the Telephone Number ID for the Org Identity Telephone Number that created this record. | cm_telephone_numbers:id | Added in Registry v2.0.0. |