Panel | |
---|---|
|
Overview
The COmanage Registry Data Model revolves around the CO Person, which conceptually represents one person associated with a CO.
- A COmanage installation is referred to as a Collaboration Management Platform, or CMP.
- A CMP is a multi-tenant installation, each tenant is referred to as a Collaborative Organization or CO.
- The core operational record of a participant within the CO is the CO Person.
- The CO Person record maintains information that is unique to a person within the CO, such as names and identifiers.
- An individual person should only have one CO Person record within a CO.
- However, an individual person may participate in multiple COs housed within the same CMP, and could therefore have multiple CO Person records (each isolated from the other) within the CMP.
- In order for a person to become a CO Person, they must first have at least one Organizational Identity, which conceptually represents their identity as asserted by a "home" or "external" institution, such as their University or a social identity provider.
- It is possible for Org Identity records to be pooled across all COs within the CMP, however this setting is deprecated and not recommended.
- A person's external credentials (federated or social login information) are attached to the Organizational Identity, and typically used for access to the platform's services.
- A CO Person record is created and one or more Org Identities are linked to it.
- A CO Person may have one or more CO Person Roles within the CO. A CO Person Role record maintains information that is unique to a role a person has within a CO, such as title and physical address.
- For some use cases, it is necessary for the CO to manage credentials such as SSH Keys. In this case, these Authenticators attach to the CO Person.
There are two ways to create sets of CO People within a CO.
- CO Groups are simple collections of CO People. Any CO Person can create a CO Group.
- CO Units (or COUs) are intended to represent an organizational hierarchy, including delegation of CO Person administration. Only CO Administrators can create COUs.
- When COUs are enabled, CO Person Roles are attached to COUs.
Gliffy Diagram | ||||||
---|---|---|---|---|---|---|
|
See Also: Understanding Registry People Types
Tables
Registry is a database oriented application, with quite a few tables under the hood. These tables fall into a few broad categories:
- Primary Objects: Primary objects are those that directly relate to the primary purpose of Registry: storing information about people and other entities related to the organization. Example include CO Person and CO Departments.
- Secondary Objects: Secondary objects store additional information about Primary objects, in particular when there is a many-to-one relationship. Examples include Name and Email Address.
- Configuration Objects: Configuration objects primarily relate to the behavior of the application.
Table Metadata
In addition to the column definitions available for each table below, all tables have additional columns used by the framework and supporting code. These columns include
- Timestamps managed by Cake (
created
,modified
) - Columns used in support of Changelog Behavior
Table Status
The statuses for each table are defined as
- Stable: The table definition will not change in a backwards-incompatible manner across minor releases. Stable tables may only be removed in major releases.
- Tentative: The table definition will likely become stable, but may change in a backwards-incompatible manner across minor and patch releases. Tentative tables may be refactored or removed without notice.
- Experimental: No specific assertion is made about the stability of the table. It may be changed significantly or even removed without notice.
- Obsolete: The table is no longer in use as of the specified version.
- Not Implemented: The table definition is for planning purposes only.
Major, minor, and patch releases are as defined in semantic versioning.
Table Inventory
Table Name | Description | Status | Introduced |
---|---|---|---|
cm_ad_hoc_attributes | Ad Hoc Attributes | Tentative | v3.3.0 |
Addresses | Stable | v0.2 | |
cm_application_preferences | Application Preferences (frontend state) | Tentative | v4.0.0 |
cm_authenticator_reset_tokens | Authenticator Reset Tokens | Experimental | v4.1.0 |
cm_co_announcement_channels | Per-CO Announcement Channels | Tentative | v3.2.0 |
cm_co_announcements | Per-CO Announcements | Tentative | v3.2.0 |
cm_co_ |
Invitations to join CO
Per-CO person identity
Link from CO person to org person
announcements_widgets | Per-CO Announcements Widgets configuration | Tentative | v3.2.0 |
cm_api_source_records | API Source Record Cache | Experimental | v3.3.0 |
cm_api_sources | API Organizational Identity Sources | Experimental | v3.3.0 |
API (Programmatic) Users | Tentative | v0.2 | |
Known applications | Not Implemented, replaced by co_services | ||
cm_attribute_enumerations | Attribute enumerations (per-CO or platform wide) | Tentative | v2.0.0 |
cm_authentication_events | Registry authentication events | Tentative | v2.0.0 |
cm_authenticator_statuses | Authenticator Statuses | Tentative | v3.1.0 |
cm_authenticators | Authenticators | Tentative | v3.1.0 |
cm_certificate_authenticators | Certificate Authenticators | Experimental | v3.1.0 |
cm_certificates | Certificates | Experimental | v3.1.0 |
cm_clusters | Clusters | Tentative | v3.3.0 |
CMP enrollment attribute configuration | Tentative | v0.3 | |
CMP enrollment configuration | Tentative | v0.3 | |
Per-CO configured applications | Not Implemented | ||
cm_co_changelog_provisioner_exports | Obsolete as of v0.8.2 | v0.8 | |
Per-CO Changelog provisioning target configurations | Tentative | v0.8 | |
cm_co_crowd_provisioner_targets | Per-CO Crowd provisioning target configurations | Tentative | v3.2.0 |
cm_co_dashboard_widgets | Per-CO Dashboard Widgets | Tentative | v3.2.0 |
cm_co_dashboards | Per-CO Dashboards | Tentative | v3.2.0 |
cm_co_departments | Per-CO departments | Tentative | v3.1.0 |
Per-CO restrictions on publishing of directory information | Not Implemented | ||
cm_co_email_address_widgets | Per-CO Email Address Widgets configuration | Experimental | v4.1.0 |
cm_co_email_lists | Per-CO email lists | Tentative | v3.1.0 |
Per-CO enrollment flow attribute configurations | Stable | v0.3 | |
Default values for CO enrollment flow attributes configuration | Stable | v0.8.1 | |
cm_co_enrollment_authenticators | Authenticators attached to Enrollment Flows | Experimental | v3.3.0 |
cm_co_enrollment_clusters | Clusters attached to Enrollment Flows | Tentative | v3.3.0 |
cm_co_enrollment_flow_wedges | Enroller Plugins attached to Enrollment Flows | Tentative | v4.0.0 |
Per-CO enrollment flow configurations | Stable | v0.3 | |
cm_co_enrollment_sources | Organizational Identity Sources attached to Enrollment Flows | Experimental | v2.0.0 |
cm_co_expiration_counts | Per-CO expiration counts | Tentative | v2.0.0 |
Per-CO expiration policies | Stable | v0.9.2 | |
Per-CO extended attributes | Stable | v0.3 | |
Per-CO attribute type configurations | Stable | v0.6 | |
Per-CO FIFER services | Not Implemented | ||
Per-CO GitHub provisioning target configurations | Tentative | v0.9.1 | |
Per-CO per-Grouper target Grouper group map | Tentative | v0.8.3 | |
Per-CO Grouper provisioning target configurations | Tentative | v0.8.3 | |
Per-CO groups | Stable | v0.2 | |
Per-CO group memberships | Stable | v0.2 | |
cm_co_group_nestings | Per-CO group nestings | Tentative | v3.3.0 |
cm_co_group_ois_mappings | Per-CO mappings from OIS records to group memberships | Tentative | v2.0.0 |
Per-CO Home Directory provisioning target configurations | Experimental | v0.9 | |
Per-CO rules for identifier assignment | Stable | v0.6 | |
cm_co_identifier_validators | Per-CO identifier validators | Tentative | v2.0.0 |
Per-CO invitations to join | Tentative | v0.1 | |
cm_co_jira_provisioner_targets | Per-CO Jira provisioning target configurations | Tentative | v4.0.0 |
cm_co_job_history_records | Per-CO Job History Records | Tentative | v2.0.0 |
cm_co_jobs | Per-CO Job Records | Tentative | v2.0.0 |
Per-CO per-LDAP target attribute grouping definitions | Stable | v0.8 | |
Per-CO per-LDAP target attribute definitions | Stable | v0.8 | |
Per-CO per-LDAP target DN map | Stable | v0.8 | |
Per-CO LDAP provisioning target configurations | Stable | v0.8 | |
cm_co_ldap_service_token_provisioner_targets | Per-CO Per-LDAP target service token provisioning configurations | Experimental | v2.0.0 |
Per-CO Text Localizations | Stable | v0.8.3 | |
cm_co_mailman_lists | Per-CO Mailman Lists | Tentative | v3.1.0 |
cm_co_mailman_provisioner_targets | Per-CO Mailman provisioning target configurations | Tentative | v3.1.0 |
cm_co_message_templates | Per-CO Message Templates | Tentative | v2.0.0 |
cm_co_mid_point_provisioner_targets | Per-CO MidPoint provisioning target configuration | Experimental | V3.3.0 |
Per-Identifier tracking of assigned name-based sequences | Obsolete | ||
Per-CO Navigation Links | Stable | v0.8.2 | |
cm_co_notifications_widgets | Per-CO Notifications Widgets configuration | Tentative | v3.2.0 |
Per-CO Notifications | Stable | v0.8.4 | |
Demographics for statistics | Stable | v0.3 | |
Per-CO link to org identity | Stable | v0.3 | |
Per-CO person identity | Stable | v0.2 | |
Per-CO person role identity | Stable | v0.3 | |
Per-CO link from person to org person | Obsolete as of v0.3 | v0.2 | |
Per-CO enrollment petition attributes | Stable | v0.3 | |
Per-CO enrollment petition history records | Stable | v0.3 | |
Per-CO enrollment petitions | Stable | v0.3 | |
cm_co_pipelines | Per-CO pipelines | Tentative | v2.0.0 |
Per-provisioning target job execution counts | Stable | v4.3.0 | |
Per-CO provisioning target export record | Stable | v0.8.2 | |
Per-CO provisioning events to process | Not Implemented, replaced by cm_co_jobs | v0.8 | |
cm_co_provisioning_target_filters | Data Filters attached to CO Provisioning Targets | Tentative | v3.3.0 |
Per-CO provisioning targets | Stable | v0.8 | |
cm_co_recovery_widgets | Per-CO Recovery Widgets configuration | Experimental | v4.1.0 |
Per-CO person role assignments | Not Implemented | ||
Per-CO group memberships implied by role | Not implemented | ||
Per-CO role definitions | Not Implemented | ||
cm_ |
co_salesforce_provisioner_targets | Per-CO Salesforce provisioning target configurations | Tentative | v3.2.0 |
Stable | v0.9 | ||
Per-Identifier tracking of next values for sequentially assigned identifiers | Stable | v0.6 | |
cm_co_service_token_settings | Per-CO service token settings | Obsolete as of v3.3.0 | v2.0.0 |
cm_co_service_tokens | Per-CO service tokens | Obsolete as of v3.3.0 | v2.0.0 |
cm_co_services | Per-CO Services | Tentative | v2.0.0 |
Per-CO Settings | Stable | v0.9.1 | |
cm_co_sql_provisioner_targets | Per-CO SQL provisioning target configurations | Tentative | v3.3.0 |
Per-CO Person agreements to terms and conditions | Stable | v0.8.3 | |
Per-CO terms and conditions | Stable | v0.8.3 | |
cm_co_themes | Per-CO themes | Tentative | v2.0.0 |
cm_co_url_widgets | Per-CO URL Widgets configuration | Tentative | v3.2.0 |
COordinate configuration values | Obsolete | ||
cm_core_apis | Core APIs | Tentative | v4.0.0 |
Definitions of (virtual) organizations | Stable | v0.2 | |
Definitions of (virtual) organization units | Stable | v0.3 | |
cm_data_filters | Data Filters | Tentative | v3.3.0 |
cm_data_scrubber_filter_attributes | Per-CO Data Scrubber Filter Attributes | Tentative | v4.1.0 |
cm_data_scrubber_filters | Per-CO Data Scrubber Filters | Tentative | v4.1.0 |
cm_dictionaries | Dictionaries | Tentative | v4.0.0 |
cm_dictionary_entries | Dictionary Entries | Tentative | v4.0.0 |
cm_dictionary_identifier_validators | Dictionary Identifier Validator configurations | Tentative | v4.0.0 |
cm_dictionary_vetters | Dictionary Vetters | Experimental | v4.1.0 |
cm_elector_data_filter_precedences | Per-CO Elector Data Filter Precedence Rules | Experimental | v4.1.0 |
cm_elector_data_filters | Per-CO Elector Data Filters | Experimental | v4.1.0 |
cm_email_address_widget_verifications | Email Address Self Service Dashboard Widget Verifications | Experimental | v4.1.0 |
Email Addresses | Stable | v0.2 | |
cm_env_sources | Env Organizational Identity Sources | Experimental | v3.1.0 |
cm_file_sources | File Organizational Identity Sources | Experimental | v2.0.0 |
cm_group_filter_rules | Group Filter Rules | Experimental | v3.3.0 |
cm_group_filters | Group Filters | Tentative | v3.3.0 |
cm_group_name_filters | Group Name Filters | Tentative | v3.3.0 |
Transaction history (human readable) | Stable | v0.7 | |
cm_http_servers | HTTP Servers | Tentative | v3.2.0 |
cm_identifier_enroller_identifiers | Identifiers to be collected by an Identifier Enroller | Experimental | v4.0.0 |
cm_identifier_enrollers | Identifier Enrollers | Experimental | v4.0.0 |
Person identifiers, from organizational source | Stable | v0.2 | |
cm_identity_documents | Identity Documents | Tentative | v4.0.0 |
cm_kafka_servers | Kafka Servers | Experimental | v4.0.0 |
cm_ldap_identifier_validators | LDAP Identifier Validator configurations | Tentative | v2.0.0 |
cm_ldap_servers | LDAP Servers | Tentative | v3.2.0 |
cm_ldap_sources | LDAP Organizational Identity Sources | Experimental | v2.0.0 |
cm_locks | Process Locks | Tentative | v3.3.0 |
cm_match_server_attributes | ID Match Server Attributes | Tentative | v4.0.0 |
cm_match_servers | ID Match Servers | Tentative | v3.3.0 |
cm_meem_enrollers | MEEM Enrollers | Experimental | v4.0.0 |
cm_meem_mfa_statuses | MEEM MFA Status | Experimental | v4.0.0 |
cm_meta | Meta (platform) information | Tentative | v0.9.4 |
Names | Stable | v0.2 | |
cm_namespace_assigner_settings | Namespace Assigner Settings | Experimental | v4.1.0 |
cm_nationality_enrollers | Nationality Enrollers | Tentative | v4.0.0 |
Navigation Links | Stable | v0.8.2 | |
cm_net_forum_sources | netFORUM Organizational Identity Sources | Experimental | v2.0.0 |
cm_novi_sources | Novi AMS Organizational Identity Sources | Experimental | v4.1.0 |
cm_oauth2_servers | OAuth2 Servers | Tentative | v3.2.0 |
cm_orcid_sources | ORCID Organizational Identity Sources | Tentative as of v3.2.0 | v2.0.0 |
Person identity, from organizational source | Stable | v0.3 | |
cm_org_identity_source |
Definitions of organizations
...
_filters | Data Filters attached to Organizational Identity Sources | Experimental | v4.1.0 |
cm_org_identity_source_records | Cached records from external org identity sources | Experimental | v2.0.0 |
cm_org_identity_sources | External sources of organizational identities | Experimental | v2.0.0 |
cm_organizations | Definitions of (external) organizations | Tentative | v4.0.0 |
Definitions of (real) organizations | Obsolete as of v2.0.0 | v0.2 | |
cm_password_authenticators | Password Authenticators | Experimental | v3.1.0 |
cm_password_reset_tokens | Password Reset Tokens | Obsolete as of v4.1.0 | v4.0.0 |
cm_passwords | Passwords | Experimental | v3.1.0 |
Permissions for COoordinate | Not Implemented | ||
cm_privacy_idea_authenticators | Privacy IDEA Authenticators | Experimental | v4.0.0 |
cm_regex_identifier_validators | Regex Identifier Validator configurations | Tentative | v2.0.0 |
cm_salesforce_sources | Salesforce Organizational Identity Sources | Experimental | v3.1.0 |
cm_servers | Servers | Tentative | v3.2.0 |
cm_service_eligibilities | Service Eligibilities | Experimental | v4.1.0 |
cm_service_eligibility_enrollers | Service Eligibility Enrollers | Experimental | v4.1.0 |
cm_service_eligibility_settings | Service Eligibility Enroller Settings | Experimental | v4.1.0 |
cm_sponsor_manager_settings | Sponsor Manager Settings | Experimental | v4.1.0 |
cm_sql_servers | SQL Servers | Tentative | v3.2.0 |
cm_sql_sources | SQL Organizational Identity Sources | Experimental | v4.1.0 |
cm_ssh_key_authenticators | SSH Key Authenticators | Tentative | v3.3.0 |
SSH keys | Stable | v0.9 | |
Telephone numbers | Stable | v0.2 | |
Test Enrollers | Experimental | v4.0.0 | |
cm_totp_tokens | TOTP Tokens | Experimental | v4.0.0 |
cm_unix_cluster_accounts | Unix Cluster Accounts | Tentative | v3.3.0 |
cm_unix_cluster_groups | Unix Cluster Groups | Tentative | v3.3.0 |
cm_unix_clusters | Unix Clusters | Tentative | v3.3.0 |
cm_urls | URLs | Tentative | v3.1.0 |
cm_vetting_requests | Vetting Requests | Experimental | v4.1.0 |
cm_vetting_results | Vetting Results | Experimental | v4.1.0 |
cm_vetting_steps | Vetting Steps | Experimental | v4.1.0 |
cm_visual_compliance_vetters | Visual Compliance Vetters | Experimental | v4.1.0 |
- View All Tables in a list
- View data model as a high level ERD.