Skip to main content
Version: 8.2411.x.x RR

User

The user entity represents a person or a person's account in nevisIDM. Most of the attributes a user has are intuitive and familiar, such as contact information.

User IDs

As mentioned in the chapter Database tables and the nevisIDM data model, the user entity has an internal ID (primary key on the DB) and an external ID. Both identifiers uniquely specify a certain user entity. For authentication purposes, the user entity has a further ID, the login ID. It is not unique per se but only within a certain client. The same applies to the user's external ID.

The nevisIDM auth states and the web services often allow both types of user identification: by means of extId/client or loginId/client.

User state

A user can be in one of three states: active, disabled or archived. See the state diagram below. The normal state is active. Disabled means that the user is currently not able to log in. An archived user cannot log in either, but while a disabled user can become active again, the process of archiving a user cannot be reversed. When a user gets disabled or archived, all his profiles will get disabled or archived automatically too. See the chapter Profile for the states of a profile.

Archiving will keep the name and ID of the user blocked so they cannot accidentally be reused. Once a user has been archived, he can only be deleted, there is no other state transition from state "archived".

User state diagram

Template collection

The template collection attribute is special in that it specifies the template collection that has to be used whenever a communication event requires a template. Refer to the chapters Templates for details.

Database table TIDMA_USER

DB attributeJava data type (max. size), defaultsDescription
addressline1String(100), nullable
addressline2String(100), nullable
birth_dateDate, nullableDate of birth
cityString(50), nullable
client_idLong, not NULLForeign key that links to information in the table TIDMA_CLIENT
country_idLong, nullableThe ID of the country of the user.
dwelling_numberString(10), nullable"Wohnungnummer"optional extension according to eCH-0010 standard
emailString(300), nullable
extidString(129), not NULLExternal identifier
first_nameString(100), nullable
house_numberString(12), nullable"Hausnummer mit Zusatz"optional extension according to eCH-0010 standard
is_technical_userBoolean, not nullSpecial flag for purely technical users.
language_idLong, nullableThe ID of the preferred language of user. See TIDMR_LANGUAGE as ID reference table.
localityString(255), nullableThe English word "locality" refers to the German word "Gebiet". This attribute is an optional extension according to the eCH-0010 standard.
login_idString(300), not NULL
mobileString(50), nullableCan be restricted with a regex (see client policy).
modification_commentString(1000), nullableComment of related add/update/delete action.
nameString(120), nullableLast name
pobox_numberInteger, nullable"Postfachnummer" optional extension according to eCH-0010 standard
pobox_textString(15), nullable"Postfachtext" optional extension according to eCH-0010 standard
postalcodeString(10), nullable
remarksString(1000), nullable
sexString(1), nullable"M" or "F" or "O" (male or female or other)"O" (other) is a writable option, which is available when the client policy parameter application.feature.othergender.enabled is set to "true".
state_change_detailString(1000), nullableThis attribute is deprecated. Details of the user state change. The details of the state change can be defined as description in the TIDMR_CHANGE_REASON table.
state_change_reason_cdInteger, nullableUser state change reason code. The change reason code must exist in the TIDMR_CHANGE_REASON table.
state_changed_dateDate, nullableGets updated when the user's state changes. This attribute is interal and technical and therefore never shown on the GUI or web services.
state_idLong, not NULLID of the current state of the entity: 2: active; 7: disabled; 8: archived
streetString(120), nullable"Strasse"optional extension according to eCH-0010 standard
telefaxString(50), nullableCan be restricted with a regex (see nevisidm-prod.properties).
telephoneString(50), nullableCan be restricted with a regex (see nevisidm-prod.properties).
template_coll_idLong, not NULLThe template collection to use for communication events in the context of underlying user. Foreign key that links to information in the table TIDMA_TEMPLATE_COLLECTION
titleString(64), nullable
unique_emailString(300), nullableDerived, technical attribute for optionally enforcing uniqueness of e-mail per client.
user_idLong, not NULLPrimary key (uniquely identifies each individual DB entry)
valid_fromDate, nullableIf valid_from is in the future, the user is not allowed to log in (same behavior as if he would currently have the state "disabled"). Null value means no restriction.
valid_toDate, nullableIf valid_to is in the past, the user is not allowed to log in (same behavior as if he would currently have the state "disabled"). Null value means no restriction.

Database table TIDMA_USER_LOGIN_INFO

This database table holds the user's login information. Each time the user attempts an authentication, the information is updated. Compared to TIDMA_CRED_LOGIN_INFO (see the chapter: Login), the user login information is independent of the used authorization method. Furthermore, there is no failure counter on the user login information as the failure counter operates entirely on specific credentials.

The login information is explicitly stored in a separate entity and not on the user entity. This is for provisioning reasons of the user attributes/properties because having the login information on the user would mean that the technical timestamps of the user entity would be updated at every authentication.

DB attributeJava data type (max. size), defaultsDescription
last_loginDate, nullableTimestamp of last successful login. NULL means credential has never been used for a successful login.
last_login_failureDate, nullableDate of last, non-technical, login failure, e.g., wrong password. Technical failures (system problems) do not count; neither do login denials because of earlier login problems, e.g., locked account, etc.
user_idLong, not NULLForeign key that links to information in the table TIDMA_USER
user_login_info_idLong, not NULLPrimary key (uniquely identifies each individual DB entry)