User
The user entity represents a person or a person's account in nevisIDM. Most of the attributes a user has are intuitive and familiar, such as contact information.
User IDs
As mentioned in the chapter Database tables and the nevisIDM data model, the user entity has an internal ID (primary key on the DB) and an external ID. Both identifiers uniquely specify a certain user entity. For authentication purposes, the user entity has a further ID, the login ID. It is not unique per se but only within a certain client. The same applies to the user's external ID.
The nevisIDM auth states and the web services often allow both types of user identification: by means of extId/client or loginId/client.
User state
A user can be in one of three states: active, disabled or archived. See the state diagram below. The normal state is active. Disabled means that the user is currently not able to log in. An archived user cannot log in either, but while a disabled user can become active again, the process of archiving a user cannot be reversed. When a user gets disabled or archived, all his profiles will get disabled or archived automatically too. See the chapter Profile for the states of a profile.
Archiving will keep the name and ID of the user blocked so they cannot accidentally be reused. Once a user has been archived, he can only be deleted, there is no other state transition from state "archived".
Template collection
The template collection attribute is special in that it specifies the template collection that has to be used whenever a communication event requires a template. Refer to the chapters Templates for details.
Database table TIDMA_USER
DB attribute | Java data type (max. size), defaults | Description |
---|---|---|
addressline1 | String(100), nullable | |
addressline2 | String(100), nullable | |
birth_date | Date, nullable | Date of birth |
city | String(50), nullable | |
client_id | Long, not NULL | Foreign key that links to information in the table TIDMA_CLIENT |
country_id | Long, nullable | The ID of the country of the user. |
dwelling_number | String(10), nullable | "Wohnungnummer"optional extension according to eCH-0010 standard |
String(300), nullable | ||
extid | String(129), not NULL | External identifier |
first_name | String(50), nullable | |
house_number | String(12), nullable | "Hausnummer mit Zusatz"optional extension according to eCH-0010 standard |
is_technical_user | Boolean, not null | Special flag for purely technical users. |
language_id | Long, nullable | The ID of the preferred language of user. See TIDMR_LANGUAGE as ID reference table. |
locality | String(255), nullable | The English word "locality" refers to the German word "Gebiet". This attribute is an optional extension according to the eCH-0010 standard. |
login_id | String(300), not NULL | |
mobile | String(50), nullable | Can be restricted with a regex (see client policy). |
modification_comment | String(1000), nullable | Comment of related add/update/delete action. |
name | String(100), nullable | Last name |
pobox_number | Integer, nullable | "Postfachnummer" optional extension according to eCH-0010 standard |
pobox_text | String(15), nullable | "Postfachtext" optional extension according to eCH-0010 standard |
postalcode | String(10), nullable | |
remarks | String(1000), nullable | |
sex | String(1), nullable | "M" or "F" or "O" (male or female or other)"O" (other) is a writable option, which is available when the client policy parameter application.feature.othergender.enabled is set to "true". |
state_change_detail | String(1000), nullable | This attribute is deprecated. Details of the user state change. The details of the state change can be defined as description in the TIDMR_CHANGE_REASON table. |
state_change_reason_cd | Integer, nullable | User state change reason code. The change reason code must exist in the TIDMR_CHANGE_REASON table. |
state_changed_date | Date, nullable | Gets updated when the user's state changes. This attribute is interal and technical and therefore never shown on the GUI or web services. |
state_id | Long, not NULL | ID of the current state of the entity: 2: active; 7: disabled; 8: archived |
street | String(60), nullable | "Strasse"optional extension according to eCH-0010 standard |
telefax | String(50), nullable | Can be restricted with a regex (see nevisidm-prod.properties). |
telephone | String(50), nullable | Can be restricted with a regex (see nevisidm-prod.properties). |
template_coll_id | Long, not NULL | The template collection to use for communication events in the context of underlying user. Foreign key that links to information in the table TIDMA_TEMPLATE_COLLECTION |
title | String(20), nullable | |
unique_email | String(300), nullable | Derived, technical attribute for optionally enforcing uniqueness of e-mail per client. |
user_id | Long, not NULL | Primary key (uniquely identifies each individual DB entry) |
valid_from | Date, nullable | If valid_from is in the future, the user is not allowed to log in (same behavior as if he would currently have the state "disabled"). Null value means no restriction. |
valid_to | Date, nullable | If valid_to is in the past, the user is not allowed to log in (same behavior as if he would currently have the state "disabled"). Null value means no restriction. |
Database table TIDMA_USER_LOGIN_INFO
This database table holds the user's login information. Each time the user attempts an authentication, the information is updated. Compared to TIDMA_CRED_LOGIN_INFO
(see the chapter: Login), the user login information is independent of the used authorization method. Furthermore, there is no failure counter on the user login information as the failure counter operates entirely on specific credentials.
The login information is explicitly stored in a separate entity and not on the user entity. This is for provisioning reasons of the user attributes/properties because having the login information on the user would mean that the technical timestamps of the user entity would be updated at every authentication.
DB attribute | Java data type (max. size), defaults | Description |
---|---|---|
last_login | Date, nullable | Timestamp of last successful login. NULL means credential has never been used for a successful login. |
last_login_failure | Date, nullable | Date of last, non-technical, login failure, e.g., wrong password. Technical failures (system problems) do not count; neither do login denials because of earlier login problems, e.g., locked account, etc. |
user_id | Long, not NULL | Foreign key that links to information in the table TIDMA_USER |
user_login_info_id | Long, not NULL | Primary key (uniquely identifies each individual DB entry) |