Skip to main content
Version: 2.90.x.x Java 8 ELS

Profile

In nevisIDM, profiles are used to give users different sets of roles and authorizations. During authentication a user who has more than one profile will have to choose which profile he wants to work with. For example: a user could have a profile with administrative rights for some rare tasks and another profile for the daily business. Doing so, the accidental use of certain administrative authorizations can be avoided as the user has to log out/log in to use the profile with administrative rights.

In summary, a profile has the following main characteristics:

  • a user can have zero, one or more profiles.
  • by means of profiles authorizations are assigned to users.
  • a profile always belongs to exactly one unit. The user thus belongs to the unit to which his active profile belongs.
  • because the user is assigned via profile to a unit, it is possible, e.g., to model dual mandates of users and the user can thus belong to two units.
  • a user without any profile does not belong to any unit.

Profile state

A profile can be in one of three states: active, disabled or archived. The standard state is active. Disabled means that this profile cannot be used to log in at the moment. An archived profile cannot be used to log in either, but while a disabled profile can become active again, the process of archiving a profile cannot be reversed. Usually a profile has the same state as the user it belongs to since disabling/archiving a user will disable/archive all his profiles too. Beside this automatism it is possible to disable/archive a single selected profile of an active user.

Archiving a profile

Archiving will keep the name and IDs of the profile blocked so they cannot accidentally be reused. The authorizations held by the profile are automatically deleted. Once a profile has been archived, it can only be deleted physically, there is no other state transition from state "archived".

Database table TIDMA_PROFILE

DB attributeJava data type (max. size), defaultsDescription
client_idLong, not NULLDefines the client the profile belongs to. This information is redundant since a mapping between user and client exists too. However, the redundant information facilitates certain optimizations. Foreign key that links to information in the table TIDMA_CLIENT.
default_profileBoolean, not NULLDefines if the profile is the default profile of the user. The default profile is used for authentications where no interactions with the user can be performed. Instead of showing a selection view, the default profile is automatically chosen.
deputed_profile_idLong, not NULLPoints to the deputed profile from which non-nevisIDM roles and properties are inherited. Foreign key that links to information in the table TIDMA_PROFILE.
extidString(50), not NULLExternal identifier
modification_commentString(1000), nullableComment of related add/update/delete action.
nameString(100), not NULLName of the profile.
profile_idLong, not NULLPrimary key (uniquely identifies each individual DB entry)
remarksString(1000), nullable
state_idLong, not NULLThe ID of the state. The available states are: active; deactivated; archived
unit_idLong, not NULLForeign key that links to information in the table TIDMA_UNIT. Defines the unit the profile belongs to.
user_idLong, not NULLDefines the user the profile belongs to. Foreign key that links to information in the table TIDMA_USER.
valid_fromDate, nullableThe profile is valid from the valid_from date onward. If this date is in the future, the profile is not allowed to log in (similar to the "deactivated" setting of the state_id attribute). The "Null" value means no restriction.
valid_toDate, nullableThe profile is valid until the valid_to date. If this date is in the past, the profile is not allowed to log in (similar to the "deactivated" setting of the state_id attribute). The "Null" value means no restriction.