Skip to main content

Datamodell

Identity Warehouse (IdW) database skjema

Master Identifiers

Databasetabellen inneholder digitale identiteter (definert av en UH-ID) og dens tilknytning til én eller flere unike identifikatorer. Unike identifikatorer kan være et nasjonalt ID-nummer, et midlertidig nasjonalt ID-nummer, et ansattnummer knyttet til en institusjon, et studentnummer knyttet til en institusjon, et lokalt brukernavn, en lokal epostaddresse, et SO-nummer eller en kombinasjon av attributter som for eksempel juridisk etternavn, passnummer, land og institusjonstilknytning.

FieldData TypeField LengthNullablePri KeySource: master_employee and master_student processing
created_atNoTimestamp of identity creation
held_byvarchar36NoXUHID - Randomly generated GUID
identifiervarchar200NoXidentifier type + “:” + identifier value
institutionvarcharNoSource institution
typevarcharNoidentifier type
valuevarcharNoidentifier value

RIDB database skjema

Master Persons

Databasetabellen inneholder masterdata informasjon for alle brukere. En bruker kan ha flere innslag i master_persons hvis brukeren har tilknytning til flere kildesystem.

FieldData TypeField LengthNullable
idvarchar50No
uhidvarchar36No
uhunvarchar9No
statuschar1No
eppnvarchar36Yes
employee_novarchar45Yes
first_namevarchar254Yes
last_namevarchar254Yes
fnrvarchar12Yes
alternate_identificationvarchar100Yes
birthdatevarchar10Yes
classification_groupvarchar5Yes
classification_subgroupvarchar5Yes
start_datevarchar10Yes
end_datevarchar10Yes
end_reasonvarchar254Yes
main_positionvarchar12Yes
main_position_percentvarchar6Yes
main_organizationvarchar12Yes
secondary_positionsvarchar500Yes
external_idvarchar254Yes
emailvarchar254Yes
telephonevarchar100Yes
personal_mobilevarchar30Yes
personal_mobile_foreignvarchar30Yes
personal_postal_codevarchar20Yes
personal_cityvarchar50Yes
personal_statevarchar50Yes
personal_emailvarchar100Yes
passport_numbervarchar50Yes
deadbitYes
hard_match_conflictsvarchar4000Yes
soft_match_conflictsvarchar4000Yes
updated_datedateYes
extension_sentdateYes
extended_todateYes
fs_pinvarchar12Yes
source_institutionvarchar10No
source_systemvarchar3No
source_idvarchar50No
created_atdatetimeNo
updated_atdatetimeNo
process_idvarchar100Yes
processed_atdatetimeYes

SAP Tabeller

Databasetabellene inneholder informasjon fra SAP om ansatte, organisasjoner og stillinger. Last-tabellene populeres direkte ved bruk av API-kall til SAP via IntArk. Master-tabellene populeres ved bruk av data fra last-tabellene.

  • SAP Last-tabeller
    • employees_load
    • orgs_load
    • positions_load
  • SAP Master-tabeller
    • master_orgs
    • master_positions

SAP master_orgs

FieldData TypeField LengthNullablePri Key**Source Table: **orgs_load
idvarchar100NoXsource_institution + “:” + source_system + “:orgs:” + id
managed_byvarchar100NoXsource_institution + “:” + source_system + “:employee:” + managerEmployeeNos
short_namevarchar45NoshortName
namevarchar45Noname
parent_idvarchar45Yessource_institution + “:” + source_system + “:orgs:” + parentId
statusvarchar1No“A”
streetvarchar100YesN/A
cityvarchar100YesN/A
statevarchar45YesN/A
postal_codevarchar45YesN/A
countryvarchar45YesN/A
costcentervarchar45Yescostcenter
source_institutionvarchar45Nosource_institution
source_systemvarchar45Nosource_system
source_idvarchar45Noid
inserted_atdatetimeNoSystem date
updated_atdatetimeNoSystem date
processed_atdatetimeYesSystem date
process_idvarchar45YesInternal process ID

SAP master_positions

FieldData TypeField LengthNullablePri Key**Source Table: **positions_load
idvarchar45NoXsource_institution + “:” + source_system + “:positions:” + id
held_byvarchar45NoXsource_institution + “:” + source_system + “:employee:” + held_by
held_fromdateYesheld_from
held_untildateYesheld_until
statusvarchar1No_calculated – “A”
job_codevarchar12Yesjob_code
titlevarchar50Yestitle
organizationvarchar33Nosource_institution + “:” + source_system + “:orgs:” + organization
yrkvarchar10Yesyrk
position_groupvarchar50Yespostion_group
position_group_idvarchar12Yespostion_group_id
source_institutionvarchar45Nosource_institution
source_systemvarchar45Nosource_system
source_idvarchar45Noid + “:” held_by
inserted_atdatetimeNoSystem date
updated_atdatetimeNoSystem date
processed_atdatetimeYesSystem date
process_idvarchar45YesInternal process ID

FS Tabeller

Databasetabellene inneholder data fra FS om vurderingstider, land, språk, semester, studentvurderinger, studentundervisning, studienivåer, studieprogrammer, studieretter og emner. Last-tabellene populeres direkte ved bruk av API-kall til FS via IntArk. Master-tabellene populeres ved bruk av data i last-tabellene.

  • FS Last-tabeller
    • assessmenttimes_load
    • countries_load
    • languages_load
    • roles_load
    • semester_load
    • studentassessments_load
    • students_load
    • studentteaching_load
    • studylevels_load
    • studyprograms_load
    • studyrights_load
    • teaching_load
    • teachingactivity_load
    • topics_load
  • FS Master-tabeller
    • master_assessmenttimes
    • master_countries
    • master_languages
    • master_roles
    • master_semester
    • master_studentassessments
    • master_studentteacher
    • master_studylevels
    • master_studyprograms
    • master_studyrights
    • master_teaching
    • master_teachingactivity
    • master_topics

OrgReg Tabell

Databasetabellen orgreg_load inneholder alle orgenhetene registrert i OrgReg. Tabellen populeres direkte ved bruk av API-kall til OrgReg via IntArk.

FieldData TypeField LengthNullablePri Key**API Source: **orgreg
source_institutionvarchar5NoXstatic – Action Set ‘institution’ parameter
source_systemvarchar10NoXstatic – ‘OrgReg’
external_key_source_systemvarchar45NoXexternalKeys.sourceSystem
external_key_typevarchar45NoXexternalKeys.Type
external_key_valuevarchar45NoXexternalKeys.Value
source_idvarchar20NoXouId
notevarchar200Yesnote
english_namevarchar200YesenglishName
valid_fromdateYesvalidFrom
norwegian_homepagevarchar100YesnorwegianHomepage
norwegian_namevarchar100YesnorwegianName
emailvarchar45Yesemail
acronymvarchar45Yesacronym
english_homepagevarchar45YesenglishHomepage
postal_codevarchar45YespostalAddress.postalCode
countryvarchar45YespostalAddress.country
statevarchar45YespostalAddress.stateOrProvinceName
cityvarchar45YespostalAddress.city
faxvarchar45Yesfax
visit_streetvarchar100YesvisitAddress.street
visit_cityvarchar45YesvisitAddress.city
visit_countryvarchar45YesvisitAddress.country
visit_postal_codevarchar45YesvisitAddress.postalCode
phonevarchar45Yesphone.countryCode + phone.number
predecessorsvarchar45Yespredecessors
inserted_ondatetimeNoSystem date
updated_ondatetimeNoSystem date
processed_ondatetimeYesSystem date
process_idvarchar45YesInternal process ID

Portal directory (Portal LDAP)

Portal directory er en LDAP-katalog som inneholder informasjon om brukere.

AttributeDisplay nameDescriptionTypeExampleMullti valued
idautoIDUH-IDUHID (Automatically Generated GUID)String3ddf4822-77ed-4c27-909e-7c826ca10423
idautoPersonSAMAccountNameUH-UN (UH username)UH username (2+3+4)Stringlaols0070
idautoPersonSystem1IDLegacy UsernameInstitution unique usernameStringlao123
idautoPersonSystem2IDLegacy EmailInstitution unique emailStringlao123@institution.no
idautoPersonSystem5IDEPPNeduPersonPrincipalName (Feide ID)Stringlao123@institution.no
mailEPPN/FeideIDeduPersonPrincipalName (Feide ID)Stringlao123@institution.no
idautoPersonNationalIDNational identity number (NIN)National Identity Number (F-nr, D-nr, S-nr)String010199100122
givenNameFirst NameUser’s first name.StringMicky
snLast NameUser’s last nameStringMouse
idautoPersonPreferredNamePreferred NameUser’s preferred first nameStringMick
idautoPersonPreferredLastNamePreferred Last NameUser’s preferred last nameStringMous
displayNameFull NameFull legal name from sourceStringMicky Mouse
idautoPersonAffiliationPrimary AffiliationUser’s primary affiliationStringEmployee
idautoPersonAffiliationsAffiliationsMultivalued field containing all birthright roles associated with the personString[Employee, Student]
idautoPersonDeptCodePrimary ORG TuplePrimary org affiliation tupleString0000001501|IT|IT-Senter|Department of IT Services|000000
idautoPersonDeptCodesAffiliated ORGs TupleAffiliated orgs tupleString[0000001501|IT|IT-Senter|Department of IT Services|000000]
idautoPersonActivityCodeORG-ERA TupleORG-ERA TupleString[subjectCode|ERGOB1070,studyprogramCode|ERGB,orgShortName|HV-U-NVH-R]
idautoPersonAppRoles1Engagement RolesEngagement rolesString[iam:employee:institution/SAM-U/SAM-U-HHS]
idautoPersonAppRoles2Birthright System EntitlementsOrgEra Assigned Entitlements by birthrightString[active directory, ldap, framework, lenel, ms office 365]
idautoPersonAppRoles4Email NotificationsMultivalued attribute mainly used for seperation emailsString[separationEmailSent:20230131, separationEmailSend:20230201]
idautoPersonAppRoles5Birthright System Entitlements ProvisionedProvisioned birthright entitlementsString[lenel, apex, active directory, ldap]
idautoPersonAppRoles6Requested System EntitlementsSystem entitlements that have been requested by the userString[topdesk:operator, topdeskoperatorgroup:4c28c38f-c1aa-4685-a5d6-dad78923f241]
idautoPersonAppRoles7Target IDsUser identifiers for synced target systems.String[topdeskoperator:0f24b366-35d4-4891-98d5-b4a372c099ec, topdesk:d03b615b-5a86-47a4-a06d-45925c5431a6]
idautoPersonAppRoles8Requested System Entitlements ProvisionedSystem entitlements that have been requested and provisionedString[topdesk:operator, topdeskoperatorgroup:4c28c38f-c1aa-4685-a5d6-dad78923f241]
idautoPersonAppRoles10Business RolesBusiness roles (tech name)String[iam:employee, iam:manager, iam:adm]
idautoPersonExt5PIN CodePIN Code for accesscardString1234
idautoPersonExt6Guest SponsorGuest sponsor (e.g. from GREG)String15d2de0b-b103-47d8-bddb-f595f8238fb0
idautoPersonExt9Engagement TupleMultivalued engagement tupleString["studentstatus=aktiv|privatist=false|student=true" , "1009|2310 112|1|1|01.01.2012|31.12.9999"]
idautoPersonExt10Engagement Types TupleMultivalued engagement types tupleString[roles|IPH3000|ERGB|,position|institution|HV-U-NVH|HV-U-NVH-R|fcaf059a-7018-4f73-a177-2b4543e9576d]
idautoPersonExt12Manager's UH-IDUHID for the users managerString15d2de0b-b103-47d8-bddb-f595f8238fb0
idautoPersonExt13Deputy's UH-IDUHID for the users deputyString15d2de0b-b103-47d8-bddb-f595f8238fb0
idautoPersonExt19Last UpdatedTimestamp when user was last updated in Portal LDAPString2024-02-28 16:01
idautoPersonExt20Historical Password HashesHash used to check for password reusal. Contains timestamp aswellStringZa1RAhhjRunI5PChpoioTTQjp8eWChvaBC3782JDnoSRq5ti|20230414070630
idautoPersonExtBool1Reservation FlagReservation flag from source systemBooleanTRUE
idautoPersonExtBool2Account override FlagUser will not be deleted if override flag is trueBooleanTRUE
idautoPersonExtBool3Account Deletion override FlagUser will be deleted if override flag is trueBooleanTRUE
idautoPersonExtBool4Claim Mail SentMarks the user indicating that claim mail has been sentBooleanTRUE
idautoPersonAllAccessTermDateDeprovision DateUsed for tracking when an account was disabled in RIString (zulu)202103310000Z
idautoPersonSchoolIDFS Personløpenummer"Personløpenummer" from FSString11122
idautoPersonStuIDFS Student NumberStudent Number from FSString333444
idautoPersonEnrollDateStudent start dateCalculated startdate for student affiliationString (zulu)202401010000Z
idautoPersonTermDateStudent end dateCalculated enddate for student affiliationString (zulu)202407010000Z
idautoPersonGraduationDateStudent extension dateWill be set if the user requests to extend their accountString2024-08-01
idautoPersonCourseCodesFS Subject CodesSubject codes from FSString[roles:PRV000,studentassessment:VPL01]
idautoPersonPayrollIDEmployee NumberEmployee numberString30202
idautoPersonHRIDIDGreg IDGuest (GREG) numberString1234
idautoPersonStaffStartDateEmployee Start DateCalculated startdate for employee & guestsString2024-08-01
idautoPersonStaffEndDateEmployee End DateCalculated enddate for employee & guestsString2025-01-01
idautoPersonManagedOrgsManager's ORGORG where a user is a manager ofStringSAM-U-HHS
managerManager's UH-ID with DNManager's UH-ID with DN (Same as Ext12 but with entire DN)StringidautoID=15d2de0b-b103-47d8-bddb-f595f8238fb0,ou=Accounts,dc=meta
idautoPersonDeptDescrMain position ID and FTE %Main position ID and FTE % (Stillingsprosent)String999999|100
idautoPersonJobCodeMain Position TupleMain Position TupleString1009|999999|2310 112|HV-U-NVH-R
idautoPersonJobCodesStillingskategoriStillingskategoriStringUndervisnings- og forsknings personale
idautoPersonJobTitleJob TitleJob Title (Position title tuple “position title | preferred title-n | preferred title-e”. )StringDefault: "Universitetslektor". Alternative: "Universitetslektor | Universitetslektor i matematikk | University lecturer in Mathematics"
idautoPersonOfficePhoneOffice PhoneOffice Phone NumberString##########
idautoPersonPhoneExtensionWorkmobileWork mobile numberString##########
idautoPersonStateIDPassport NumberPassport NumberString1112233NO
idautoPersonClaimCodeClaim CodeClaim Code with date it was assigned and usedString11f08c1d-c265-45d7-89d2-7a371f5629c5|20210413|20210414
idautoPersonClaimFlagAccount ClaimedIndicates whether or not the account has been claimedBooleanTRUE
idautoPersonHomeEmailPersonal EmailPersonal Email AddressEmail Single-Valuedmicky@example.no
mobilePersonal MobilePersonal Mobile numberString+4712345678
idautoPersonBirthDateBirthdateUser's Date of BirthString30.01.1980
idautoPersonWorkStreetAddressWork Address TupleWork address tuple (work address|office address|campus|building|office number)StringDefault: Pilestredet 46,0167 Oslo. Alternative: Pilestredet 46,0167 Oslo|Stensberggata 29,0170 Oslo|Pilestredet|P-111|P-111-123
lCityUser’s Home CityStringOslo
postalCodePostal CodeUser’s Home Postal codeString0001
idautoPersonGenderGenderGender (f / m)Stringf
idautoPersonBadgeIDsAccess Card NumberAccess Card NumberString[1234123412]

idautoPersonAffiliation(s)

idautoPersonAffiliation er primær affiliasjon for en bruker og regnes ut i DBToIdentityStore. Den baserer seg på verdiene som blir satt i idautoPersonAffiliations og velger primær affilering basert på globalverdi metaAffiliationPriority.

Active Directory

Felles IAM provisjonerer brukere og grupper til Active Directory (AD). For hver institusjon kartlegges et 'mapping ark' som beskriver hvilke attributter som skal provisjoneres til AD.

Feide LDAP

Felles IAM provisjonerer brukerobjekt til LDAP (Feide). Flere institusjoner har tatt i bruk tjenesten Feidehotell ved overgang til Felles IAM. Ved bruk av Feidehotell provisjonerer vi attributter som er påkrevd og anbefalt fra Feide.

For institusjoner som benytter egen LDAP gjør vi en kartlegging av hvilke attributter som skal provisjoneres til LDAP, utover de som er påkrevd og anbefalt fra Feide.