Model (attributes) - Authentication and Authorization Service

<!doctype html> <html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link rel="icon" href="../../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.5.3"> <title>Model (attributes) - Authentication and Authorization Service</title> <link rel="stylesheet" href="../../assets/stylesheets/main.7a952b86.min.css"> <link rel="stylesheet" href="../../assets/stylesheets/palette.cbb835fc.min.css"> <link rel="stylesheet" href="../../stylesheets/fonts.css"> <link rel="stylesheet" href="../../stylesheets/kuri-kuri.css"> <script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script> </head> <body dir="ltr" data-md-color-scheme="" data-md-color-primary="none" data-md-color-accent="none"> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#authorization-service-data-model-available-attributes" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div> <header class="md-header" data-md-component="header"> <nav class="md-header__inner md-grid" aria-label="Header"> <a href="../.." title="Authentication and Authorization Service" class="md-header__button md-logo" aria-label="Authentication and Authorization Service" data-md-component="logo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> <label class="md-header__button md-icon" for="__drawer"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class="md-header__title" data-md-component="header-title"> <div class="md-header__ellipsis"> <div class="md-header__topic"> <span class="md-ellipsis"> Authentication and Authorization Service </span> </div> <div class="md-header__topic" data-md-component="header-topic"> <span class="md-ellipsis"> Model (attributes) </span> </div> </div> </div> <label class="md-header__button md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> </label> <div class="md-search" data-md-component="search" role="dialog"> <label class="md-search__overlay" for="__search"></label> <div class="md-search__inner" role="search"> <form class="md-search__form" name="search"> <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required> <label class="md-search__icon md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> </label> <nav class="md-search__options" aria-label="Search"> <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg> </button> </nav> </form> <div class="md-search__output"> <div class="md-search__scrollwrap" data-md-scrollfix> <div class="md-search-result" data-md-component="search-result"> <div class="md-search-result__meta"> Initializing search </div> <ol class="md-search-result__list"></ol> </div> </div> </div> </div> </div> <div class="md-header__source"> <a href="https://gitlab.cern.ch/authzsvc/docs/authzsvc-docs" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class="md-source__repository"> authzsvc-docs </div> </a> </div> </nav> </header> <div class="md-container" data-md-component="container"> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href="../.." title="Authentication and Authorization Service" class="md-nav__button md-logo" aria-label="Authentication and Authorization Service" data-md-component="logo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> Authentication and Authorization Service </label> <div class="md-nav__source"> <a href="https://gitlab.cern.ch/authzsvc/docs/authzsvc-docs" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class="md-source__repository"> authzsvc-docs </div> </a> </div> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../.." class="md-nav__link"> CERN Authentication and Authorization Services </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_2" type="checkbox" id="__nav_2" > <label class="md-nav__link" for="__nav_2"> User authentication <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="User authentication" data-md-level="1"> <label class="md-nav__title" for="__nav_2"> <span class="md-nav__icon md-icon"></span> User authentication </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../user-documentation/authentication-options/" class="md-nav__link"> Authentication options </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/two-factor-authentication/" class="md-nav__link"> Two factor authentication </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/kerberos-authentication/" class="md-nav__link"> Kerberos </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/time-limits/" class="md-nav__link"> Time limits </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/autologon/" class="md-nav__link"> Autologon </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/account-lifecycle/" class="md-nav__link"> Account Lifecycle </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/unconfirmed-identities/" class="md-nav__link"> Unconfirmed identities </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" > <label class="md-nav__link" for="__nav_3"> Securing applications <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Securing applications" data-md-level="1"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> Securing applications </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../applications/application-configuration/" class="md-nav__link"> Configuring your application </a> </li> <li class="md-nav__item"> <a href="../../applications/adding-application/" class="md-nav__link"> Adding your application to the service </a> </li> <li class="md-nav__item"> <a href="../../applications/permission-scheme/" class="md-nav__link"> Defining the permissions scheme </a> </li> <li class="md-nav__item"> <a href="../../applications/role-based-permissions/" class="md-nav__link"> Role based permissions (recommended) </a> </li> <li class="md-nav__item"> <a href="../../applications/group-based-permissions/" class="md-nav__link"> Group based permissions </a> </li> <li class="md-nav__item"> <a href="../../applications/sso-registration/" class="md-nav__link"> Registering your application to SSO </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_7" type="checkbox" id="__nav_3_7" > <label class="md-nav__link" for="__nav_3_7"> SAML <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="SAML" data-md-level="2"> <label class="md-nav__title" for="__nav_3_7"> <span class="md-nav__icon md-icon"></span> SAML </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../user-documentation/saml/saml/" class="md-nav__link"> About </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/saml/config/" class="md-nav__link"> Configuration </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/saml/shibboleth-integration/" class="md-nav__link"> Shibboleth integration </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/saml/shibboleth-migration/" class="md-nav__link"> Shibboleth migration from the old SSO </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_8" type="checkbox" id="__nav_3_8" > <label class="md-nav__link" for="__nav_3_8"> OIDC <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="OIDC" data-md-level="2"> <label class="md-nav__title" for="__nav_3_8"> <span class="md-nav__icon md-icon"></span> OIDC </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../user-documentation/oidc/oidc/" class="md-nav__link"> About </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/token-requests/" class="md-nav__link"> Token Requests </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/scopes/" class="md-nav__link"> Scopes </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/config/" class="md-nav__link"> OIDC configuration and usage </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/apache/" class="md-nav__link"> Apache configuration </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/securing-apis/" class="md-nav__link"> Securing APIs </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/api-access/" class="md-nav__link"> API Access </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/exchange-for-api/" class="md-nav__link"> Token Exchange </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/device-code/" class="md-nav__link"> Device Code </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/oidc/libraries/" class="md-nav__link"> Suggested libraries </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../applications/examples/" class="md-nav__link"> Examples </a> </li> <li class="md-nav__item"> <a href="../../applications/qa-environment/" class="md-nav__link"> QA Environment </a> </li> <li class="md-nav__item"> <a href="../../applications/command-line-tools/" class="md-nav__link"> Command line tools </a> </li> <li class="md-nav__item"> <a href="../../user-documentation/faqs/" class="md-nav__link"> FAQs </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" type="checkbox" id="__nav_4" > <label class="md-nav__link" for="__nav_4"> Group Management System <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Group Management System" data-md-level="1"> <label class="md-nav__title" for="__nav_4"> <span class="md-nav__icon md-icon"></span> Group Management System </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../roadmap/group-missing-features/" class="md-nav__link"> Missing features </a> </li> <li class="md-nav__item"> <a href="../../groups/special-groups/" class="md-nav__link"> Special groups </a> </li> <li class="md-nav__item"> <a href="../../groups/dynamic-guidance/" class="md-nav__link"> Dynamic groups </a> </li> <li class="md-nav__item"> <a href="../../groups/csv/" class="md-nav__link"> CSV </a> </li> <li class="md-nav__item"> <a href="../../groups/e-groups-to-gms-sync-scenario/" class="md-nav__link"> E-Groups to GMS transition </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_5" type="checkbox" id="__nav_5" > <label class="md-nav__link" for="__nav_5"> Resources lifecycle and eligibility <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Resources lifecycle and eligibility" data-md-level="1"> <label class="md-nav__title" for="__nav_5"> <span class="md-nav__icon md-icon"></span> Resources lifecycle and eligibility </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../resources/resources/" class="md-nav__link"> Introduction </a> </li> <li class="md-nav__item"> <a href="../../resources/resource-lifecycle-integration/" class="md-nav__link"> Integration </a> </li> <li class="md-nav__item"> <a href="../../resources/resource-states/" class="md-nav__link"> Resource States </a> </li> <li class="md-nav__item"> <a href="../../resources/push-rest-api/" class="md-nav__link"> Resources REST API (push) </a> </li> <li class="md-nav__item"> <a href="../../resources/policies/" class="md-nav__link"> Custom Resource Policies </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" type="checkbox" id="__nav_6" > <label class="md-nav__link" for="__nav_6"> Documents <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Documents" data-md-level="1"> <label class="md-nav__title" for="__nav_6"> <span class="md-nav__icon md-icon"></span> Documents </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../documents/why-keycloak/" class="md-nav__link"> Why Keycloak </a> </li> <li class="md-nav__item"> <a href="../../documents/presentations/" class="md-nav__link"> Presentations </a> </li> <li class="md-nav__item"> <a href="../../documents/our-contributions/" class="md-nav__link"> Our contributions to Keycloak </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7" type="checkbox" id="__nav_7" checked> <label class="md-nav__link" for="__nav_7"> Services <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Services" data-md-level="1"> <label class="md-nav__title" for="__nav_7"> <span class="md-nav__icon md-icon"></span> Services </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../services/" class="md-nav__link"> Overview </a> </li> <li class="md-nav__item"> <a href="../../services/instances/" class="md-nav__link"> Links to instances </a> </li> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_7_3" type="checkbox" id="__nav_7_3" checked> <label class="md-nav__link" for="__nav_7_3"> Authorization Service API <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Authorization Service API" data-md-level="2"> <label class="md-nav__title" for="__nav_7_3"> <span class="md-nav__icon md-icon"></span> Authorization Service API </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../overview/" class="md-nav__link"> Overview </a> </li> <li class="md-nav__item"> <a href="../managed-applications/" class="md-nav__link"> Managing applications for other users </a> </li> <li class="md-nav__item"> <a href="../roles/" class="md-nav__link"> Role definitions </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc"> <label class="md-nav__link md-nav__link--active" for="__toc"> Model (attributes) <span class="md-nav__icon md-icon"></span> </label> <a href="./" class="md-nav__link md-nav__link--active"> Model (attributes) </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#account" class="md-nav__link"> Account </a> </li> <li class="md-nav__item"> <a href="#application-client" class="md-nav__link"> Application (client) </a> </li> <li class="md-nav__item"> <a href="#group" class="md-nav__link"> Group </a> </li> <li class="md-nav__item"> <a href="#identity" class="md-nav__link"> Identity </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../examples/" class="md-nav__link"> Examples </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_8" type="checkbox" id="__nav_8" > <label class="md-nav__link" for="__nav_8"> Help <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Help" data-md-level="1"> <label class="md-nav__title" for="__nav_8"> <span class="md-nav__icon md-icon"></span> Help </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../trouble-shooting/edugain-authentication/" class="md-nav__link"> eduGAIN Authentication </a> </li> <li class="md-nav__item"> <a href="../../trouble-shooting/2fa-tips/" class="md-nav__link"> 2FA Tips </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../privacy-notice/" class="md-nav__link"> Privacy notice </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_10" type="checkbox" id="__nav_10" > <label class="md-nav__link" for="__nav_10"> Migration notes <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Migration notes" data-md-level="1"> <label class="md-nav__title" for="__nav_10"> <span class="md-nav__icon md-icon"></span> Migration notes </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../migrations/keycloak24/" class="md-nav__link"> Keycloak 24 </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../contact/" class="md-nav__link"> Contact </a> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#account" class="md-nav__link"> Account </a> </li> <li class="md-nav__item"> <a href="#application-client" class="md-nav__link"> Application (client) </a> </li> <li class="md-nav__item"> <a href="#group" class="md-nav__link"> Group </a> </li> <li class="md-nav__item"> <a href="#identity" class="md-nav__link"> Identity </a> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset"> <a href="https://gitlab.cern.ch/authzsvc/docs/authzsvc-docs/-/blob/master/docs/authzsvc/model.md" title="Edit this page" class="md-content__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25Z"/></svg> </a> <h1 id="authorization-service-data-model-available-attributes">Authorization Service data model (available attributes)</h1> <p>Please note that in the following tables, rows with <code>Has to be requested</code> = <code>yes</code> imply that the field should be explicitly requested in the API call e.g. <code>GET https://authorization-service-api.web.cern.ch/api/v1.0/Account?filter=uniqueIdentifier%3Amcurie&field=personId</code></p> <h2 id="account">Account</h2> <p>An account is a set of credentials that can be used to authenticate. Multiple accounts from different authentication providers (CERN, eduGain, social providers etc) can be associated to an identity.</p> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> <th>Read Only</th> <th>Has to be requested</th> </tr> </thead> <tbody> <tr> <td>personId</td> <td>String</td> <td>Person Id for a CERN identity (the old CCID).</td> <td>True</td> <td>yes</td> </tr> <tr> <td>assignedScopes</td> <td>Reference</td> <td>List of systems to which the account is exported (freeIPA, AD).</td> <td>True</td> <td>yes</td> </tr> <tr> <td>displayName</td> <td>String</td> <td>Account display name.</td> <td>True</td> <td>no</td> </tr> <tr> <td>uniqueIdentifier</td> <td>String</td> <td>The unique and immutable provider login name.</td> <td>False</td> <td>no</td> </tr> <tr> <td>accountProviderId</td> <td>Reference</td> <td>Account provider (e.g. cern, google).</td> <td>False</td> <td>no</td> </tr> <tr> <td>emailAddress</td> <td>String</td> <td>Account's email address.</td> <td>False</td> <td>no</td> </tr> <tr> <td>resourceCategory</td> <td>String</td> <td>Resource category which determines the lifecycle of the resource. Values: Undefined, Official, Personal, Test</td> <td>True</td> <td>no</td> </tr> <tr> <td>reassignable</td> <td>Boolean</td> <td>True if the owner of the resource can assign it to a new owner. The new owner has to approve.</td> <td>True</td> <td>no</td> </tr> <tr> <td>autoReassign</td> <td>Boolean</td> <td>True is the resource will be reassigned automatically to the owner's supervisor once the owner will leave CERN.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blocked</td> <td>Boolean</td> <td>True if the resource is blocked.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingReason</td> <td>String</td> <td>Reason for blocking the resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>ownerId</td> <td>Reference</td> <td>Id of the identity that is the owner of this resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>id</td> <td>String</td> <td>Object id in the DB</td> <td>False</td> <td>no</td> </tr> <tr> <td>resetPasswordRequired*</td> <td>Boolean</td> <td>True if the password must be changed on next logon.</td> <td>True</td> <td>no</td> </tr> <tr> <td>securityIssues*</td> <td>Boolean</td> <td>True if the resource is blocked for security reasons and thus can be managed only by the security team or the service admisn.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingTime*</td> <td>DateTime</td> <td>Date and time when the resource was blocked</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be blocked automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>expirationDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be deleted automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>creationTime*</td> <td>DateTime</td> <td>Date and time when the object was created in the DB.</td> <td>False</td> <td>no</td> </tr> <tr> <td>modificationTime*</td> <td>DateTime</td> <td>Date and time of when the object was last modified in the Db.</td> <td>False</td> <td>no</td> </tr> <tr> <td>builtin*</td> <td>Boolean</td> <td>If true, the object is a builtin object, and cannot be modified.</td> <td>False</td> <td>no</td> </tr> <tr> <td><strong><em>*Property used for internal system purpose. Might change in the future without warning.</em></strong></td> <td></td> <td></td> <td></td> <td></td> </tr> </tbody> </table> <h2 id="application-client">Application (client)</h2> <p>"Client" is an application that can registered to the SSO.</p> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> <th>Read Only</th> <th>Has to be requested</th> </tr> </thead> <tbody> <tr> <td>applicationIdentifier</td> <td>String</td> <td>A unique and immutable identifier for the application, used as the client ID to register the application to the SSO. The identifier must start with a lowercase letter, can contain only lowercase letters, numbers, dashes and underscores, and must be between 3 and 128 characters long.</td> <td>False</td> <td>no</td> </tr> <tr> <td>displayName</td> <td>String</td> <td>Application display name (unique).</td> <td>True</td> <td>no</td> </tr> <tr> <td>identityId</td> <td>Reference</td> <td>Id of the identity that represents the application.</td> <td>False</td> <td>no</td> </tr> <tr> <td>description</td> <td>String</td> <td>Application description.</td> <td>True</td> <td>no</td> </tr> <tr> <td>administratorsId</td> <td>Reference</td> <td>Id of the group of administrators of the application.</td> <td>True</td> <td>no</td> </tr> <tr> <td>managerId</td> <td>Reference</td> <td>Id of a service identity that is managing the application. Used by services that register applications on behalf of the owner (e.g., web frameworks</td> <td>True</td> <td>no</td> </tr> <tr> <td>administratorsAccess</td> <td>String</td> <td>Administrators access level. Values: Undefined, Full, Limited</td> <td>True</td> <td>no</td> </tr> <tr> <td>homePage</td> <td>String</td> <td>Home page of the application.</td> <td>True</td> <td>no</td> </tr> <tr> <td>resourceCategory</td> <td>String</td> <td>Resource category which determines the lifecycle of the resource. Values: Undefined, Official, Personal, Test</td> <td>True</td> <td>no</td> </tr> <tr> <td>reassignable</td> <td>Boolean</td> <td>True if the owner of the resource can assign it to a new owner. The new owner has to approve.</td> <td>True</td> <td>no</td> </tr> <tr> <td>autoReassign</td> <td>Boolean</td> <td>True is the resource will be reassigned automatically to the owner's supervisor once the owner will leave CERN.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blocked</td> <td>Boolean</td> <td>True if the resource is blocked.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingReason</td> <td>String</td> <td>Reason for blocking the resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>ownerId</td> <td>Reference</td> <td>Id of the identity that is the owner of this resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>id</td> <td>String</td> <td>Object id in the DB</td> <td>False</td> <td>no</td> </tr> <tr> <td>securityIssues*</td> <td>Boolean</td> <td>True if the resource is blocked for security reasons and thus can be managed only by the security team or the service admisn.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingTime*</td> <td>DateTime</td> <td>Date and time when the resource was blocked</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be blocked automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>expirationDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be deleted automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>creationTime*</td> <td>DateTime</td> <td>Date and time when the object was created in the DB.</td> <td>False</td> <td>no</td> </tr> <tr> <td>modificationTime*</td> <td>DateTime</td> <td>Date and time of when the object was last modified in the Db.</td> <td>False</td> <td>no</td> </tr> <tr> <td>builtin*</td> <td>Boolean</td> <td>If true, the object is a builtin object, and cannot be modified.</td> <td>False</td> <td>no</td> </tr> <tr> <td><strong><em>*Property used for internal system purpose. Might change in the future without warning.</em></strong></td> <td></td> <td></td> <td></td> <td></td> </tr> </tbody> </table> <h2 id="group">Group</h2> <p>A set of groups and identities. Used for authorization, mailing and grouping.</p> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> <th>Read Only</th> <th>Has to be requested</th> </tr> </thead> <tbody> <tr> <td>memberGroupIds</td> <td>Reference</td> <td>Ids of groups that are direct members of the group.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>memberGroupIdsRecursive</td> <td>Reference</td> <td>Ids of groups that are direct or indirect members of the group, i.e. including members of children groups recursively.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>memberOfIdsRecursive</td> <td>Reference</td> <td>Ids of groups that this group is member of directly or indirectly.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>assignedScopes</td> <td>Reference</td> <td>Ids of systems or services to which the group is exported.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>memberIdentityIds</td> <td>Reference</td> <td>Ids of identities that are direct members of the group.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>memberIdentityIdsRecursive</td> <td>Reference</td> <td>Ids of identities that are direct or indirect members of the group, i.e. including members of children groups recursively.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>owner</td> <td>Reference</td> <td></td> <td>True</td> <td>yes</td> </tr> <tr> <td>groupIdentifier</td> <td>String</td> <td>A unique and immutable alphanumeric identifier for the group. The identifier: must start with a lowercase letter; can contain only lowercase letters, numbers, dashes and underscores; must contain at least one dash character and must be between 3 and 32 characters long.</td> <td>False</td> <td>no</td> </tr> <tr> <td>displayName</td> <td>String</td> <td>The group display name.</td> <td>True</td> <td>no</td> </tr> <tr> <td>description</td> <td>String</td> <td>Group description.</td> <td>True</td> <td>no</td> </tr> <tr> <td>public</td> <td>Boolean</td> <td>If true, the group is a public group that can be used by all applications.</td> <td>True</td> <td>no</td> </tr> <tr> <td>administratorsId</td> <td>Reference</td> <td>Id of the group of administrators for the group.</td> <td>True</td> <td>no</td> </tr> <tr> <td>approvalRequired</td> <td>Boolean</td> <td>Whether or not an approval is required for this group, when performing self-subscription.</td> <td>True</td> <td>no</td> </tr> <tr> <td>selfSubscriptionType</td> <td>String</td> <td>Self-Subscription access level. Values: Closed, Open, CernUsers</td> <td>True</td> <td>no</td> </tr> <tr> <td>privacyType</td> <td>String</td> <td>Group privacy level. Values: Open, Members, Admins</td> <td>True</td> <td>no</td> </tr> <tr> <td>dynamic</td> <td>Boolean</td> <td>Whether or not the group is dynamic (some criteria are defined for it).</td> <td>True</td> <td>no</td> </tr> <tr> <td>criteria</td> <td>String</td> <td>Dynamic group criteria.</td> <td>True</td> <td>no</td> </tr> <tr> <td>gid</td> <td>Number</td> <td>Unix id of the group.</td> <td>True</td> <td>no</td> </tr> <tr> <td>removeNonActiveMembers</td> <td>Boolean</td> <td>If set to true, members without an active CERN affiliation will be periodically removed from the group.</td> <td>True</td> <td>no</td> </tr> <tr> <td>resourceCategory</td> <td>String</td> <td>Resource category which determines the lifecycle of the resource. Values: Undefined, Official, Personal, Test</td> <td>True</td> <td>no</td> </tr> <tr> <td>reassignable</td> <td>Boolean</td> <td>True if the owner of the resource can assign it to a new owner. The new owner has to approve.</td> <td>True</td> <td>no</td> </tr> <tr> <td>autoReassign</td> <td>Boolean</td> <td>True is the resource will be reassigned automatically to the owner's supervisor once the owner will leave CERN.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blocked</td> <td>Boolean</td> <td>True if the resource is blocked.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingReason</td> <td>String</td> <td>Reason for blocking the resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>ownerId</td> <td>Reference</td> <td>Id of the identity that is the owner of this resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>id</td> <td>String</td> <td>Object id in the DB</td> <td>False</td> <td>no</td> </tr> <tr> <td>source*</td> <td>String</td> <td>The source of information for the group.</td> <td>True</td> <td>no</td> </tr> <tr> <td>syncType*</td> <td>String</td> <td>Group synchronization options. Values: Replica, Primary, SyncError, NoSync</td> <td>True</td> <td>no</td> </tr> <tr> <td>isComputingGroup*</td> <td>Boolean</td> <td>True if the group is a computing group (triggers gid assignment).</td> <td>True</td> <td>no</td> </tr> <tr> <td>securityIssues*</td> <td>Boolean</td> <td>True if the resource is blocked for security reasons and thus can be managed only by the security team or the service admisn.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingTime*</td> <td>DateTime</td> <td>Date and time when the resource was blocked</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be blocked automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>expirationDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be deleted automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>creationTime*</td> <td>DateTime</td> <td>Date and time when the object was created in the DB.</td> <td>False</td> <td>no</td> </tr> <tr> <td>modificationTime*</td> <td>DateTime</td> <td>Date and time of when the object was last modified in the Db.</td> <td>False</td> <td>no</td> </tr> <tr> <td>builtin*</td> <td>Boolean</td> <td>If true, the object is a builtin object, and cannot be modified.</td> <td>False</td> <td>no</td> </tr> <tr> <td><strong><em>*Property used for internal system purpose. Might change in the future without warning.</em></strong></td> <td></td> <td></td> <td></td> <td></td> </tr> </tbody> </table> <h2 id="identity">Identity</h2> <p>An identity, which can represent a person, a service or an application.</p> <table> <thead> <tr> <th>Name</th> <th>Type</th> <th>Description</th> <th>Read Only</th> <th>Has to be requested</th> </tr> </thead> <tbody> <tr> <td>owner</td> <td>Reference</td> <td>Identity of the owner.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>supervisor</td> <td>Reference</td> <td>Identity of the supervisor.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>externalEmail</td> <td>String</td> <td>External (non-CERN) mail address, that can be used as a contact. Polulated for primary CERN identities only.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>primaryAccountEmail</td> <td>String</td> <td>Email of the primary account of the identity.</td> <td>True</td> <td>yes</td> </tr> <tr> <td>type</td> <td>String</td> <td>The type of the identity, which can represent either a person or an application. Values: Undefined, Person, Application, Service, Secondary</td> <td>True</td> <td>no</td> </tr> <tr> <td>upn</td> <td>String</td> <td>Unique identifier for the identity. For CERN identities this is equal to the login of the associated CERN account.</td> <td>True</td> <td>no</td> </tr> <tr> <td>displayName</td> <td>String</td> <td>First name and last name.</td> <td>True</td> <td>no</td> </tr> <tr> <td>personId</td> <td>String</td> <td>Person Id for a CERN identity (the old CCID).</td> <td>True</td> <td>no</td> </tr> <tr> <td>supervisorId</td> <td>Reference</td> <td>Id of the supervisor's identity. Populated for primary CERN identities only.</td> <td>True</td> <td>no</td> </tr> <tr> <td>primaryAccountId</td> <td>Reference</td> <td>Id of the primary account linked to this identity.</td> <td>True</td> <td>no</td> </tr> <tr> <td>uid</td> <td>Number</td> <td>The Unix user id of the identity.</td> <td>True</td> <td>no</td> </tr> <tr> <td>gid</td> <td>Number</td> <td>The Unix group id for this identity.</td> <td>True</td> <td>no</td> </tr> <tr> <td>resourceCategory</td> <td>String</td> <td>Resource category which determines the lifecycle of the resource. Values: Undefined, Official, Personal, Test</td> <td>True</td> <td>no</td> </tr> <tr> <td>reassignable</td> <td>Boolean</td> <td>True if the owner of the resource can assign it to a new owner. The new owner has to approve.</td> <td>True</td> <td>no</td> </tr> <tr> <td>autoReassign</td> <td>Boolean</td> <td>True is the resource will be reassigned automatically to the owner's supervisor once the owner will leave CERN.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blocked</td> <td>Boolean</td> <td>True if the resource is blocked.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingReason</td> <td>String</td> <td>Reason for blocking the resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>ownerId</td> <td>Reference</td> <td>Id of the identity that is the owner of this resource.</td> <td>True</td> <td>no</td> </tr> <tr> <td>id</td> <td>String</td> <td>Object id in the DB</td> <td>False</td> <td>no</td> </tr> <tr> <td>room</td> <td>DateTime</td> <td>Office room</td> <td>yes</td> <td>no</td> </tr> <tr> <td>floor</td> <td>DateTime</td> <td>Office floor</td> <td>yes</td> <td>no</td> </tr> <tr> <td>orcid</td> <td>DateTime</td> <td>The Open Researcher and Contributor ID of the person</td> <td>yes</td> <td>no</td> </tr> <tr> <td>cernId</td> <td>DateTime</td> <td>CERN ID (sensitive information)</td> <td>yes</td> <td>no</td> </tr> <tr> <td>hrEmail</td> <td>DateTime</td> <td>Mail provided by HR with no uniqueness constraints, validation or verification</td> <td>yes</td> <td>no</td> </tr> <tr> <td>building</td> <td>DateTime</td> <td>Office building</td> <td>yes</td> <td>no</td> </tr> <tr> <td>endClass</td> <td>string</td> <td>End date of the current affiliation</td> <td>yes</td> <td>no</td> </tr> <tr> <td>lastName</td> <td>DateTime</td> <td>Last Name</td> <td>yes</td> <td>no</td> </tr> <tr> <td>birthDate</td> <td>string</td> <td>Date of birth</td> <td>yes</td> <td>no</td> </tr> <tr> <td>cernClass</td> <td>DateTime</td> <td>Persons's affiliation with CERN (STAF, FELL, USER, EXTN etc.)</td> <td>yes</td> <td>no</td> </tr> <tr> <td>cernGroup</td> <td>DateTime</td> <td>The CERN group of the person</td> <td>yes</td> <td>no</td> </tr> <tr> <td>firstName</td> <td>DateTime</td> <td>First Name</td> <td>yes</td> <td>no</td> </tr> <tr> <td>activeUser</td> <td>DateTime</td> <td>Flag indicating if the person has an active affiliation with CERN</td> <td>yes</td> <td>no</td> </tr> <tr> <td>startClass</td> <td>string</td> <td>Start date of the current affiliation</td> <td>yes</td> <td>no</td> </tr> <tr> <td>telephone1</td> <td>DateTime</td> <td>1st CERN telephone number</td> <td>yes</td> <td>no</td> </tr> <tr> <td>telephone2</td> <td>DateTime</td> <td>2nd CERN telephone number</td> <td>yes</td> <td>no</td> </tr> <tr> <td>cernSection</td> <td>DateTime</td> <td>The CERN section of the person</td> <td>yes</td> <td>no</td> </tr> <tr> <td>description</td> <td>DateTime</td> <td>The description of this account, in case of service or secondary identities.</td> <td>yes</td> <td>no</td> </tr> <tr> <td>isPersonnel</td> <td>DateTime</td> <td>Flag indicating if the person is a member of the personnel</td> <td>yes</td> <td>no</td> </tr> <tr> <td>cernPersonId</td> <td>DateTime</td> <td>Person ID (primary key in Foundation, public)</td> <td>yes</td> <td>no</td> </tr> <tr> <td>nextEndClass</td> <td>string</td> <td>End date of the next affiliation</td> <td>yes</td> <td>no</td> </tr> <tr> <td>instituteName</td> <td>DateTime</td> <td>Name of the institute the person is affiliated with</td> <td>yes</td> <td>no</td> </tr> <tr> <td>nextCernClass</td> <td>DateTime</td> <td>Persons's next affiliation with CERN</td> <td>yes</td> <td>no</td> </tr> <tr> <td>portablePhone</td> <td>DateTime</td> <td>CERN portable phone number</td> <td>yes</td> <td>no</td> </tr> <tr> <td>cernDepartment</td> <td>DateTime</td> <td>The CERN department of the person</td> <td>yes</td> <td>no</td> </tr> <tr> <td>externalReason</td> <td>DateTime</td> <td>If the CERN_CLASS is EXTN, this is the type of external user</td> <td>yes</td> <td>no</td> </tr> <tr> <td>expectedEndDate</td> <td>string</td> <td>Expected end date of current or next affiliation, used to send contract end alerts</td> <td>yes</td> <td>no</td> </tr> <tr> <td>edhAuthPwdExpiry</td> <td>string</td> <td>Date at which the person's EDH authorization password will expire</td> <td>yes</td> <td>no</td> </tr> <tr> <td>eduPersonUniqueID</td> <td>DateTime</td> <td>Unique and non-reassignable identifier for a person</td> <td>yes</td> <td>no</td> </tr> <tr> <td>lastActivationDate</td> <td>string</td> <td>Most recent date when the identity was activated.</td> <td>yes</td> <td>no</td> </tr> <tr> <td>firstActivationDate</td> <td>string</td> <td>Date when the identity was first activated.</td> <td>yes</td> <td>no</td> </tr> <tr> <td>instituteAbbreviation</td> <td>DateTime</td> <td>Abbreviated name of the institute the person is affiliated with</td> <td>yes</td> <td>no</td> </tr> <tr> <td>preferredCernLanguage</td> <td>DateTime</td> <td>The preferred official CERN language of the person</td> <td>yes</td> <td>no</td> </tr> <tr> <td>computingRulesAccepted</td> <td>string</td> <td>Most recent date when the computing rules were accepted or the security course was taken.</td> <td>yes</td> <td>no</td> </tr> <tr> <td>computingRulesValidUntil</td> <td>string</td> <td>Validity limit of the computing rules and security course.</td> <td>yes</td> <td>no</td> </tr> <tr> <td>computingRulesAcceptedFlag</td> <td>DateTime</td> <td>Flag indicating if the user signed the computing rules and took the security course for the first time.</td> <td>yes</td> <td>no</td> </tr> <tr> <td>source*</td> <td>String</td> <td>Source of info for the identity (‘cern’ for the CERN identities).</td> <td>True</td> <td>no</td> </tr> <tr> <td>unconfirmed*</td> <td>Boolean</td> <td>Whether the identity is unconfirmed or not. Unconfirmed identities are created in order to be added as members to groups prior to that person's first login.</td> <td>True</td> <td>no</td> </tr> <tr> <td>unconfirmedEmail*</td> <td>String</td> <td>When an unconfirmed identity is created, this email field is populated in order to link the future account of the person to this specific identity.</td> <td>True</td> <td>no</td> </tr> <tr> <td>properties*</td> <td>String</td> <td></td> <td>True</td> <td>no</td> </tr> <tr> <td>securityIssues*</td> <td>Boolean</td> <td>True if the resource is blocked for security reasons and thus can be managed only by the security team or the service admisn.</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingTime*</td> <td>DateTime</td> <td>Date and time when the resource was blocked</td> <td>True</td> <td>no</td> </tr> <tr> <td>blockingDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be blocked automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>expirationDeadline*</td> <td>DateTime</td> <td>Date and time when the resource will be deleted automatically, according to its lifecycle.</td> <td>True</td> <td>no</td> </tr> <tr> <td>creationTime*</td> <td>DateTime</td> <td>Date and time when the object was created in the DB.</td> <td>False</td> <td>no</td> </tr> <tr> <td>modificationTime*</td> <td>DateTime</td> <td>Date and time of when the object was last modified in the Db.</td> <td>False</td> <td>no</td> </tr> <tr> <td>builtin*</td> <td>Boolean</td> <td>If true, the object is a builtin object, and cannot be modified.</td> <td>False</td> <td>no</td> </tr> <tr> <td><strong><em>*Property used for internal system purpose. Might change in the future without warning.</em></strong></td> <td></td> <td></td> <td></td> <td></td> </tr> </tbody> </table> </article> </div> </div> </main> <footer class="md-footer"> <nav class="md-footer__inner md-grid" aria-label="Footer" > <a href="../roles/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Role definitions" rel="prev"> <div class="md-footer__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> </div> <div class="md-footer__title"> <div class="md-ellipsis"> <span class="md-footer__direction"> Previous </span> Role definitions </div> </div> </a> <a href="../examples/" class="md-footer__link md-footer__link--next" aria-label="Next: Examples" rel="next"> <div class="md-footer__title"> <div class="md-ellipsis"> <span class="md-footer__direction"> Next </span> Examples </div> </div> <div class="md-footer__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4Z"/></svg> </div> </a> </nav> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-copyright"> Made with <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> Material for MkDocs </a> </div> </div> </div> </footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> <script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.5bf1dace.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script> <script src="../../assets/javascripts/bundle.37e9125f.min.js"></script> </body> </html>

CINXE.COM

Model (attributes) - Authentication and Authorization Service