framework/security/entitydef/entitymodel.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is subject to the terms and conditions defined in the
files 'LICENSE' and 'NOTICE', which are part of this source
code package.
-->
<entitymodel xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/entitymodel.xsd">
<!-- ========================================================= -->
<!-- ======================== Defaults ======================= -->
<!-- ========================================================= -->
<title>Entity of an Apache OFBiz Component</title>
<description>None</description>
<version>1.0</version>
<!-- ========================================================= -->
<!-- ======================== Data Model ===================== -->
<!-- The modules in this file are as follows: -->
<!-- - org.ofbiz.security.cert -->
<!-- - org.ofbiz.security.login -->
<!-- - org.ofbiz.security.securitygroup -->
<!-- ========================================================= -->
<!-- ========================================================= -->
<!-- org.ofbiz.security.cert -->
<!-- ========================================================= -->
<entity entity-name="X509IssuerProvision"
package-name="org.ofbiz.security.cert"
never-cache="true"
title="Valid issuer data for authentication of x.509 certificates">
<field name="certProvisionId" type="id-ne"></field>
<field name="commonName" type="value"></field>
<field name="organizationalUnit" type="value"></field>
<field name="organizationName" type="value"></field>
<field name="cityLocality" type="value"></field>
<field name="stateProvince" type="value"></field>
<field name="country" type="value"></field>
<field name="serialNumber" type="value"></field>
<prim-key field="certProvisionId"/>
</entity>
<!-- ========================================================= -->
<!-- org.ofbiz.security.login -->
<!-- ========================================================= -->
<entity entity-name="UserLogin"
package-name="org.ofbiz.security.login"
title="User Login">
<field name="userLoginId" type="id-vlong-ne"></field>
<!-- SCIPIO: NOTE: 2018-09-27: UserLogin/UserLoginPasswordHistory currentPassword field was changed from short-varchar
to long-varchar type in Scipio master on 2018-09-27. Pre-existing databases will need to execute an upgrade
to obtain the longer hash column size support IF needed (existing DB columns are not automatically resized from this change).
See framework/security/config/security.properties#password.encrypt.hash.type for details. -->
<field name="currentPassword" type="long-varchar"></field>
<field name="passwordHint" type="description"></field>
<field name="isSystem" type="indicator"></field>
<field name="enabled" type="indicator"></field>
<field name="hasLoggedOut" type="indicator"></field>
<field name="requirePasswordChange" type="indicator"></field>
<field name="lastCurrencyUom" type="id"></field>
<field name="lastLocale" type="very-short"></field>
<field name="lastTimeZone" type="id-long"></field>
<field name="disabledDateTime" type="date-time"></field>
<field name="successiveFailedLogins" type="numeric"></field>
<field name="externalAuthId" type="id-vlong-ne">
<description>For use with external authentication; the userLdapDn should be replaced with this</description>
</field>
<field name="userLdapDn" type="id-vlong-ne">
<description>The user's LDAP Distinguished Name - used for LDAP authentication</description>
</field>
<field name="disabledBy" type="id-vlong"></field>
<prim-key field="userLoginId"/>
</entity>
<entity entity-name="UserLoginPasswordHistory"
package-name="org.ofbiz.security.login"
never-cache="true"
title="User Login Password History">
<field name="userLoginId" type="id-vlong-ne"></field>
<field name="fromDate" type="date-time"></field>
<field name="thruDate" type="date-time"></field>
<!-- SCIPIO: NOTE: 2018-09-27: UserLogin/UserLoginPasswordHistory currentPassword field was changed from short-varchar
to long-varchar type in Scipio master on 2018-09-27. Pre-existing databases will need to execute an upgrade
to obtain the longer hash column size support IF needed (existing DB columns are not automatically resized from this change).
See framework/security/config/security.properties#password.encrypt.hash.type for details. -->
<field name="currentPassword" type="long-varchar"></field>
<prim-key field="userLoginId"/>
<prim-key field="fromDate"/>
<relation type="one" fk-name="USER_LPH_USER" rel-entity-name="UserLogin">
<key-map field-name="userLoginId"/>
</relation>
</entity>
<entity entity-name="UserLoginHistory"
package-name="org.ofbiz.security.login"
never-cache="true"
title="User Login History">
<field name="userLoginId" type="id-vlong-ne"></field>
<field name="visitId" type="id"></field>
<field name="fromDate" type="date-time"></field>
<field name="thruDate" type="date-time"></field>
<field name="passwordUsed" type="long-varchar" encrypt="true"></field>
<field name="successfulLogin" type="indicator"></field>
<prim-key field="userLoginId"/>
<prim-key field="fromDate"/>
<relation type="one" fk-name="USER_LH_USER" rel-entity-name="UserLogin">
<key-map field-name="userLoginId"/>
</relation>
</entity>
<entity entity-name="UserLoginSession"
package-name="org.ofbiz.security.login"
never-cache="true"
title="User Login History">
<field name="userLoginId" type="id-vlong-ne"></field>
<field name="savedDate" type="date-time"></field>
<field name="sessionData" type="very-long"></field>
<prim-key field="userLoginId"/>
<relation type="one" fk-name="USER_SESSION_USER" rel-entity-name="UserLogin">
<key-map field-name="userLoginId"/>
</relation>
</entity>
<entity entity-name="UserLoginAppInfo"
package-name="org.ofbiz.security.login"
never-cache="true"
title="User Login Per-App Info"><!-- SCIPIO: 3.0.0: Added for auth token -->
<field name="userLoginId" type="id-vlong-ne"></field>
<field name="appId" type="id-vlong-ne"></field>
<field name="autoLoginAuthToken" type="very-long"></field>
<field name="autoLoginAuthDate" type="date-time"></field>
<prim-key field="userLoginId"/>
<prim-key field="appId"/>
<relation type="one" fk-name="USER_APP_INFO_USER" rel-entity-name="UserLogin">
<key-map field-name="userLoginId"/>
</relation>
</entity>
<!-- ========================================================= -->
<!-- org.ofbiz.security.securitygroup -->
<!-- ========================================================= -->
<entity entity-name="SecurityGroup"
package-name="org.ofbiz.security.securitygroup"
default-resource-name="SecurityEntityLabels"
title="Security Component - Security Group">
<field name="groupId" type="id-ne"></field>
<field name="groupName" type="value"></field>
<field name="description" type="description"></field>
<prim-key field="groupId"/>
</entity>
<entity entity-name="SecurityGroupPermission"
package-name="org.ofbiz.security.securitygroup"
title="Security Component - Security Group Permission">
<description>Defines a permission available to a security group; there is no FK to SecurityPermission because we want to leave open the possibility of ad-hoc permissions, especially for the Entity Data Maintenance pages which have TONS of permissions</description>
<field name="groupId" type="id-ne"></field>
<field name="permissionId" type="id-long-ne"></field>
<prim-key field="groupId"/>
<prim-key field="permissionId"/>
<relation type="one" fk-name="SEC_GRP_PERM_GRP" rel-entity-name="SecurityGroup">
<key-map field-name="groupId"/>
</relation>
<relation type="one-nofk" rel-entity-name="SecurityPermission">
<key-map field-name="permissionId"/>
</relation>
</entity>
<entity entity-name="SecurityPermission"
package-name="org.ofbiz.security.securitygroup"
default-resource-name="SecurityEntityLabels"
title="Security Component - Security Permission">
<field name="permissionId" type="id-long-ne"></field>
<field name="description" type="description"></field>
<prim-key field="permissionId"/>
</entity>
<view-entity entity-name="UserLoginAndSecurityGroup"
package-name="org.ofbiz.security.securitygroup"
never-cache="true"
title="UserLogin And SecurityGroup View">
<member-entity entity-alias="ULSG" entity-name="UserLoginSecurityGroup"/>
<member-entity entity-alias="UL" entity-name="UserLogin"/>
<alias-all entity-alias="ULSG"/>
<alias-all entity-alias="UL"/>
<view-link entity-alias="ULSG" rel-entity-alias="UL">
<key-map field-name="userLoginId"/>
</view-link>
</view-entity>
<entity entity-name="UserLoginSecurityGroup"
package-name="org.ofbiz.security.securitygroup"
title="Security Component - User Login Security Group">
<description>Maps a UserLogin to a security group</description>
<field name="userLoginId" type="id-vlong-ne"></field>
<field name="groupId" type="id-ne"></field>
<field name="fromDate" type="date-time"></field>
<field name="thruDate" type="date-time"></field>
<prim-key field="userLoginId"/>
<prim-key field="groupId"/>
<prim-key field="fromDate"/>
<relation type="one" fk-name="USER_SECGRP_USER" rel-entity-name="UserLogin">
<key-map field-name="userLoginId"/>
</relation>
<relation type="one" fk-name="USER_SECGRP_GRP" rel-entity-name="SecurityGroup">
<key-map field-name="groupId"/>
</relation>
<relation type="many" rel-entity-name="SecurityGroupPermission">
<key-map field-name="groupId"/>
</relation>
</entity>
<entity entity-name="ProtectedView"
package-name="org.ofbiz.security.securitygroup"
title="Security Component - Protected View">
<description>Defines views protected from data leakage</description>
<field name="groupId" type="id-ne"></field>
<field name="viewNameId" type="id-long-ne"><description>name of view to protect from data theft</description></field>
<field name="maxHits" type="numeric"><description>number of hits before tarpitting a login for a view</description></field>
<field name="maxHitsDuration" type="numeric"><description>period of time associated with maxHits (in seconds)</description></field>
<field name="tarpitDuration" type="numeric"><description>period of time a login will not be able to acces this view again (in seconds)</description></field>
<prim-key field="groupId"/>
<prim-key field="viewNameId"/>
<relation type="one" fk-name="VIEW_SECGRP_GRP" rel-entity-name="SecurityGroup">
<key-map field-name="groupId"/>
</relation>
<relation type="many" rel-entity-name="SecurityGroupPermission">
<key-map field-name="groupId"/>
</relation>
</entity>
<view-entity entity-name="UserLoginAndProtectedView"
package-name="org.ofbiz.security.securitygroup"
title="UserLogin And ProtectedView View">
<member-entity entity-alias="ULSGPV" entity-name="UserLoginSecurityGroup"/>
<member-entity entity-alias="PV" entity-name="ProtectedView"/>
<alias-all entity-alias="ULSGPV"/>
<alias-all entity-alias="PV"/>
<view-link entity-alias="ULSGPV" rel-entity-alias="PV">
<key-map field-name="groupId"/>
</view-link>
</view-entity>
<entity entity-name="TarpittedLoginView"
package-name="org.ofbiz.security.securitygroup"
title="Security Component - Protected View">
<description>Login View couple currently tarpitted : any access to the view for the login is denied</description>
<field name="viewNameId" type="id-long-ne"><description>name of view protected from data theft</description></field>
<field name="userLoginId" type="id-vlong-ne"/>
<field name="tarpitReleaseDateTime" type="numeric"><description>Date/Time at which the login will gain anew access to the view (in milliseconds from midnight, January 1, 1970 UTC , 0 meaning no tarpit to allow the admin to free a view and to keep history</description></field>
<prim-key field="viewNameId"/>
<prim-key field="userLoginId"/>
</entity>
<entity entity-name="UserLoginSecurityQuestion" package-name="org.ofbiz.security.login">
<field name="questionEnumId" type="id" />
<field name="userLoginId" type="id-vlong" />
<field name="securityAnswer" type="description" />
<prim-key field="questionEnumId"/>
<prim-key field="userLoginId"/>
<relation rel-entity-name="Enumeration" type="one" fk-name="SECQ_ENUM">
<key-map field-name="questionEnumId" rel-field-name="enumId"/>
</relation>
<relation rel-entity-name="UserLogin" type="one" fk-name="ULGNSECQ_ULGN">
<key-map field-name="userLoginId"/>
</relation>
</entity>
</entitymodel>