UMD Enterprise Directory: Access Model


In this article

Access to the directory

Directory access is based on:

  1. Who is doing the search
  2. What type of person entry is being searched
  3. What populations are being requested
  4. Which attributes are being requested

Applications that need Single Sign-On (SSO authentication) and information retrieval integration services should see the Requesting SSO & Integration Services help article.

Top

Who is doing the search

anonymous an unknown user or application;
can get up to 50 entries per search
authenticated person a person in the directory who has authenticated with their passphrase;
can get up to 100 entries per search
authenticated application     an application which has been granted explicit permission to search the directory; can get up to 1000 entries per search


Top

What type of person entry is being searched

Authenticated users who have a umInstitution of UMCP have access to "restricted" entries. Authenticated applications are restricted to "public" UMCP entries unless explicitly permission has been granted.

public entry affiliates and anyone who has a PHR appointment for UMCP or USMO except hourly student employee who are UMCP students
restricted entry students with relaxed Buckley (FERPA) restrictions
buckley restricted entry    students with full Buckley restrictions
other entry anyone who has a PHR appointment exclusive of UMCP and USMO. 

Top

Which populations are being requested

Authenticated applications may be limited to one or more of the following population groups. 

Group Name Directory Rule Description
all-people objectClass=umPerson any person included in the PHR employee, PHR affiliate, or SIS feeds
active-people umInstitutionActive=* all people with non-terminated appointments (any institution), students, affiliates    
UMCP-all umInstitutionActive=UMCP all people with non-terminated appointments at UMCP, students, affiliates
UMCP-employee     umInstitutionActive=UMCP and
umEmployee=TRUE
all people with active UMCP appointments
UMCP-faculty umInstitutionActive=UMCP and
umFaculty=TRUE
all people with active UMCP appointments where FAC_STAFF_CD=F
UMCP-emeritus umInstitutionActive=UMCP and
umEmritus=TRUE
all people with active UMCP appointments where FAC_STAFF_CD=E,I
UMCP-staff umInstitutionActive=UMCP and
umStaff=TRUE
all people with active UMCP appointments where FAC_STAFF_CD=S
UMCP-ga umInstitutionActive=UMCP and
umGraduateAssistant=TRUE
all people with active UMCP appointments where CAT_STAT_CD=4,5
UMCP-hse umInstitutionActive=UMCP and
umHourlyStudentEmployee=TRUE
all people with active UMCP appointments where FAC_STAFF_CD=X
UMCP-affiliate umAffiliate=TRUE presence in the PHR affiliate feed
UMCP-student umStudent=TRUE and
umBuckleyFlag=FALSE
presence in the SIS feed and the SIS Privacy_Code<2
UMCP-buckley umStudent=TRUE presence in the SIS feed
UMBI-all umInstitutionActive=UMBI all people with non-terminated appointments at UMBI
UMCES-all umInstitutionActive=UMCES all people with non-terminated appointments at UMCES
UMES-all umInstitutionActive=UMES all people with non-terminated appointments at UMES
USMO-all umInstitutionActive=USMO all people with non-terminated appointments at USMO

Top

Which attributes are being requested

For the populations that you have access to, you may also request attributes to be returned for those users.  These attributes are managed in groupings. The Enterprise Directory Schema article provides additional information about these attributes, including basic logic for how they are populated. 

Available Groupings:

Attribute privacy flags also apply to certain attributes. 

The Normal Attribute Group

These attributes are defined as public access and every authorized application automatically has access to them.

Attribute Description
labeledURI RFC 2079 Uniform Resource Identifier (i.e., the URL for the person's home page).
o Organization.
ou Organizational Unit.
uid Login name.
umAffiliate A flag that indicates if the person is an affiliate to the University.
umAlumni A flag that indicates if the person is an alumni member.
umEmeritus A flag that indicates if the person is an emeritus faculty member. This is basically the OR'ing of umEmeritusActive and umEmeritusInactive.
umEmeritusActive A flag that indicates that the person is an emeritus faculty member that still has an active association with the university.
umEmeritusInactive A flag that indicates that the person is an emeritus faculty member that is not currently active in the university community.
umEmployee A flag that indicates if the person is paid by the University as an employee.
umFaculty A flag that indicates if the person is a faculty member.
umGenericUid A boolean flag that indicates that the value for the uid attribute has not been approved by the user.
umGraduateAssistant A flag that indicates if the person is a graduate assistant.
umHourlyStudentEmployee A flag the indicates if the person has an hourly student appointment in PHR.
umInstitution The USM institution name. For Students and Affiliates, the constanst string 'UMCP' is used.
umInstitutionActive The USM institution name. For Students and Affiliates, the constanst string 'UMCP' is used. For employees, popuplated only if there is a non-inactive appointment for a give institution
umInstitutionCode The USM institution code. For Students and Affiliates, the constanst string '01' is used.
umPrimaryInstitution The primary USM institution name. For employees with appointments at multiple institutions, this indicates their primary affiliation
umPrimaryInstitutionCode The primary USM institution code. For employees with appointments at multiple institutions, this indicates their primary affiliation
umStaff A flag that indicates if the person is a staff member.
umStudent A flag that indicates if the person is an active student.
umTermDate If present, then this is the date that this person is no longer considered to be associated with the university. This is the maximum of the umTermDateAffiliate, umTermDateEmployee, and the umTermDateStudent attributes. It will not be present if there exists an PHR, SIS, or AFFILIATE entry without a termination date.
umTrainee A flag that indicates if the person is a trainee.
userCertificate The public key certificate belonging to this person.
cn Common name (person's full name).
givenName Person's first name.
initials The initials from the person's name, but not including the surname (so says RFC 2256).
middleName The person's middle name.
sn Surname (person's last name).
umDisplayName Display name (First, Last).
umDisplayNameLF Display name (Last, First).
umInitials Like the initials attribute, but includes the surname.
umMiddleInitial The person's middle initial (for CorporateTime).
umNameComponent Each "word" of the umDisplayName where any non-alphanumeric constitutes a word break.
umNamePrefix Person's prefix name ("Mr.", "Dr.", etc).
umNameSuffix Person's suffix name ("Jr.", "III", etc).
umNickName Person's nickname.
umAlternateMail Alternate email addresses.
umCampusBuilding Campus building name.
umCampusBuildingCode Campus building code number.
umCampusRoom Campus building room number.
umCampusZipcode Campus zipcode.
umMailAlias Username aliases for mail forwarding.
umPrimaryCampusBuilding Campus building name. For employees with multiple appointments, this is the campus building name associated with the person's primary appointment.
umPrimaryCampusBuildingCode Campus building code number. For employees with multiple appointments, this is the campus building code number associated with the person's primary appointment.
umPrimaryCampusRoom Campus building room number. For employees with multiple appointments, this is the campus building room number associated with the person's primary appointment.
umPrimaryCampusZipcode Campus zipcode. For employees with multiple appointments, this is the campus zipcode associated with the person's primary appointment.
umTTYtelephoneNumber The telephone number to be used to contact the person using a TTY device if the individual is hearing impaired. This is the telephoneNumber attribute equivalent for TTY usage.
umNoPublishAddress A flag that indicates that the person does not wish for their home address to be published.
umNoPublishCell A flag that indicates that the person does not wish for their cell phone telephone number to be published. Employees only, does not apply to students or affiliates.
umNoPublishFax A flag that indicates that the person does not wish for their fax telephone number to be published. Employees only, does not apply to students or affiliates.
umNoPublishPager A flag that indicates that the person does not wish for their pager telephone number to be published. Employees only, does not apply to students or affiliates.
umNoPublishPhone A flag that indicates that the person does not wish for their home telephone number to be published.
umNoPublishUser A flag that indicates that the person should not be published. This is only for security purposes and is set directly by the Directory administrator.
departmentNumber HR department code. Employees only, does not apply to students or affiliates.
title Employee title. Employees only, does not apply to students or affiliates.
umDepartment HR department name. Employees only, does not apply to students or affiliates.
umDisplayTitle The employee's title that should be displayed. Employees only, does not apply to students or affiliates.
umEmployeeCollegeCode First six digiits of the HR unit code. Employees only.
umEmployeeDivisionCode First four digiits of the HR unit code. Employees only.
umEmployeeTitleCode UMD employee title code. Employees only, does not apply to students or affiliates.
umOfficialTitle The employee's appointment title. Employees only, does not apply to students or affiliates:
umOptionalTitle The employee's optional campus title. Employees only, does not apply to students or affiliates.
umPrimaryDeptCode Primary HR department code. For employees with multiple appointments, this is the department code associated with the person's primary appointment. Employees only, does not apply to students or affiliates:
umPrimaryDeptName Primary HR department name. For employees with multiple appointments, this is the department name associated with the person's primary appointment. Employees only, does not apply to students or affiliates:
umPrimaryTitle The employee's primary offical title. For employees with multiple appointments, this is the offical title associated with the person's primary appointment. Employees only, does not apply to student's or affiliates.
umPrimaryUnitCode HR unit code, 15 digits. Employees only.
umTermDateEmployee If present, then this is the date of when the employee terminated their employment with the university. Employees only, does not apply to students or affiliates.
umUnitCode HR unit code, 15 digits. Employees only.
umTermDateAffiliate If present, then this is the date of when the person lost their affiliate status. Affiliates only, does not apply to employees or students.
umInstitution The USM institution name. For Students and Affiliates, the constanst string 'UMCP' is used.
umInstitutionActive The USM institution name. For Students and Affiliates, the constanst string 'UMCP' is used. For employees, popuplated only if there is a non-inactive appointment for a give institution
umInstitutionCode The USM institution code. For Students and Affiliates, the constanst string '01' is used.
umPrimaryInstitution The primary USM institution name. For employees with appointments at multiple institutions, this indicates their primary affiliation
umPrimaryInstitutionCode The primary USM institution code. For employees with appointments at multiple institutions, this indicates their primary affiliation

EduPerson type attributes are also considered public:

Critical Attribute Sub-Groups

Attributes that are not Normal Attributes are considered to be Critical Attributes and applications must request access to them. Most of these attribute have been collected into to sub-groups for purposes of managing access. 

Critical Attribute Group Attribute
Description
UID Attribute Group employeeNumber
The University of Maryland Unique Identifier. This is a nine digit number that is being used to replace the Social Security Number.
Campus Contact Attribute Group postalAddress
University (office) address. For students, this is their local address, which might not be on campus. For affiliates, this is work address, which might not be on campus depending on the type of affiliate.
mobile
Cellular telephone number. Employees only, does not apply to students or affiliates.
pager
Pager telephone number. Employees only, does not apply to students or affiliates.
telephoneNumber
University (office) telephone number. For affiliates, this is their work telephone number, which might not be a University telephone number depending on the type of affiliate.
facsimileTelephoneNumber
FAX Telephone Number. Employees only, does not apply to students or affiliates.
Personal Contact Attribute Group homePostalAddress
The address of the person's residence.
umLocalAddress
An alias for homePostalAddress.
umPermanentAddress
For employees or affiliates, this is their home address, but for students this is the address of where they live when school is not in session (for example, their parent's house).
umPermanentCountry
For employees or affiliates, this is the country of their home (I guess this makes sense if they are telecommuting from a foreign country, but otherwise even Canada would be a longish commute). For students, this is the country that they normally live in when school is not in session (for example, the country that their parents live in).
homePhone
The telephone number of the person's residence.
umLocalPhone
An alias for homePhone
umPermanentPhone
For employees or affiliates, this is their home telephone number, but for students this is the telephone number that they can be reached when school is not in session (for example, their parent's telephone number).
Email Attribute Group mail
The email address used to send mail to the UMD.EDU Google group.
umMailFwd
The email address that the UMD.EDU Google group is supposed to send their mail to.
umMailAlias
Username aliases for mail forwarding.
Employment Attribute Group umAppointment
HR appointment. It is the concatenation of various HR information separated by a '$'.
umCatStatus
The contents of the PHR CAT_STAT field. It contains a description of the type of position the employee holds. Employees only, does not apply to students or affiliates.
umCatStatusCode
A numerical code that is equated to the symbolic description value contained in the umCatStatus attribute.
umDistrList
The contents of the PHR DISTR_LIST field. It contains a description of an employee's assignment to a particular Human Resource mailing list. This field is not assigned to every employee, only to those with certain areas of responsibility within the human resource function. Employees only, does not apply to students or affiliates.
umEEO
The PHR EEO value associated with this person. It is some kind of standardized occupational category description used in Federal and State reporting. Employees only, does not apply to students or affiliates.
umEEOcode
A numerical code that is equated to the symbolic category value contained in the umEEO attribute.
umRegInstructorOf
The course keys (see the umRegCourse attribute) that this person is listed as being the instructor of.
Affiliate Attribute Group umAffiliateType The description of the umAffiliateTypeCode. Affiliates only.
umAffiliateTypeCode A integer indicating the type of affilite record. Affiliates only.
Courses Attribute Group umRegCourse
The course key (DDDDNNNXSSSSYYYYMM) of a course that a student is registered for. The course key is a fixed length string that identifies a given course. It consists of: DDDD, the 4 character department abbreviation; NNN, the 3 digit (with leading zeros) course number; X, an optional course suffix letter, blank if none; SSSS, the 4 digit section number (with leading zeros); YYYY, the year of the beginning of the term that the class is in; and MM, the two digit month (with leading zero) of the month of the beginning of the term that the class is in (08 for Fall, 12 for the Winter Intersession, 01 for Spring, 05 for the first summer session, and 07 for the second summer session). This course may not be for the current semester, there may be entries from the previous semster, as well as courses registered for upcoming semesters. Students only, does not apply to employees or affiliates.
umRegCourseCur
Like umRegCourse, but only contains the course keys of the courses in the current semester. This will be a subset of the umRegCourse values.
umRegCourseList Like umRegCourse, but only contains the course keys of the courses in the current and one next semester. This will be a subset of the umRegCourse values.
umRegCourseCredits TBD
umRegCourseGradeOpt TBD
umBuckleyFlag A flag that indicates that the person is a student and has formally requested that no information about the student be released according to the rules set forth in the Buckley Amendment. Students only, does not apply to employees or affiliates.
Student Attribute Group umClassStanding
A two character flag value that indicates the class standing of a student. Students only, does not apply to employees or affiliates. The following values are defined: 'FR', Freshman. 'SO', Sophomore. 'JR', Junior. 'SR', Senior. 'UG', Undergraduate non-degree. 'AA', Applied Agriculture. 'MA', Masters program. 'DR', PhD program. 'GR', Graduate non-degree. 'GC', Graduate Certificate. 'OT', Other, cannot determine class standing. 'UN', Unknown.
umCollege
The symbolic name of the primay college within the Unversity that the student is under. Students only, does not apply to employees or affiliates.
umCollegeCode
The College code that indicates the primary college within the University that the student is under. Students only, does not apply to employees or affiliates.
umMajor
A short description (maximum length of 12 characters) of the student's primary major. Students only, does not apply to employees or affiliates.
umMajorCode
The Major code that indicates the student's primary major. Students only, does not apply to employees or affiliates.
umMinor A short description (maximum length of 12 characters) of the student's minor(s). Students only, does not apply to employees or affiliates.
umMinorCode The Minor code that indicates the student's minor(s). Students only, does not apply to employees or affiliates.
umPrimaryCollege The symbolic name of the primary college within the University that the student is under. Students only, does not apply to employees or affiliates.
umPrimaryCollegeCode The College code that indicates the primary college within the University that the student is under. Students only, does not apply to employees or affiliates.
umPrimaryMajor A short description (maximum length of 12 characters) of the student's primary major. Students only, does not apply to employees or affiliates.
umPrimaryMajorCode The Major code that indicates the student's primary major. Students only, does not apply to employees or affiliates.
umRegStatus The registration status of the individual. Students only, does not apply to employees or affiliates.
umStudentStatus
A flag which indicates general status of a student.
Services Attribute Group umGroup Used by SIMS for defining group membership.
umServiceStatus
Status with respect to a given service. The value should be of the form <service name>:<service status> to prevent values for differing services from conflicting.
umServices
Services which have been activated.

Other Critical Attributes

Other Critical Attributes are not part of any group and must be requested on an attribute-by-attribute basis.  These attributes are not maintained as part of a group because either they are application specific, and/or they are especially sensitive with respect to identity theft. 

Additional Critical Attributes may be available upon request. 

Attribute Privacy Flags

The following attributes are modified by various true/falseprivacy flags.

Attribute Flag Notes
telephoneNumber umNoPublishPhone always visible for employees/affiliates
homePhone
umLocalPhone
umPermanentPhone
umNoPublishPhone never visible in anonymous searches
postalAddress
mail
umMailFwd
umNoPublishAddress always visible for employees/affiliates
homePostalAddress
umLocalAddress
umPermanentAddress
umPermanentCountry
umNoPublishAddress never visible in anonymous searches
facsimileTelephoneNumber umNoPublishFax employees/affiliates only; always visible in authenticated searches
mobile umNoPublishCell never visible in anonymous searches
pager umNoPublishPager never visible in anonymous searches

Top