Versions Compared

Old Version 1

changes.mady.by.user Anssi Kivinen (Deactivated)

Saved on

compared with

New Version 2

changes.mady.by.user Anssi Kivinen (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Trivore Identity Service (TIS) can be used to store small amounts of application specific data. There are a number of different types of data persistence points for different kinds of data. This chapter covers the basics of those points and gives recommendations on which point to use in which situation.

User related data persistence

The data persistence points in this section are related to user accounts in some way. The user tags are the most lightweight data structures, but they do not offer access control and can only store pieces of strings.

The user custom fields are key-value pairs and can hold more complex data than the user tags, but custom fields also do not have support for complex access management.

The user tokens are the most advanced user related data structure with access management support. User tokens are key-value pairs, but many types of data can be stored in them.

User Tags

User tags are pieces of strings, which are attached to the user account. The user tags are indexed and users can be queried by tags. User tags can also be thought as lightweight groups, where a tag is the name of the group. TIS does not internally use user tags for anything and makes no interpretations on the meaning of the tags. It is up to the external application to

Namespace default tags can also be set for each namespace. The default tags are suggested in user tag editor field in the Web UI's user editor. Users can edit their own tags without any special permission. Also Management API Clients and users with ACCOUNT_MODIFY permission can change tags of any users belonging to an accessible namespace.

See User tags page for more information on how to use tags efficiently.

User custom fields

Custom fields are a set of freely specified field names and values. The values can be strings, booleans, numbers or objects. They can be used in user search by using filter keys like 'customFields.{fieldName}'.

...

User custom fields are visible to all Management API Clients with ACCOUNTS_VIEW permission and access to the user's namespace. Custom fields are also always visible to users themselves. Also, the custom fields can be modified by any management api client with ACCOUNTS_MODIFY permission and access to user's namespace.

User tokens

User tokens are access controlled key-value pairs attached to user accounts. User tokens have a list of entities, which are allowed to read the token and another list with entities, which are allowed to modify the token.
User tokens can be queried by key.

User Tags

User tags are pieces of strings, which are attached to the user account. The user tags are indexed and users can be queried by tags.

Namespace default tags can be set for each namespace. The default tags are suggested in user tag editor field in the Web UI's user editor. Users can edit their own tags

Others

Data storages

Others

The other data persistence points are not user related and can be used to store any application specific data. The limitations of these storage methods are explained in the more detailed documents.

Data storages

The Data Storage is intended to be a light-weight database to store structured data in searchable form. It is not a full-blown relational database management system, but it serves most use cases for cloud and mobile-first applications. It has built-in access control, which can be used to grant read-only or read-write access to users, groups of users, or Management API Clients.

The detailed data storage documentation can be found on Data storage explained .

Application private tokens

As the name suggest, the application private tokens are application specific and visible and accessible only to the Management API Client, that created them. The application private tokens can be used to store relative data. Each entry has a relatedId, key and a value. The application private tokens do not have support for complex access management. The use of application private tokens does not require any specific permission and any Management API client can utilise them.

Application private tokens are documented in much greater detail in the Application Private Token StoreTokens page.