uhOrgAffiliation

Element Name

uhOrgAffiliation

Description

This attribute provides the role (eduPersonAffiliation) and the organization (eduPersonOrgDN) where that role applies. This is also known as a scoped affiliation.

Also see UH Role Assignments, Role Transitions and Systems of Record

This uhOrgAffiliation attribute includes extra roles that are not in eduPersonAffiliation (see table below). These additional roles are currently associated with preliminary or post-participatory states (applicants, alumni, ohana). This provides some level of protection against accidental authorization since applications typically expect eduPersonAffiliation to only include faculty, staff and students. The Internet2 specifications limit the list of valid eduPersonAffiliation roles, so any additional roles will be defined here as needed to serve specific institutional needs.

UH Data Classification

Restricted per Executive Policy 2.214

LDAP Attribute Info

Name: uhOrgAffiliation
OID: 1.3.6.1.4.1.2160.1.1.1.28
Indexing: no
Required: yes
Multivalued: yes⁽¹⁾

Required Format for Storage

string

"eduPersonOrgDN=xxx,eduPersonAffiliation=yyy"

where xxx is a valid eduPersonOrgDN value, and
where yyy is one of the LDAP Roles in the table below.

LDAP Role (yyy)	Description	Also assigned to the eduPersonAffiliation attribute?
faculty	(see eduPersonAffiliation)	Yes
staff	(see eduPersonAffiliation )	Yes
student	(see eduPersonAffiliation )	Yes
other	(see eduPersonAffiliation )	Yes
applicant	Applicant⁽²⁾, according to Banner. Has not been (yet) accepted.	No
accepted-applicant	Accepted Applicant⁽²⁾, according to Banner. UH has notified this applicant of acceptance.	No
admitted-applicant	Admitted Applicant⁽²⁾, according to Banner. Applicant has paid tuition deposit or provided letter of intent.	No
ohana	Post participant, no longer has an active role at UH, but has elected to retain email	No

Example Stored Data⁽¹⁾

Example for a person with one value:

eduPersonOrgDn=kauaicc,eduPersonAffiliation=faculty

Example for a person with two values (one value per line):

eduPersonOrgDN=uhwo,eduPersonAffiliation=staff
eduPersonOrgDN=uhm,eduPersonAffiliation=student

Systems of Record

Banner, PeopleSoft HR, SECE, RCUH, UHIMS

UH Group Store

hawaii.edu:store:<dataOrigin>:aff:<org>:<role>

UHIMS Events

addAffilation or modifyAffiliation or deleteAffiliation

messageData
- affiliation
  - org
  - role

Notes

There is no significance to the order of appearance. No assumptions can be made about the contents of the first row, for example.
Applicants and accepted applicants are tied to one of the 4-year schools: Hilo, Manoa or West Oahu. Community college applicants start as admitted applicants (prior to 12/21/2021, they started with the student role). All applicants transition into the student role only when they register.
As information is received from each System of Record the stored data is updated with the most recent information provided.
The ITS Help Desk provides updates and corrections as needed.
The data provided represents a "logical" rather than a "physical" view. For example, a staff member working at Hawaii CC may be considered by some to be staff at Hawaii CC, but the data UHIMS receives from the various Systems of Record may indicate instead that the person is staff at RCUH. Regrettably, here is currently no System of Record for "physical" affiliations.
Any student affiliation at any campus will trump any type of applicant affiliation at any campus. If your application requires the applicant role, a grouping should be considered.