Skip to main content

cloud.config_catalog

Schema: cloud
Table: cloud.config_catalog
Description: Master catalog of all known configuration keys. Each row defines one configuration variable: its code, data type, default value, and which levels of the hierarchy are allowed to override it.

Overview

  • Column prefix: cck_
  • Primary key: cck_key_id
  • Referenced by: cloud.config_values_global, cloud.config_values_tenant, cloud.config_values_group, cloud.config_values_user

Columns

ColumnTypeNullDefaultDescription
cck_key_idintegerNOauto-incrementInternal surrogate primary key.
cck_codevarchar(100)NOUnique dotted code identifying the config key. Convention: category.subcategory.name (e.g. auth.password.min_length).
cck_categoryvarchar(100)NOFunctional grouping for admin UI display (e.g. auth, ui, features, permissions, system, branding).
cck_labelvarchar(255)NO''Human-readable label shown in the admin interface.
cck_descriptiontextYESNULLExtended description of what this key controls.
cck_value_typevarchar(20)NOData type of the value: bool, int, string, json.
cck_default_valuetextNO''System default. Used when no level provides an override. Always stored as a string; the application coerces it based on cck_value_type.
cck_allowed_valuestextYESNULLValidation hint. For enumerations: JSON array (e.g. ["light","dark"]). For numeric ranges: JSON object (e.g. {"min":6,"max":128}).
cck_allowed_levelssmallintNO15Bitmask controlling which hierarchy levels may set an override value. See table below.
cck_is_sensitivebooleanNOfalseWhen true, the resolved value is stripped from the login response and never sent to the client. Used for server-side-only keys (e.g. internal API secrets).
cck_is_activebooleanNOtrueSoft-disable a key without deleting it. Inactive keys are ignored during resolution.
cck_sort_orderintegerNO0Display order within a category in the admin UI.
cck_created_attimestamptzNONOW()Creation timestamp (UTC).
cck_updated_attimestamptzYESNULLLast modification timestamp (UTC).

cck_allowed_levels bitmask

Each bit enables a specific hierarchy level to set an override:

BitValueLevel
01Global (system-wide, set by SuperAdmin)
12Tenant (set by TenantAdmin for their tenant)
24Group (set by TenantAdmin per HR group)
38User (set by the user themselves or TenantAdmin)

Examples:

cck_allowed_levelsBinaryMeaning
10001Global only — system policy, tenants cannot override
30011Global + tenant
60110Tenant + group (no global, no user)
121100Group + user
141110Tenant + group + user
151111All levels

Constraints

  • Primary key: pk_config_catalogcck_key_id
  • Unique: c_uk_cck_codecck_code

Initial catalog entries (seed)

cck_codeTypeDefaultLevelsNotes
auth.registration.enabledbooltrue1Whether self-registration is open. SuperAdmin only.
auth.password.min_lengthint83Minimum password length. Tenant can raise but not lower.
auth.password.require_uppercasebooltrue3
auth.password.require_digitbooltrue3
auth.password.require_specialboolfalse3
system.maintenance_modeboolfalse1Puts the platform in maintenance mode. SuperAdmin only.
system.group_conflict_strategystringrestrictive3How to resolve conflicts when a user matches multiple group overrides. permissive or restrictive.
features.ai_assistantboolfalse3Enables the embedded AI assistant for the tenant.
features.module.payrollbooltrue3
features.module.recruitmentbooltrue3
branding.app_namestringHR Studio2Display name shown in the UI header.
branding.primary_colorstring#2b5f606Primary UI accent color.
ui.themestringlight14Interface theme: light or dark.
ui.densitystringcomfortable12UI density: compact, comfortable, spacious.
ui.sidebar_collapsedboolfalse8User preference for sidebar state.
ui.dashboard_layoutjson{}8User-specific dashboard widget layout (JSON).
permissions.section_visibilityjson{}6Role-based section visibility rules. Read by FieldMaskingService.
permissions.ai_topicsjson{}6Topics the AI assistant must not discuss for restricted roles.