|
|
|
The following table describes the tables in the schema and provides a brief description about them:
|
Name |
Comment |
|---|---|
|
ACL |
Access Control List for most of CA Access Control resources. It combines the following CA Access Control properties: ACL, NACL, PACL, CACL, CALACL. ACL - Standard access control list that contains the user names and group names authorized to access the resource and the level of access granted to each. NACL - Negative access control list that contains the user names or group names that are not authorized to access the resource. PACL - Program access control list that depends upon the accessing program. Each PACL contains the user names and group names, the level of access, and the name of the program or shell script the user must execute in order to access the particular resource. CACL - Conditional access control list CALACL - Calendar access control, a resource ACL that depends upon the Unicenter® TNG calendar The Axxxx and Dxxxx columns represent all supported (A)llow and (D)eny privileges for all types of supported resources. Some privileges are only relevant for specific types of resources. For example, privileges to start, stop and pause may only be relevant to processes and services, but not to files. |
|
ACRPTDB_VERSION |
DB schema version, used to control DB schema upgrades |
|
CATEGORY |
B1 Feature (security category) for a resource object / user object / group object. |
|
CONFIG |
CA Access Control configuration store, which holds zero or more configuration entries (see CONFIG_ENTRY). |
|
CONFIG_ENTRY |
A single configuration entry within a configuration store. |
|
DAYTIME |
Specifies the days of the week and the hours in the day when users may access the resource |
|
DEPLOYMENT_RESULT_MESSAGE |
Result messages of a deployment task |
|
DEPLOYMENT_TASK |
Describes a single policy-deployment task: the act of deploying/undeploying a single policy on a single node. |
|
DEPLOYMENT_TASK_GROUP |
Describes exactly one of the following deployment-related tasks: 1. Assign a node to a node group 2. Assign a policy group to a node 3. Assign a policy group to a node group As can be seen, the task is binary, where the first operator is a node or a policy group, and the second operator is a node or a node group. |
|
DISTRIBUTION_HOST |
Distribution hosts for Disaster Recovery mode. Maps to the elements within the DH and DHDR properties of the CA Access Control class SEOS. |
|
EFFECTIVE_POLICY |
References which policies are related to which nodes in the policy model, including implicit relationships (via node groups, policy groups, etc). |
|
GROUPAUDIT |
Audit settings for a group object |
|
GROUPINFO |
Group object information |
|
GROUPMEMBER |
The groups that are members of this group. |
|
GROUPREVACL |
Group reverse ACL, i.e. what ACLs a group has over a specific resource, given a certain condition. See the ACL table for a description of all Axxx and Dxxxx (allow/deny) columns. |
|
GROUPS |
Groups property for resource objects and user objects. The list of user groups (GROUP records) a USER record belongs to. This property also contains any group authorities, such as group administration authority (GROUP-ADMIN), assigned to the user for each group the user belongs to. The group list contained in this property may be different from the one in the native environment GROUPS property. |
|
HOLDATE |
Holiday information for holiday objects |
|
HOSTINFO |
Host information represents a CA Access Control endpoint in the network |
|
INETACL |
INET-ACL - Internet access control list. The services the local host is allowed to provide to the group of client hosts and what their access types are. Each element in the access control list contains the following information: 1. Services reference-A reference to a service (a port number or name). To specify all the services, enter an asterisk (*) as the services reference. 2. Permitted access-The types of access the client hosts have to the service. The valid access types and the permissions they give are: - read-Allows the local host to provide the service to the host group. - none-Does not allow the local host to provide the service to the host group. See the ACL table for a description of all Axxx and Dxxxx (allow/deny) columns. |
|
INSERVRNGE |
Service range ACL. Similar to the INETACL property. Instead of explicitly specifying the services the local host provides to the group of client hosts, this property specifies a range of services. See the ACL table for a description of all Axxx and Dxxxx (allow/deny) columns. |
|
LOCAL_PMD_SUBSCRIBER |
Represents a policy-model subscription entry - each entry maps to the individual subscription entries as provided by the sepmd -L selang command. |
|
LOGINAPPL |
The LOGINAPPL class controls and detects login applications. It enables the user to define a login application and set access control rules to control login using this application. The description of each column contains a reference to the appropriate CA Access Control class, property and value that it represents. For full information, refer to the selang Reference Guide. |
|
MEMBEROF |
The groups that this group is a member of. |
|
MEMBERS |
Members property for resource objects |
|
NODE |
Defines a CA Access Control host on which policy compliance is to be enforced. Node groups are represented by a simple resource entity (see RESINFO/RESAC). Relationship between nodes and node groups is handled by the GROUPS/MEMBERS mechanism as with any other resource (see GROUPS/MEMBERS/RESINFO tables) |
|
NODE_ADDRESS |
The zero or more network addresses of a node. Maps to the HNODE_IP property of the CA Access Control class HNODE. |
|
NODE_ALIAS |
The zero or more aliases of a node. Maps to the ALIAS property of the CA Access Control class HNODE. |
|
NODE_DEVIATION |
Host-level deviation details. |
|
NODE_SUBSCRIPTION_STATUS |
Describes the subscription relationships and status between various HNODEs, of the purpose of policy distribution. |
|
PASSWDRULES |
Specifies the password rules. This property contains a number of fields that determine how CA Access Control handles password protection. For a complete list of the rules, see the modifiable property PROFILE of the USER class. |
|
POLICY |
Describes a compliance state for a node, and the operations that are required to enforce it. Each policy entity represents either an initial version or a subsequent version of another policy. An initial policy is always assigned to a single policy group (see POLICY_GROUP table), which also contains all subsequent versions of that policy. |
|
POLICY_DEVIATION |
Describes the deviation (policy incompliance) of a node from its effective policy |
|
POLICY_GROUP |
Contains all policies which are a subsequent version of the same initial policy |
|
POLICY_GROUP_DEPENDENCY |
Describes which policy groups depend on other policy groups. Independent policy groups do not appear in this table. |
|
POLICY_GROUP_NODE_ASSIGNMENT |
Describes which policies assigned to which nodes (or groups of nodes) in the policy model. When a policy is assigned to a node, the NODE_RESCLASS will be HNODE. If it is assigned to a node group, the NODE_RESCLASS will be GHNODE. This table is used for both node and node-group assignments. Relationship between policy groups and node (or node groups) is handled by the GROUPS/MEMBERS mechanism as with any other resource (see GROUPS/MEMBERS/RESINFO tables) |
|
POLICY_RULESET |
Link between policies and their rulesets |
|
POLICY_STATUS |
Describes the status of a policy in respect of each node it is related to (see EFFECTIVE_POLICY): whether it is deployed, undeployed, etc. |
|
POLICYMODELINFO |
Policy model information. Contains status about policy distributed by a certain node, to other nodes. |
|
RAUDIT |
The types of access events that CA Access Control records in the audit log. |
|
RESAC |
CA Access Control resource information |
|
RESINFO |
CA Access Control Resource information |
|
RULESET |
The set of commands that are do be executed as a part of policy deployment/undeployment. |
|
RULESET_COMMAND |
A single selang command, many of which comprise a ruleset. |
|
SEOS |
Set options information |
|
SEOSSYSCALL |
(r12.0 SP1) CA Access Control main kernel module, mainly for intercepting OS events that seosd will be consulted to decide if to allow or reject them |
|
SNAPSHOTINFO |
Snapshot information represents all collected data from a single local AC database (on a single host) at the time of collection. |
|
SPECIALPGMTYPE |
Special program types for SPECIALPGM class. Program information automatically generated by AC. The Watchdog automatically verifies the information stored in this property. If it is changed, CA Access Control defines the program as untrusted. Each record represents a single SPECIALPGMTYPE property of the CA Access Control class SPECIALPGM. |
|
SYSCALL |
(r12.0 SP1) CA Access Control main kernel module, mainly for intercepting OS events that seosd will be consulted to decide if to allow or reject them |
|
SYSCALLUSERSPECIALPGM |
(r12.0 SP1) CA Access Control main kernel module, mainly for intercepting OS events that seosd will be consulted to decide if to allow or reject them |
|
UACC |
The default access authority is the authority granted to any accessor that requests access to the object, but is not in the access control lists of the object. Users not defined in the database also receive default access authority. See the ACL table for a description of all Axxx and Dxxxx (allow/deny) columns. Each record represents the UACC property of the various CA Access Control resource classes. See the ACL table for a description of all Axxx and Dxxxx (allow/deny) columns. |
|
USERAC |
CA Access Control user information. Each record in this table represents AC-specific properties of a single CA Access Control object of class USER/XUSER. |
|
USERACAUDIT |
CA Access Control user audit settings Each record represents a single entry of the CA Access Control property AUDIT_MODE of the CA Access Control class USER/XUSER. |
|
USERACMODE |
CA Access Control user modes (OBJ_TYPE) Each record represents a single entry of the CA Access Control property OBJ_TYPE of the CA Access Control class USER/XUSER. |
|
USERGRP |
User's connection to group Each record represents a single entry of the CA Access Control property GROUPS of the CA Access Control class USER/XUSER. |
|
USERINFO |
Base user information. Every user must have a record in this table. This table is the parent to other USER tables which represent other segments of user information. |
|
USERLIST |
User list (members) for a group object Each record represents a single OID entry of the CA Access Control property USERLIST of the CA Access Control class GROUP/XGROUP. |
|
USERREVACL |
User reverse ACL, i.e. what ACLs a user has over a specific resource, given a certain condition. See the ACL table for a description of all Axxx and Dxxxx (allow/deny) columns. Each record represents a single entry of the CA Access Control property REVACL of the CA Access Control class USER/XUSER. |
The following table describes the attributes of the columns of the ACL table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this ACL record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this ACL record |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class name (like: FILE, PROCESS) of this ACL record |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
Resource object name of this ACL record |
|
ACNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Accessor class name |
|
AONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Accessor object name |
|
ACLTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
Access type (for example, R = read, W = write) |
|
ISALLOW |
Yes |
NUMBER(1,0) |
NOT NULL |
What columns in this record are relevant: Axxx(allow) or Dxxx(deny). Specifically, is this an allow-ACL entry or deny-ACL entry. |
|
CONDHASH |
Yes |
NUMBER(20,0) |
NOT NULL |
Depending on the ACLTYPE, this represents a hashed value of the condition for this ACL.
For PACL, this will represent a hash of the PROGRAMNAME field. For CACL, the hash is for OUTCONCNAME, OUTCONONAME, HOSTCNAME, HOSTONAME. For CALACL, it is a hash of CALENDAR For ACL and NACL, it is 0. |
|
CALENDAR |
No |
NVARCHAR2(256) |
NULL |
Calendar name (for CALACL records) |
|
PROGRAMNAME |
No |
NVARCHAR2(256) |
NULL |
Program name (for PACL records) |
|
OUTCONCNAME |
No |
NVARCHAR2(80) |
NULL |
When ACLTYPE=CACL, this field holds the Outgoing Connection class name. GROUP or XGROUP means that the related record is in the GROUPINFO table. USER or XUSER means that it is in the USERINFO table.
For other ACLTYPE values, this field is NULL. |
|
OUTCONONAME |
No |
NVARCHAR2(256) |
NULL |
When ACLTYPE=CACL, this field holds the Outgoing Connection object name. For other ACNAME values, this field is NULL. |
|
HOSTCNAME |
No |
NVARCHAR2(80) |
NULL |
When ACLTYPE=CACL, this field holds the Host class name (i.e. 'HOST') and relates to a corresponding record in the RESINFO table. For other ACNAME values, this field is NULL. |
|
HOSTONAME |
No |
NVARCHAR2(256) |
NULL |
When ACLTYPE=CACL, this field holds the Host object name. For other ACNAME values, this field is NULL. |
|
AREAD |
No |
NUMBER(1,0) |
NULL |
Read access |
|
AWRITE |
No |
NUMBER(1,0) |
NULL |
Write access |
|
AMODIFY |
No |
NUMBER(1,0) |
NULL |
Modify access |
|
ACREATE |
No |
NUMBER(1,0) |
NULL |
Create access |
|
AERASE |
No |
NUMBER(1,0) |
NULL |
Erase access |
|
AFILESCAN |
No |
NUMBER(1,0) |
NULL |
Scan Files access |
|
ALANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
AEXEC |
No |
NUMBER(1,0) |
NULL |
Execute access |
|
ACHOWN |
No |
NUMBER(1,0) |
NULL |
Change Owner access |
|
ACHGRP |
No |
NUMBER(1,0) |
NULL |
Change Group access |
|
ACHMOD |
No |
NUMBER(1,0) |
NULL |
Launch Chmod Utility access |
|
AUTIMES |
No |
NUMBER(1,0) |
NULL |
Access to update a file/folder resource update time |
|
ASEC |
No |
NUMBER(1,0) |
NULL |
|
|
AKILL |
No |
NUMBER(1,0) |
NULL |
|
|
ACONNECT |
No |
NUMBER(1,0) |
NULL |
Connect access |
|
ARENAME |
No |
NUMBER(1,0) |
NULL |
Rename access |
|
APASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
AAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
AXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
ACHDIR |
No |
NUMBER(1,0) |
NULL |
Access to set a folder resource as the current working directory |
|
ACRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
ANOTIFY |
No |
NUMBER(1,0) |
NULL |
Notify access |
|
AENUM |
No |
NUMBER(1,0) |
NULL |
Enumerate access |
|
AQUERY |
No |
NUMBER(1,0) |
NULL |
Query access |
|
ARCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
ACRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
APRINT |
No |
NUMBER(1,0) |
NULL |
Print access |
|
AMANAGE |
No |
NUMBER(1,0) |
NULL |
Manage access |
|
AMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
ASTOP |
No |
NUMBER(1,0) |
NULL |
Stop access |
|
APAUSE |
No |
NUMBER(1,0) |
NULL |
Pause access |
|
ACONTROL |
No |
NUMBER(1,0) |
NULL |
Control access |
|
ACHOG |
No |
NUMBER(1,0) |
NULL |
|
|
ARESUME |
No |
NUMBER(1,0) |
NULL |
Resume access |
|
DREAD |
No |
NUMBER(1,0) |
NULL |
Read denial |
|
DWRITE |
No |
NUMBER(1,0) |
NULL |
Write denial |
|
DMODIFY |
No |
NUMBER(1,0) |
NULL |
Modify denial |
|
DCREATE |
No |
NUMBER(1,0) |
NULL |
Create denial |
|
DERASE |
No |
NUMBER(1,0) |
NULL |
Erase denial |
|
DFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
DLANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
DEXEC |
No |
NUMBER(1,0) |
NULL |
Execute denial |
|
DCHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
DCHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
DCHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
DUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
DSEC |
No |
NUMBER(1,0) |
NULL |
|
|
DKILL |
No |
NUMBER(1,0) |
NULL |
Kill denial |
|
DCONNECT |
No |
NUMBER(1,0) |
NULL |
Connect denial |
|
DRENAME |
No |
NUMBER(1,0) |
NULL |
Rename denial |
|
DPASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
DAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
DXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
DCHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
DCRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
DNOTIFY |
No |
NUMBER(1,0) |
NULL |
Notify denial |
|
DENUM |
No |
NUMBER(1,0) |
NULL |
Enumerate denial |
|
DQUERY |
No |
NUMBER(1,0) |
NULL |
Query denial |
|
DRCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
DCRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
DPRINT |
No |
NUMBER(1,0) |
NULL |
|
|
DMANAGE |
No |
NUMBER(1,0) |
NULL |
Manage denial |
|
DMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
DSTOP |
No |
NUMBER(1,0) |
NULL |
Stop denial |
|
DPAUSE |
No |
NUMBER(1,0) |
NULL |
Pause denial |
|
DCONTROL |
No |
NUMBER(1,0) |
NULL |
Control denial |
|
DCHOG |
No |
NUMBER(1,0) |
NULL |
|
|
DRESUME |
No |
NUMBER(1,0) |
NULL |
Resume denial |
The following table describes the attributes of the columns of the ACRPTDB_VERSION table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
VERSION_ID |
No |
NUMBER(1,0) |
NOT NULL |
Should always be 1 |
|
MAJOR_VERSION |
No |
NVARCHAR2(20) |
NULL |
Major version |
|
MINOR_VERSION |
No |
NVARCHAR2(20) |
NULL |
Minor version |
The following table describes the attributes of the columns of the CATEGORY table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
CNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Class name of this record |
|
ONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Object name of this record |
|
CATEGORY |
Yes |
NVARCHAR2(256) |
NOT NULL |
Category name of this record. If a resource has one or more security categories assigned to it, a user is granted access to the resource only if the user security category list contains all the security categories assigned to the resource. |
The following table describes the attributes of the columns of the CONFIG table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record. |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
CONFIGNAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Category name of this record. If a resource has one or more security categories assigned to it, a user is granted access to the resource only if the user security category list contains all the security categories assigned to the resource. |
The following table describes the attributes of the columns of the CONFIG_ENTRY table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
CONFIGNAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
The name of the config store |
|
ENTRYID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Config entry name |
|
ENTRYTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
Config entry type. A value of 'section' means that this entry's VALUE and VALUETYPE are NULL |
|
SECTION |
No |
NVARCHAR2(256) |
NOT NULL |
The section name for this entry. If ENRYTYPE=section, this field equals to the name of the section. Otherwise, this field equals to the name of the section containing this entry. |
|
ENTRYNAME |
No |
NVARCHAR2(256) |
NULL |
Config entry name. This column maps to the AC config's NAME property of a token element. |
|
VALUETYPE |
No |
NVARCHAR2(20) |
NULL |
The type of the value for this entry when ENTRYTYPE is non-NULL. |
|
VALUE |
No |
NVARCHAR2(256) |
NULL |
The value for this entry when ENTRYTYPE is non-NULL. |
The following table describes the attributes of the columns of the DAYTIME table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
CNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Class name of this record |
|
ONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Object name of this record |
|
SUNDAY |
No |
NUMBER(1,0) |
NULL |
Allow access in Sunday |
|
MONDAY |
No |
NUMBER(1,0) |
NULL |
Allow access in Monday |
|
TUESDAY |
No |
NUMBER(1,0) |
NULL |
Allow access in Tuesday |
|
WEDNESDAY |
No |
NUMBER(1,0) |
NULL |
Allow access in Wednesday |
|
THURSDAY |
No |
NUMBER(1,0) |
NULL |
Allow access in Thursday |
|
FRIDAY |
No |
NUMBER(1,0) |
NULL |
Allow access in Friday |
|
SATURDAY |
No |
NUMBER(1,0) |
NULL |
Allow access in Saturday |
|
STARTTIME |
No |
TIMESTAMP(6) |
NULL |
Allow access after this start time |
|
ENDTIME |
No |
TIMESTAMP(6) |
NULL |
Allow access before this end time |
The following table describes the attributes of the columns of the DEPLOYMENT_RESULT_MESSAGE table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA CA-ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
MESSAGEIDX |
Yes |
NUMBER |
NOT NULL |
Messages are ordered. This column represents the message index, thus describing its position relative to other messages. Maps to the command-index component of the AC property RESULT_MESSAGE of the AC class DEPLOYMENT. |
|
MESSSAGESTR |
Yes |
NVARCHAR2(256) |
NULL |
The message body. Maps to the command-string component of the AC property RESULT_MESSAGE of the AC class DEPLOYMENT. |
The following table describes the attributes of the columns of the DEPLOYMENT_TASK table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
POLICYGRP_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the AC OID property GPOLICY of the DEPLOYMENT class. |
|
POLICYGRP_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the AC OID property GPOLICY of the DEPLOYMENT class. |
|
CHECKERTYPE |
No |
NVARCHAR2(80) |
NULL |
The AC class of this user: USER, XUSER. Maps to the CNAME of the AC OID property CHECKER of the DEPLOYMENT class. |
|
CHECKERID |
No |
NVARCHAR2(256) |
NULL |
Identifier for this object on this system. Maps to the ONAME of the AC OID property CHECKER of the DEPLOYMENT class. |
|
NODE_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the AC OID property HNODEY of the DEPLOYMENT class. |
|
NODE_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the AC OID property HNODE of the DEPLOYMENT class. |
|
POLICY_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the AC OID property POLICY of the DEPLOYMENT class. |
|
POLICY_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the AC OID property POLICY of the DEPLOYMENT class. |
|
MAKERID |
No |
NVARCHAR2(256) |
NULL |
Identifier for this object on this system. Maps to the ONAME of the AC OID property MAKER of the DEPLOYMENT class. |
|
MAKERTYPE |
No |
NVARCHAR2(80) |
NULL |
The class of the maker. Values USER and XUSER mean that the maker record is in the USERINFO table. GROUP or XGROUP mean that it is in the GROUPINFO table. Maps to the CNAME of the AC OID property MAKER of the DEPLOYMENT class. |
|
CHECKERCOMMENT |
No |
NVARCHAR2(256) |
NULL |
Comment made by the checker. Maps to the AC property CHECKER_COMMENT of the DEPLOYMENT class. |
|
CHECKERTIME |
No |
TIMESTAMP(6) |
NULL |
Check timestamp. Maps to the AC property CHECKER_TIME of the DEPLOYMENT class. |
|
DMSNAME |
No |
NVARCHAR2(256) |
NULL |
Name of the DMS which generated this task. Maps to the AC property DMS_NAME of the DEPLOYMENT class. |
|
OPERATION |
No |
NVARCHAR2(256) |
NULL |
The operation that this task should be performing: DEPLOY, UNDEPLOY. Maps to the AC property OPERATION of the DEPLOYMENT class. |
|
STATUS |
No |
NVARCHAR2(256) |
NULL |
The status of the task: SUCCESS, WARNING, FAIL, NOACTION. Maps to the AC property STATUS of the DEPLOYMENT class. |
The following table describes the attributes of the columns of the DEPLOYMENT_TASK_GROUP table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
POLICYGRP_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the AC OID property POLICY of the GDEPLOYMENT class. |
|
POLICYGRP_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the AC OID property POLICY of the GDEPLOYMENT class. |
|
NODEGRP_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the AC OID property GHNODE of the GDEPLOYMENT class. |
|
NODEGRP_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the AC OID property GHNODE of the GDEPLOYMENT class. |
|
NODE_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the AC OID property HNODE of the GDEPLOYMENT class. |
|
NODE_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the AC OID property HNODE of the GDEPLOYMENT class. |
|
TRIG |
No |
NVARCHAR2(256) |
NULL |
The trigger of this task group: ASSIGN, UNASSIGN, DIRECTDEPLOY, DIRECTUNDEPLOY. Maps to the AC property TRIGGER of the GDEPLOYMENT class. |
The following table describes the attributes of the columns of the DISTRIBUTION_HOST table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
DH |
Yes |
NVARCHAR2(256) |
NOT NULL |
Maps to a single element within the DH or DHDR property of the AC class SEOS, depending on the value of the DHTYPE column. |
|
DHTYPE |
Yes |
NVARCHAR2(20) |
NOT NULL |
If DHTYPE is 'DR', the DH column maps to a single element within the DHDR property of the AC class SEOS. If DHTYPE is 'NORMAL', it maps to the DH property of that class. |
The following table describes the attributes of the columns of the EFFECTIVE_POLICY table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
NODE_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
NODE_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
POLICY_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
POLICY_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
The following table describes the attributes of the columns of the GROUPAUDIT table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record. |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
|
SUCCESS |
No |
NUMBER(1,0) |
NULL |
Audit successful events |
|
FAILURE |
No |
NUMBER(1,0) |
NULL |
Audit failure events |
|
LOGONSUCCESS |
No |
NUMBER(1,0) |
NULL |
Audit successful logons |
|
LOGONFAILURE |
No |
NUMBER(1,0) |
NULL |
Audit failure logons |
|
DEBUG |
No |
NUMBER(1,0) |
NULL |
Log since in debug mode |
|
TRACE |
No |
NUMBER(1,0) |
NULL |
Trace on group |
The following table describes the attributes of the columns of the GROUPINFO table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record. Maps to the ONAME of the AC group OID. |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
|
DESCRIPTION |
No |
NVARCHAR2(256) |
NULL |
Group description and comments. Maps to the AC property COMMENT of the AC class GROUP/XGROUP. |
|
OWNERCNAME |
No |
NVARCHAR2(256) |
NULL |
The owner of the resource record has unrestricted access to the resource, provided the owner's security level, security label, and security category authorities are sufficient to allow access to the resource. The owner of the resource is always permitted to update and delete the resource record. Maps to the CNAME of the AC property OWNER of the AC class GROUP/XGROUP. |
|
OWNERONAME |
No |
NVARCHAR2(256) |
NULL |
Maps to the ONAME of the AC property OWNER of the AC class GROUP/XGROUP. |
|
FULLNAME |
No |
NVARCHAR2(256) |
NULL |
The full name associated with a group. Maps to the AC property FULL_NAME of the AC class GROUP/XGROUP. |
|
SUPGROUP |
No |
NVARCHAR2(256) |
NULL |
The name of the parent group (“superior” group). Maps to the AC property SUPGROUP of the AC class GROUP/XGROUP. |
|
CALENDAR |
No |
NVARCHAR2(256) |
NULL |
Specifies Unicenter TNG calendar objects, which represent time restrictions in Unicenter TNG. AC maintains a list of these objects for management purposes only, but doesn't protect them. Maps to the AC property CALENDAR of the AC class GROUP/XGROUP. |
|
CRETIME |
No |
TIMESTAMP(6) |
NULL |
Create time. Maps to the AC property CREATE_TIME of the AC class GROUP/XGROUP. |
|
UPDTIME |
No |
TIMESTAMP(6) |
NULL |
The date and time the record was last modified. |
|
UPDWHOCNAME |
No |
NVARCHAR2(256) |
NULL |
The date and time the record was last modified. Maps to the AC property UPDATE_TIME of the AC class GROUP/XGROUP. |
|
UPDWHOONAME |
No |
NVARCHAR2(256) |
NULL |
Maps to the ONAME of the AC property UPDATE_WHO of the AC class GROUP/XGROUP. |
|
HOMEDIR |
No |
NVARCHAR2(256) |
NULL |
The home directory assigned to a new group member. Maps to the AC property HOMEDIR of the AC class GROUP/XGROUP. |
|
EXPDATE |
No |
DATE |
NULL |
Sets the date on which the accounts of the group members expire. Maps to the AC property EXPIRE_DATE of the AC class GROUP/XGROUP. |
|
MAXLOGINS |
No |
NUMBER |
NULL |
Sets the maximum number of terminals users can log in to at the same time. A value of 0 (zero) means that users can log in from any number of terminals concurrently. Maps to the AC property MAXLOGINS of the AC class GROUP/XGROUP. |
|
INACTIVE |
No |
NUMBER |
NULL |
Specifies the number of days that must pass before the system changes users to inactive status. Maps to the AC property INACTIVE of the AC class GROUP/XGROUP. |
|
PROFUSRCNAME |
No |
NVARCHAR2(256) |
NULL |
Maps to the CNAME of the AC property PROFUSR of the AC class GROUP/XGROUP. |
|
PROFUSRONAME |
No |
NVARCHAR2(256) |
NULL |
Maps to the ONAME of the AC property PROFUSR of the AC class GROUP/XGROUP. |
|
PWDAUTOGEN |
No |
NUMBER(1,0) |
NULL |
Indicates whether the application's password is automatically generated by the Policy Server. Maps to the AC property PWD_AUTOGEN of the AC class GROUP/XGROUP. |
|
PWDSYNC |
No |
NUMBER(1,0) |
NULL |
Indicates whether the application's password can be identical to the user's other application passwords. Maps to the AC property PWD_SYNC of the AC class GROUP/XGROUP. |
|
PWPOLICY |
No |
NVARCHAR2(256) |
NULL |
The record name of the password policy for the application. Maps to the AC property PWPOLICY of the AC class GROUP/XGROUP. |
|
RESDATE |
No |
DATE |
NULL |
Enables user records that were disabled by specifying the suspend parameter. Maps to the AC property RESUME_DATE of the AC class GROUP/XGROUP. |
|
SHELL |
No |
NVARCHAR2(256) |
NULL |
Specifies the full path of the initial program or shell that is executed after the user invokes the login or su command. Maps to the AC property SHELL of the AC class GROUP/XGROUP. |
|
SUBGROUP |
No |
NVARCHAR2(256) |
NULL |
The list of groups that have this group as a parent. Maps to the AC property SUBGROUP of the AC class GROUP/XGROUP. |
|
SUSDATE |
No |
TIMESTAMP(6) |
NULL |
Disables user records, but leaves them defined in the database. Maps to the AC property SUSPEND_DATE of the AC class GROUP/XGROUP. |
|
SUSWHOCNAME |
No |
NVARCHAR2(256) |
NULL |
The class of the administrator who activated the suspend date. Maps to the CNAME of the AC property SUSPEND_WHO of the AC class GROUP/XGROUP. |
|
SUSWHOONAME |
No |
NVARCHAR2(256) |
NULL |
The object name of the administrator who activated the suspend date. Maps to the ONAME of the AC property SUSPEND_WHO of the AC class GROUP/XGROUP. |
|
SECURITYID |
No |
NVARCHAR2(256) |
NULL |
Vendor-specific security ID for this group entry. Maps to the AC property SECURITY_ID of the AC class XGROUP. |
The following table describes the attributes of the columns of the GROUPMEMBER table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record |
|
CNAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Class name of the member |
|
ONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Object name of the member |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
The following table describes the attributes of the columns of the GROUPREVACL table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
|
RESCNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class name |
|
RESONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Resource object name |
|
CONCNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Condition class name (i.e. PROGRAM, HOST, CALENDAR). A non-empty string means that a condition object exists in the RESINFO table. A hyphen string ('-') means "unconditional". |
|
CONONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Condition object name |
|
ISALLOW |
Yes |
NVARCHAR2(256) |
NOT NULL |
|
|
AREAD |
No |
NUMBER(1,0) |
NULL |
|
|
AWRITE |
No |
NUMBER(1,0) |
NULL |
|
|
AMODIFY |
No |
NUMBER(1,0) |
NULL |
|
|
ACREATE |
No |
NUMBER(1,0) |
NULL |
|
|
AERASE |
No |
NUMBER(1,0) |
NULL |
|
|
AFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
ALANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
AEXEC |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
ACHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
ACHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
AUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
ASEC |
No |
NUMBER(1,0) |
NULL |
|
|
AKILL |
No |
NUMBER(1,0) |
NULL |
|
|
ACONNECT |
No |
NUMBER(1,0) |
NULL |
|
|
ARENAME |
No |
NUMBER(1,0) |
NULL |
|
|
APASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
AAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
AXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
ACHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
ACRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
ANOTIFY |
No |
NUMBER(1,0) |
NULL |
|
|
AENUM |
No |
NUMBER(1,0) |
NULL |
|
|
AQUERY |
No |
NUMBER(1,0) |
NULL |
|
|
ARCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
ACRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
APRINT |
No |
NUMBER(1,0) |
NULL |
|
|
AMANAGE |
No |
NUMBER(1,0) |
NULL |
|
|
AMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
ASTOP |
No |
NUMBER(1,0) |
NULL |
|
|
APAUSE |
No |
NUMBER(1,0) |
NULL |
|
|
ACONTROL |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOG |
No |
NUMBER(1,0) |
NULL |
|
|
ARESUME |
No |
NUMBER(1,0) |
NULL |
|
|
DREAD |
No |
NUMBER(1,0) |
NULL |
|
|
DWRITE |
No |
NUMBER(1,0) |
NULL |
|
|
DMODIFY |
No |
NUMBER(1,0) |
NULL |
|
|
DCREATE |
No |
NUMBER(1,0) |
NULL |
|
|
DERASE |
No |
NUMBER(1,0) |
NULL |
|
|
DFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
DLANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
DEXEC |
No |
NUMBER(1,0) |
NULL |
|
|
DCHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
DCHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
DCHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
DUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
DSEC |
No |
NUMBER(1,0) |
NULL |
|
|
DKILL |
No |
NUMBER(1,0) |
NULL |
|
|
DCONNECT |
No |
NUMBER(1,0) |
NULL |
|
|
DRENAME |
No |
NUMBER(1,0) |
NULL |
|
|
DPASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
DAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
DXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
DCHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
DCRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
DNOTIFY |
No |
NUMBER(1,0) |
NULL |
|
|
DENUM |
No |
NUMBER(1,0) |
NULL |
|
|
DQUERY |
No |
NUMBER(1,0) |
NULL |
|
|
DRCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
DCRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
DPRINT |
No |
NUMBER(1,0) |
NULL |
|
|
DMANAGE |
No |
NUMBER(1,0) |
NULL |
|
|
DMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
DSTOP |
No |
NUMBER(1,0) |
NULL |
|
|
DPAUSE |
No |
NUMBER(1,0) |
NULL |
|
|
DCONTROL |
No |
NUMBER(1,0) |
NULL |
|
|
DCHOG |
No |
NUMBER(1,0) |
NULL |
|
|
DRESUME |
No |
NUMBER(1,0) |
NULL |
|
The following table describes the attributes of the columns of the GROUPS table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class name |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
Resource object name |
|
ONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Object name of the participated object in the group |
|
CNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Class name of the participated object in the group |
The following table describes the attributes of the columns of the HOLDATE table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Host ID of this record |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class name (must be HOLIDAY) |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
Resource object name |
|
STARTDATE |
Yes |
TIMESTAMP(6) |
NOT NULL |
Starting date of the holiday |
|
ENDDATE |
Yes |
TIMESTAMP(6) |
NOT NULL |
Ending date of the holiday |
|
ALLDAY |
Yes |
NUMBER(1,0) |
NULL |
This holiday is an all day event |
|
EVERYYEAR |
Yes |
NUMBER(1,0) |
NULL |
This holiday occurs every year |
The following table describes the attributes of the columns of the HOSTINFO table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
APPNAME |
No |
NVARCHAR2(24) |
NULL |
Name of security application containing the security data |
|
APPIND |
No |
CHAR(1) |
NULL |
Application Indicator. Indicates which application this record belongs to |
|
APPVERSION |
No |
NVARCHAR2(24) |
NULL |
Version of security application |
|
APPMODE |
No |
CHAR(1) |
NULL |
Processing mode in effect for this record |
|
LOADDATE |
No |
TIMESTAMP(6) |
NULL |
Date that security information was unloaded from security database |
|
BASE_HOSTID |
No |
NVARCHAR2(512) |
NULL |
The containing host id (if exists). |
The following table describes the attributes of the columns of the INETACL table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class name |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
Resource object name |
|
SERVICENAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Service name |
|
PROTOCOLNAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Protocol name |
|
AREAD |
No |
NUMBER(1,0) |
NULL |
|
|
AWRITE |
No |
NUMBER(1,0) |
NULL |
|
|
AMODIFY |
No |
NUMBER(1,0) |
NULL |
|
|
ACREATE |
No |
NUMBER(1,0) |
NULL |
|
|
AERASE |
No |
NUMBER(1,0) |
NULL |
|
|
AFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
ALANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
AEXEC |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
ACHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
ACHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
AUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
ASEC |
No |
NUMBER(1,0) |
NULL |
|
|
AKILL |
No |
NUMBER(1,0) |
NULL |
|
|
ACONNECT |
No |
NUMBER(1,0) |
NULL |
|
|
ARENAME |
No |
NUMBER(1,0) |
NULL |
|
|
APASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
AAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
AXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
ACHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
ACRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
ANOTIFY |
No |
NUMBER(1,0) |
NULL |
|
|
AENUM |
No |
NUMBER(1,0) |
NULL |
|
|
AQUERY |
No |
NUMBER(1,0) |
NULL |
|
|
ARCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
ACRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
APRINT |
No |
NUMBER(1,0) |
NULL |
|
|
AMANAGE |
No |
NUMBER(1,0) |
NULL |
|
|
AMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
ASTOP |
No |
NUMBER(1,0) |
NULL |
|
|
APAUSE |
No |
NUMBER(1,0) |
NULL |
|
|
ACONTROL |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOG |
No |
NUMBER(1,0) |
NULL |
|
|
ARESUME |
No |
NUMBER(1,0) |
NULL |
|
The following table describes the attributes of the columns of the INSERVRNGE table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. AC: Resource object name |
|
MINSERVICE |
Yes |
NUMBER |
NOT NULL |
Minimum port number |
|
MAXSERVICE |
Yes |
NUMBER |
NOT NULL |
Maximum port number |
|
AREAD |
No |
NUMBER(1,0) |
NULL |
|
|
AWRITE |
No |
NUMBER(1,0) |
NULL |
|
|
AMODIFY |
No |
NUMBER(1,0) |
NULL |
|
|
ACREATE |
No |
NUMBER(1,0) |
NULL |
|
|
AERASE |
No |
NUMBER(1,0) |
NULL |
|
|
AFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
ALANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
AEXEC |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
ACHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
ACHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
AUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
ASEC |
No |
NUMBER(1,0) |
NULL |
|
|
AKILL |
No |
NUMBER(1,0) |
NULL |
|
|
ACONNECT |
No |
NUMBER(1,0) |
NULL |
|
|
ARENAME |
No |
NUMBER(1,0) |
NULL |
|
|
APASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
AAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
AXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
ACHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
ACRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
ANOTIFY |
No |
NUMBER(1,0) |
NULL |
|
|
AENUM |
No |
NUMBER(1,0) |
NULL |
|
|
AQUERY |
No |
NUMBER(1,0) |
NULL |
|
|
ARCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
ACRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
APRINT |
No |
NUMBER(1,0) |
NULL |
|
|
AMANAGE |
No |
NUMBER(1,0) |
NULL |
|
|
AMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
ASTOP |
No |
NUMBER(1,0) |
NULL |
|
|
APAUSE |
No |
NUMBER(1,0) |
NULL |
|
|
ACONTROL |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOG |
No |
NUMBER(1,0) |
NULL |
|
|
ARESUME |
No |
NUMBER(1,0) |
NULL |
|
The following table describes the attributes of the columns of the LOCAL_PMD_SUBSCRIBER table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
SUBSCRIBER_HOSTID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Subscriber policy model. Maps to the Subscriber column of the sepmd -L selang command output. |
|
ERRORCOUNT |
No |
NUMBER |
NULL |
Subscription error count. Maps to the Errors column of the sepmd -L selang command output. |
|
STATUS |
No |
NVARCHAR2(256) |
NULL |
Subscription status description. Maps to the Flag column of the sepmd -L selang command output. |
|
OFFSET |
No |
NUMBER |
NULL |
Current subscription offset within the file of distributed policy. Maps to the Offset column of the sepmd -L selang command output. |
|
NEXTCOMMAND |
No |
NVARCHAR2(256) |
NULL |
Current subscription command within the file of distributed policy. Maps to the Next Command column of the sepmd -L selang command output. |
The following table describes the attributes of the columns of the LOGINAPPL table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
LOGINHOW |
No |
NVARCHAR2(256) |
NULL |
The method of login (pseudo, normal, ...). Maps to the LOGINHOW property of the AC class LOGINAPPL. |
|
LOGINPATH |
No |
NVARCHAR2(256) |
NULL |
The full path (or generic path) to the login application. Maps to the LOGINPATH property of the AC class LOGINAPPL. |
|
FNFSPGM |
No |
NUMBER(1,0) |
NULL |
Maps to the loginflag NFSPGM of the LOGINFLAG property of the AC class LOGINAPPL. |
|
FINOGRACE |
No |
NUMBER(1,0) |
NULL |
Maps to the loginflag nograce of the LOGINFLAG property of the AC class LOGINAPPL. |
|
FINOGRACEROOT |
No |
NUMBER(1,0) |
NULL |
Maps to the loginflag nograceroot of the LOGINFLAG property of the AC class LOGINAPPL. |
|
FNOLOGIN |
No |
NUMBER(1,0) |
NULL |
Maps to the loginflag nologin of the LOGINFLAG property of the AC class LOGINAPPL. |
|
SSEID |
No |
NUMBER(1,0) |
NULL |
Maps to the SEID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SSUID |
No |
NUMBER(1,0) |
NULL |
Maps to the SUID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SSGID |
No |
NUMBER(1,0) |
NULL |
Maps to the SGID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SSGRP |
No |
NUMBER(1,0) |
NULL |
Maps to the SGRP login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SFEID |
No |
NUMBER(1,0) |
NULL |
Maps to the FEID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SFUID |
No |
NUMBER(1,0) |
NULL |
Maps to the FUID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SFGID |
No |
NUMBER(1,0) |
NULL |
Maps to the FGID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SFGRP |
No |
NUMBER(1,0) |
NULL |
Maps to the FGRP login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SN3EID |
No |
NUMBER(1,0) |
NULL |
Maps to the N3EID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SN3UID |
No |
NUMBER(1,0) |
NULL |
Maps to the N3UID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SN3GID |
No |
NUMBER(1,0) |
NULL |
Maps to the N3GID login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
|
SN3GRP |
No |
NUMBER(1,0) |
NULL |
Maps to the N3GRP login sequence of the LOGINSEQUENCE property of the AC class LOGINAPPL. |
The following table describes the attributes of the columns of the MEMBEROF table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record |
|
CNAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Class name |
|
ONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Object name |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
The following table describes the attributes of the columns of the MEMBERS table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. AC: Resource object name |
|
CNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Class name of the member |
|
ONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Object name of the member |
The following table describes the attributes of the columns of the NODE table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
KEEPALIVE |
Yes |
TIMESTAMP(6) |
NULL |
Last keepalive time. Maps to the AC property HNODE_KEEP_ALIVE of the AC class HNODE. |
|
VERSION |
Yes |
NUMBER |
NULL |
Node version. Maps to the AC property HNODE_VERSION of the AC class HNODE. |
|
ACID |
Yes |
NVARCHAR2(256) |
NULL |
Unique AC host ID. Maps to the ACID property of the AC class HNODE. |
The following table describes the attributes of the columns of the NODE_ADDRESS table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
ADDRESS |
Yes |
NVARCHAR2(256) |
NOT NULL |
|
The following table describes the attributes of the columns of the NODE_ALIAS table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
ALIAS |
Yes |
NVARCHAR2(256) |
NOT NULL |
Node alias. Maps to a single string within the ALIAS property of the AC class HNODE. |
The following table describes the attributes of the columns of the NODE_DEVIATION table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
DATA |
Yes |
CLOB |
NULL |
Raw deviation data. Maps to the DEVCALC header at the beginning of the DEVCALC output, i.e. all data before the first POLICYSTART tag. |
The following table describes the attributes of the columns of the NODE_SUBSCRIPTION_STATUS table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
PUBLISHERCNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
The publishing node CNAME |
|
SUBSCRIBERCNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
The subscribing node CNAME. Maps to the class name of the Subscriber OID component of the SUBSCRIBER_STATUS property of the AC class HNODE. |
|
PUBLISHERONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
The publishing node ONAME |
|
SUBSCRIBERONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
The subscribing node ONAME. Maps to the object name of the Subscriber OID |
|
STATUS |
No |
NVARCHAR2(256) |
NULL |
Subscription status. Maps to the Status component of the SUBSCRIBER_STATUS property of the AC class HNODE. |
|
LASTSTATUSTIME |
No |
TIMESTAMP(6) |
NULL |
Last status update time. Maps to the Last Status Time component of the SUBSCRIBER_STATUS property of the AC class HNODE. |
The following table describes the attributes of the columns of the PASSWDRULES table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
|
ISSEOS |
Yes |
NUMBER(1,0) |
NOT NULL |
Is this passwdrules record related to a record i n the SEOS table? ISSEOS is 1 if and only if this record is associated with a SEOS record rather than a GROUPINFO record. When ISSEOS is 1, GROUPID and GROUPTYPE are empty |
|
MINLEN |
No |
NUMBER |
NULL |
Minimum length |
|
MAXREP |
No |
NUMBER |
NULL |
Maximum single char repetition |
|
MUSTSMALL |
No |
NUMBER |
NULL |
Must contain small chars |
|
MUSTCAPITAL |
No |
NUMBER |
NULL |
Must contain capitals |
|
MUSTNUM |
No |
NUMBER |
NULL |
Must contain numbers |
|
MUSTOTH |
No |
NUMBER |
NULL |
Must contain other chars |
|
MUSTALFA |
No |
NUMBER |
NULL |
Must contain at least # alfa chars |
|
MUSTALFAN |
No |
NUMBER |
NULL |
Must contain at least # alfanum chars |
|
SUBNAME |
No |
NUMBER |
NULL |
Must not be username's sub string |
|
SUBOLD |
No |
NUMBER |
NULL |
Must not be old passwd sub string |
|
SUBSTRLEN |
No |
NUMBER |
NULL |
Max len of repeated sub-string in pwd |
|
SUBSTRREP |
No |
NUMBER |
NULL |
Max repetition of a sub-string |
|
PASSWDLIFE |
No |
NUMBER |
NULL |
Default # of days between pwds changes |
|
GRACELOGINS |
No |
NUMBER |
NULL |
# of grace logins after pwd expiration |
|
USERBLOCKMIN |
No |
NUMBER |
NULL |
# of minutes to block user on password |
|
WRONGPASS |
No |
NUMBER |
NULL |
# of wrong pwds tries before set EXPIRE |
|
HISTORY |
No |
NUMBER |
NULL |
History length |
|
MINTIME |
No |
NUMBER |
NULL |
Minimum time (days?) between changes |
|
MAXLEN |
No |
NUMBER |
NULL |
Maximum length |
|
DICTFORMAT |
No |
NUMBER |
NULL |
Select the dictionary format |
|
BIDIRECTIONAL |
No |
NUMBER |
NULL |
Enable or disable bidirectional password encryption. If bidirectional password encryption is enabled, each new password is encrypted and can be decrypted back to clear text. This encryption gives a wider comparison between new passwords and old passwords (password history). When bidirectional encryption is disabled, one-way password history encryption is activated, and you cannot decrypt old passwords |
The following table describes the attributes of the columns of the POLICY table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
NAME |
Yes |
NVARCHAR2(256) |
NULL |
The logical name of the policy. Maps to the AC property POLICY_BASE_NAME of the AC class POLICY. |
|
VERSION |
Yes |
NUMBER |
NULL |
An integer, representing the policy version. Policy versions are consecutive numbers, starting from 1. Maps to the AC property POLICY_VERSION of the AC class POLICY. |
|
FINALIZE |
No |
NUMBER(1,0) |
NULL |
Is the policy finalized (i.e. deployable?). Maps to the AC property FINALIZE of the AC class POLICY. |
|
EXTENDED_SIGNATURE |
No |
NVARCHAR2(256) |
NULL |
FIPS 140-2 compliant SHA1 policy signature. Maps to the EXTENDED_SIGNATURE property of the AC class POLICY. |
|
SIGNATURE |
No |
NVARCHAR2(256) |
NULL |
Policy signature. Maps to the SIGNATURE property of the AC class POLICY. |
The following table describes the attributes of the columns of the POLICY_DEVIATION table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
NODE_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. |
|
NODE_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. AC: Resource object name |
|
DEVIATION_INDEX |
Yes |
NUMBER |
NOT NULL |
The deviation row sequencial number, starting at 0 for each policy. Maps to the line number of this deviation row, relative to the most recent POLICYSTART tag in the DEVCALC output. |
|
DEVIATED_CLASS |
No |
NVARCHAR2(256) |
NULL |
The deviated class. Maps to the 2nd token of a DIFF line in DEVCALC output. A value of null maps to the value (*) in the DEVCALC output. |
|
DEVIATED_OBJECT |
No |
NVARCHAR2(256) |
NULL |
The deviated object. Maps to the 3rd token of a DIFF line in DEVCALC output. A value of null maps to the value (*) in the DEVCALC output. |
|
DEVIATED_PROPERTY |
No |
NVARCHAR2(256) |
NULL |
The deviated property. Maps to the 4th token of a DIFF line in DEVCALC output. A value of null maps to the value (*) in the DEVCALC output. |
|
DEVIATED_VALUE |
No |
NVARCHAR2(256) |
NULL |
The deviated value. Maps to the 5th token of a DIFF line in DEVCALC output. A value of null maps to the value (*) in the DEVCALC output. |
|
DEVIATION_DATA |
No |
CLOB |
NULL |
For deviation rows that their type is known (i.e. unlike 'UNKNOWN_%'), this value maps to the 1st token of a DIFF line in DEVCALC output, e.g. 'DIFF'. For other deviation rows, this field contains the entire DEVCALC line as-is. |
|
DEVIATION_TYPE |
No |
NVARCHAR2(256) |
NULL |
The type of the deviation, in the format A_B where: A = EXPECTED or UNEXPECTED or UNKNOWN B = CLASS or OBJECT or PROPERTY or VALUE or GENERIC |
The following table describes the attributes of the columns of the POLICY_GROUP table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
LATEST_FIN_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the OID AC property LATEST_FINALIZED_VERSION of the GPOLICY class. |
|
LATEST_FIN_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the OID AC property LATEST_FINALIZED_VERSION of the GPOLICY class. |
|
LATEST_RESCLASS |
No |
NVARCHAR2(80) |
NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the OID AC property LATEST_VERSION of the GPOLICY class. |
|
LATEST_RULEKEY |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the OID AC property LATEST_VERSION of the GPOLICY class. |
The following table describes the attributes of the columns of the POLICY_GROUP_DEPENDENCY table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
DEP_ON_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
DEP_ON_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
The following table describes the attributes of the columns of the POLICY_GROUP_NODE_ASSIGNMENT table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
POLICYGRP_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
POLICYGRP_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
NODE_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. If this field equals 'HNODE', this is a node assignment. If this field equals 'GHNODE', this is a node-group assignment. |
|
NODE_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. AC: Resource object name |
The following table describes the attributes of the columns of the POLICY_RULESET table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
POLICY_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
POLICY_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
RULESET_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULESET_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
The following table describes the attributes of the columns of the POLICY_STATUS table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
NODE_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
NODE_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
POLICY_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
POLICY_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
UPDATORTYPE |
Yes |
NVARCHAR2(80) |
NULL |
The class of this user: USER, XUSER |
|
UPDATORID |
Yes |
NVARCHAR2(256) |
NULL |
Identifier for this object on this system. |
|
STATUS |
No |
NVARCHAR2(256) |
NULL |
The policy status: APPROVED, REJECTED, PROCESSING. |
|
DEVSTATE |
No |
NVARCHAR2(20) |
NULL |
Deviation state: UNSET, YES, NO |
|
LASTDEVTIME |
No |
TIMESTAMP(6) |
NULL |
Last deviation calculation time |
|
LASTSTATUSTIME |
No |
TIMESTAMP(6) |
NULL |
Last time status was set |
|
UPDATORNAME |
No |
NVARCHAR2(256) |
NULL |
Policy updator name. Maps to the UpdatorName member of the POLICY_STATUS property of the AC class POLICY. |
|
UPDATORID |
No |
NVARCHAR2(256) |
NULL |
Updator object name. Maps to the ONAME component of the Updator member of the POLICY_STATUS property of the AC class POLICY. |
|
UPDATORTYPE |
No |
NVARCHAR2(256) |
NULL |
Updator object name. Maps to the CNAME component of the Updator member of the POLICY_STATUS property of the AC class POLICY. |
The following table describes the attributes of the columns of the POLICYMODELINFO table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
INITIAL_POLICY_OFFSET |
No |
NUMBER |
NULL |
For the local node, this maps to the initial policy offset as provided by the sepmd -L selang command. |
|
LAST_POLICY_OFFSET |
No |
NUMBER |
NULL |
For the local node, this maps to the last policy offset as provided by the sepmd -L selang command. |
The following table describes the attributes of the columns of the RAUDIT table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. AC: Resource object name |
|
AUDITSUCCESS |
Yes |
NUMBER(1,0) |
NULL |
AC logs authorized accesses to the resource |
|
AUDITFAILURE |
Yes |
NUMBER(1,0) |
NULL |
AC logs detected unauthorized access attempts |
|
DEBUG |
No |
NUMBER(1,0) |
NULL |
Log since in debug mode |
|
TRUST |
No |
NUMBER(1,0) |
NULL |
Audit trust events |
The following table describes the attributes of the columns of the RESAC table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
DESCRIPTION |
No |
NVARCHAR2(256) |
NULL |
Description / comment of the record. Maps to the AC property COMMENT of the relevant AC resource class. |
|
CALENDAR |
No |
NVARCHAR2(256) |
NULL |
Specifies Unicenter TNG calendar objects, which represent time restrictions in Unicenter TNG. AC maintains a list of these objects for management purposes only, but doesn't protect them. Maps to the AC property CALENDAR of the relevant AC resource class. |
|
NOTIFY |
No |
NVARCHAR2(256) |
NULL |
Instructs AC to send notification messages whenever the resource represented by the resource record is accessed. Enter a user name, an email address of a user, or the email address of a mail group if an alias is specified. Maps to the AC property NOTIFY of the relevant AC resource class. |
|
SECLABEL |
No |
NVARCHAR2(256) |
NULL |
A security label represents an association between a particular security level and zero or more security categories. Maps to the AC property SECLABEL of the relevant AC resource class. |
|
SECLEVEL |
No |
NUMBER |
NULL |
Security level. Maps to the AC property SECLEVEL of the relevant AC resource class. |
|
CRETIME |
No |
TIMESTAMP(6) |
NULL |
Create time. Maps to the AC property CREATE_TIME of the relevant AC resource class. |
|
WARNING |
No |
NUMBER(1,0) |
NULL |
Specifies that, even if an accessor's authority is insufficient to access the resource, AC is to allow access to the resource. However, AC writes a warning message in the audit log. Maps to the AC property WARNING of the relevant AC resource class. |
|
UNTRUST |
No |
NUMBER(1,0) |
NULL |
Indicates whether the program is trusted or not. If this property is set, no one can run the program. If this property is not set, the other properties listed in the database for the program are used to determine whether the user is authorized to run the program. If a trusted program is changed in any way, AC automatically sets this property. Maps to the AC property UNTRUST of the relevant AC resource class, such as PROGRAM, SECFILE and HOST. |
|
ETHINFO |
No |
NVARCHAR2(256) |
NULL |
Ethernet information for an host. Maps to the AC property ETHINFO of the AC resource class HOST. |
|
NETMATCH |
No |
NVARCHAR2(256) |
NULL |
IP address match. Maps to the NetworkMatch component of the AC property INMASKMATCH of the AC resource class HOSTNET. |
|
NETMASK |
No |
NVARCHAR2(256) |
NULL |
IP address mask. Maps to the Mask component of the AC property INMASKMATCH of the AC resource class HOSTNET. |
|
AAUDIT |
No |
NVARCHAR2(256) |
NULL |
Displays the type of activity that eTrust AC is auditing. Maps to the AC property AAUDIT of the AC resource class ADMIN. |
|
UNTRUSTREASON |
No |
NVARCHAR2(256) |
NULL |
In UNIX dbdump only. Maps to the AC property UNTRUSTREASON of the AC resource classes PROGRAM, SECFILE. |
|
ACCSWHO |
No |
NUMBER(20,0) |
NULL |
Access object name. The administrator who last accessed the record. Maps to the AC property ACCSWHO of the AC resource class PROGRAM. For Unix, contains UIDs (numeric values). For Windows, contains user names. |
|
ACCSTIME |
No |
TIMESTAMP(6) |
NULL |
Access object time (UNIX only) The date and time the record was last accessed. Maps to the AC property ACCSTIME of the AC resource class PROGRAM. |
|
BLOCKRUN |
No |
NUMBER(1,0) |
NULL |
Block run. Maps to the AC property BLOCKRUN of the AC resource class PROGRAM. |
|
UNIXUID |
No |
NVARCHAR2(256) |
NULL |
UNIX UID. Maps to the AC property UNIXUID of the AC resource class SPECIALPGM. |
|
INTERACTIVE |
No |
NUMBER(1,0) |
NULL |
Interactive. This switch should be marked when the application you intend to run via sesudo is an interactive Windows application (such as notepad.exe, cmd.exe) and not a service application. If you are trying to run an interactive application via sesudo client command and if it is not marked as 'interactive', it runs at the background without the ability to interact with it. Maps to the AC property INTERACTIVE of the AC resource class SUDO. |
|
TARGUSRCNAME |
No |
NVARCHAR2(80) |
NULL |
Specifies the name of the user whose authority will be borrowed by the SUDO class for executing the command. Default is administrator (for SUDO class). Maps to the CNAME of the AC property TARGUSR of the AC resource class SUDO (UNIX only). |
|
TARGUSRONAME |
No |
NVARCHAR2(256) |
NULL |
Maps to the ONAME of the AC property TARGUSR of the AC resource class SUDO (UNIX only). |
|
PASSWDREQ |
No |
NUMBER(1,0) |
NULL |
Password required. Indicates whether the sesudo command requests the target user password before executing. Maps to the AC property PASSWDREQ of the AC resource class SUDO (UNIX only). |
|
FILEPATH |
No |
NVARCHAR2(256) |
NULL |
Maps to the AC property FILEPATH of the AC resource class KMODULE. |
The following table describes the attributes of the columns of the RESINFO table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
PREFIX |
No |
NVARCHAR2(40) |
NULL |
CA ACF2 only: Prefix field in rule set. |
|
OWNERCNAME |
No |
NVARCHAR2(80) |
NULL |
This is the class of the owner of this resource. The owner of the resource record has unrestricted access to the resource, provided the owner's security level, security label, and security category authorities are sufficient to allow access to the resource. The owner of the resource is always permitted to update and delete the resource record. A value of 'GROUP' or 'XGROUP' means that the related record is in the GROUPINFO table. 'USER' or 'XUSER' means that it is in the USERINFO table. Maps to the CNAME of the OWNER property of the relevant AC resource class. |
|
OWNERONAME |
No |
NVARCHAR2(256) |
NULL |
This is the object name of the owner of this resource. Maps to the ONAME of the OWNER property of the relevant AC resource class. |
|
OWNRTYPE |
No |
CHAR(1) |
NULL |
Indicates if the owner of this resource is a user (U) or a role (R). Maps to the first character of the CNAME of the OWNER property of the relevant AC resource class. |
|
RESOWNER |
No |
NVARCHAR2(256) |
NULL |
CA ACF2: $RESOWNER value from rule set. CA Top Secret: SMS RESOWNER. |
|
RULEOWNER |
No |
NVARCHAR2(256) |
NULL |
CA ACF2 only. $OWNER value from rule set. |
|
ADMINBYCNAME |
No |
NVARCHAR2(80) |
NULL |
CA ACF2 and AC: The class of the administrator who made last change to this rule set. A value of 'GROUP' or 'XGROUP' means that the related record is in the GROUPINFO table. 'USER' or 'XUSER' means that it is in the USERINFO table. Maps to the CNAME of the UPDATE_WHO property of the relevant AC resource class. |
|
ADMINBYONAME |
No |
NVARCHAR2(256) |
NULL |
The object name of the administrator who made last change to this rule set. Maps to the ONAME of the UPDATE_WHO property of the relevant AC resource class. |
|
ADMINDATE |
No |
TIMESTAMP(6) |
NULL |
CA ACF2 and AC. Date of last change to this rule set. Maps to the AC property UPDATE_TIME of the relevant AC resource class. |
|
USERDATA |
No |
NVARCHAR2(256) |
NULL |
CA ACF2 only. $USERDATA value from rule set. |
|
ON_BEHALF_OF |
No |
NVARCHAR2(256) |
NULL |
The effective user ID. Maps to the AC property ON_BEHALF_OF of various AC classes such as DEPLOYMENT, GDEPLOYMENT, HNODE, GHNODE, POLICY, GPOLICY, RULEKEY |
The following table describes the attributes of the columns of the RULESET table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA TOP SECRET: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
FINALIZE |
No |
NUMBER(1,0) |
NULL |
Is this ruleset finalized (i.e. deployable?). Maps to the AC property FINALIZE of the AC class RULESET. |
|
EXTENDED_SIGNATURE |
No |
NVARCHAR2(256) |
NULL |
FIPS 140-2 compliant SHA1 ruleset signature. Maps to the EXTENDED_SIGNATURE property of the AC class RULESET. |
|
SIGNATURE |
No |
NVARCHAR2(256) |
NULL |
Ruleset signature. Maps to the SIGNATURE property of the AC class RULESET. |
The following table describes the attributes of the columns of the RULESET_COMMAND table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RULESET_RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. Maps to the CNAME of the resource's AC OID. |
|
RULESET_RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. Maps to the ONAME of the resource's AC OID. |
|
COMMANDIDX |
Yes |
NUMBER |
NOT NULL |
Ruleset commands are ordered. This column represents the position of the command in a sequence of commands. Maps to the command-index component of the AC property RULESET_DO/UNDOCMDS of the AC class RULESET (see COMMANDTYPE column for more details) |
|
COMMANDTYPE |
Yes |
NVARCHAR2(20) |
NOT NULL |
The type of the command: do, undo. If the type is 'do', this record maps to a command inside the AC property RULESET_DOCMDS of the AC class RULESET. If the type is 'undo', the record maps to the RULESET_UNDOCMDS property instead. |
|
COMMANDSTR |
Yes |
NVARCHAR2(256) |
NULL |
The command string. Maps to the command-string component of the AC property RULESET_DO/UNDOCMDS of the AC class RULESET (see COMMANDTYPE column for more details) |
The following table describes the attributes of the columns of the SEOS table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
LASTSTARTUP |
No |
TIMESTAMP(6) |
NULL |
Host last startup time. Maps to the AC property STARTTIME of the AC class SEOS. |
|
LASTSHUTDOWN |
No |
TIMESTAMP(6) |
NULL |
Host last shutdown time. Maps to the AC property ENDTIME of the AC class SEOS. |
|
UPDATEDBY |
No |
NVARCHAR2(256) |
NULL |
Last updated by object name. Maps to the ONAME of the AC property UPDATE_WHO of the AC class SEOS. |
|
UPDATETIME |
No |
TIMESTAMP(6) |
NULL |
Last update time. Maps to the AC property UPDATE_TIME of the AC class SEOS. |
|
INACTIVEDAYS |
No |
NUMBER |
NULL |
Number of inactive days. Maps to the AC property INACT of the AC class SEOS. |
|
ACCUMACL |
No |
NUMBER(1,0) |
NULL |
Accumulate ACL and PACL. Maps to the AC property ACCPACL of the AC class SEOS. |
|
ACCUMGRPRIGHTS |
No |
NUMBER(1,0) |
NULL |
Accumulate group rights. Maps to the AC property GRACCR of the AC class SEOS. |
|
ADMINPWDCHANGE |
No |
NUMBER(1,0) |
NULL |
Administrator password change. Maps to the AC property CNG_ADMIN_PWD of the AC class SEOS. |
|
OWNPWDCHANGE |
No |
NUMBER(1,0) |
NULL |
Own password change. Maps to the AC property CNG_OWN_PWD of the AC class SEOS. |
|
ISDMA |
No |
NUMBER(1,0) |
NULL |
Is it DMA host. Maps to the AC property ISDMA of the AC class SEOS. |
|
ISDMS |
No |
NUMBER(1,0) |
NULL |
Is it DMS host. Maps to the AC property ISDMS of the AC class SEOS. |
|
ISDH |
No |
NUMBER(1,0) |
NULL |
Distribution Host (DH) Maps to the AC property ISDH of the AC class SEOS. |
|
DMS |
No |
NVARCHAR2(256) |
NULL |
DMS host name. Maps to the AC property DMS of the AC class SEOS. |
|
CADMIN |
No |
NUMBER(1,0) |
NULL |
Class activation: ADMIN. Maps to the AC property ADMIN of the AC class SEOS. |
|
CAPPL |
No |
NUMBER(1,0) |
NULL |
Class activation: APPL. Maps to the AC property APPL of the AC class SEOS. |
|
CAUTHHOST |
No |
NUMBER(1,0) |
NULL |
Class activation: AUTHHOST. Maps to the AC property AUTHHOST of the AC class SEOS. |
|
CCALENDAR |
No |
NUMBER(1,0) |
NULL |
Class activation: CALENDAR. Maps to the AC property CALENDAR of the AC class SEOS. |
|
CCATEGORY |
No |
NUMBER(1,0) |
NULL |
Class activation: CATEGORY. Maps to the AC property CATEGORY of the AC class SEOS. |
|
CCONNECT |
No |
NUMBER(1,0) |
NULL |
Class activation: CONNECT. Maps to the AC property CONNECT of the AC class SEOS. |
|
CDEPLOYMENT |
No |
NUMBER(1,0) |
NULL |
Class activation: DEPLOYMENT. Maps to the AC property DEPLOYMENT of the AC class SEOS. |
|
CDICTIONARY |
No |
NUMBER(1,0) |
NULL |
Class activation: DICTIONARY. Maps to the AC property DICTIONARY of the AC class SEOS. |
|
CDOMAIN |
No |
NUMBER(1,0) |
NULL |
Class activation: DOMAIN. Maps to the AC property DOMAIN of the AC class SEOS. |
|
CFILE |
No |
NUMBER(1,0) |
NULL |
Class activation: FILE. Maps to the AC property FILE of the AC class SEOS. |
|
CHNODE |
No |
NUMBER(1,0) |
NULL |
Class activation: HNODE. Maps to the AC property HNODE of the AC class SEOS. |
|
CHOLIDAY |
No |
NUMBER(1,0) |
NULL |
Class activation: HOLIDAY. Maps to the AC property HOLIDAY of the AC class SEOS. |
|
CHOST |
No |
NUMBER(1,0) |
NULL |
Class activation: HOST. Maps to the AC property HOST of the AC class SEOS. |
|
CKMODULE |
No |
NUMBER(1,0) |
NULL |
Class activation: KMODULE. Maps to the AC property KMODULE of the AC class SEOS. |
|
CMFTERMINAL |
No |
NUMBER(1,0) |
NULL |
Class activation: MFTERMINAL. Maps to the AC property MFTERMINAL of the AC class SEOS. |
|
CPASSWORD |
No |
NUMBER(1,0) |
NULL |
Class activation: PASSWORD. Maps to the AC property PASSWORD of the AC class SEOS. |
|
CPOLICY |
No |
NUMBER(1,0) |
NULL |
Class activation: POLICY. Maps to the AC property POLICY of the AC class SEOS. |
|
CPROGRAM |
No |
NUMBER(1,0) |
NULL |
Class activation: PROGRAM. Maps to the AC property PROGRAM of the AC class SEOS. |
|
CPROCESS |
No |
NUMBER(1,0) |
NULL |
Class activation: PROCESS. Maps to the AC property PROCESS of the AC class SEOS. |
|
CPWPOLICY |
No |
NUMBER(1,0) |
NULL |
Class activation: PWPOLICY. Maps to the AC property PWPOLICY of the AC class SEOS. |
|
CREGKEY |
No |
NUMBER(1,0) |
NULL |
Class activation: REGKEY. Maps to the AC property REGKEY of the AC class SEOS. |
|
CREGVAL |
No |
NUMBER(1,0) |
NULL |
Class activation: REGVAL. Maps to the AC property REGVAL of the AC class SEOS. |
|
CRULESET |
No |
NUMBER(1,0) |
NULL |
Class activation: RULESET. Maps to the AC property RULESET of the AC class SEOS. |
|
CSECLABEL |
No |
NUMBER(1,0) |
NULL |
Class activation: SECLABEL. Maps to the AC property SECLABEL of the AC class SEOS. |
|
CSECLEVEL |
No |
NUMBER(1,0) |
NULL |
Class activation: SECLEVEL. Maps to the AC property SECLEVEL of the AC class SEOS. |
|
CSPECIALPGM |
No |
NUMBER(1,0) |
NULL |
Class activation: SPECIALPGM. Maps to the AC property SPECIALPGM of the AC class SEOS. |
|
CSUDO |
No |
NUMBER(1,0) |
NULL |
Class activation: SUDO. Maps to the AC property SUDO of the AC class SEOS. |
|
CSURROGATE |
No |
NUMBER(1,0) |
NULL |
Class activation: SURROGATE. Maps to the AC property SURROGATE of the AC class SEOS. |
|
CTCP |
No |
NUMBER(1,0) |
NULL |
Class activation: TCP. Maps to the AC property TCP of the AC class SEOS. |
|
CTERMINAL |
No |
NUMBER(1,0) |
NULL |
Class activation: TERMINAL. Maps to the AC property TERMINAL of the AC class SEOS. |
|
CUSER_DIR |
No |
NUMBER(1,0) |
NULL |
Class activation: USER_DIR. Maps to the AC property USER_DIR of the AC class SEOS. |
|
CWEBSERVICE |
No |
NUMBER(1,0) |
NULL |
Class activation: WEBSERVICE. Maps to the AC property WEBSERVICE of the AC class SEOS. |
|
CWINSERVICE |
No |
NUMBER(1,0) |
NULL |
Windows only: Class activation: WINSERVICE. Maps to the AC property WINSERVICE of the AC class SEOS. |
|
CDAYTIMERES |
No |
NUMBER(1,0) |
NULL |
UNIX only: whether to check time restrictions. Maps to the AC property DAYTIMERES of the AC class SEOS. |
|
CLOGINAPPL |
No |
NUMBER(1,0) |
NULL |
UNIX only. Maps to the AC property LOGINAPPL of the AC class SEOS. |
|
MAXLOGINS |
No |
NUMBER |
NULL |
Maximum number of logins in effect. Maps to the AC property MAXLOGINS of the AC class SEOS. |
|
PROHIBITED |
No |
NVARCHAR2(256) |
NULL |
Maps to the AC property PROHIBITED of the AC class SEOS. |
|
ACID |
No |
NVARCHAR2(256) |
NULL |
Unique AC host ID. Maps to the ACID property of the AC class SEOS. This is used to identify a node in the NODE table with the same ACID. |
The following table describes the attributes of the columns of the SEOSSYSCALL table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
INTERCEPTEDSYSCALLS |
No |
NUMBER(20,0) |
NULL |
Number of intercepted syscalls |
|
NONBLOCKINGSYSCALLS |
No |
NUMBER(1,0) |
NULL |
Number of not "dangerous" intecepted syscalls |
|
ISOVERFLOW |
No |
NUMBER(20,0) |
NULL |
1, if allocated buffer is too small |
|
THRESHOLDTIME |
No |
NUMBER(20,0) |
NULL |
"Dangerous" time of the syscall (sec) |
|
ALWAYSEXITSCRIPT |
No |
NUMBER(1,0) |
NULL |
1 if exists SEOS_unload_int.always |
|
OPTIONALEXITSCRIPT |
No |
NUMBER(1,0) |
NULL |
1 if exists SEOS_unload_int.opt |
|
USETRIPACCEPT |
No |
NUMBER(1,0) |
NULL |
1 if use_tripAccept token is "yes" |
|
TRIPACCEPT |
No |
NUMBER(1,0) |
NULL |
1 if exists bin/tripAccept |
|
NOVELLZMD |
No |
NUMBER(1,0) |
NULL |
1 if exists /etc/init.d/novell-zmd |
|
XM |
No |
NUMBER(1,0) |
NULL |
1 if exists /usr/sbin/xm |
|
NSCD |
No |
NUMBER(1,0) |
NULL |
1 if exists /etc/init.d/nscd |
The following table describes the attributes of the columns of the SNAPSHOTINFO table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
DUMPSTARTTIME |
No |
TIMESTAMP(6) |
NULL |
Snapshot start time |
|
DUMPENDTIME |
No |
TIMESTAMP(6) |
NULL |
Snapshot end time |
|
STATUS |
No |
CHAR(1) |
NULL |
Snapshot status |
|
SNAPSHOTTIME |
No |
TIMESTAMP(6) |
NULL |
|
|
SNAPSHOTTYPE |
No |
NVARCHAR2(256) |
NULL |
|
|
SNAPSHOTNAME |
No |
NVARCHAR2(256) |
NULL |
|
|
OS |
No |
NVARCHAR2(100) |
NULL |
|
|
ACVERSION |
No |
NVARCHAR2(50) |
NULL |
|
|
ACVERSIONNUM1 |
No |
NUMBER(20,0) |
NULL |
|
|
ACVERSIONNUM2 |
No |
NUMBER(20,0) |
NULL |
|
|
ACVERSIONNUM3 |
No |
NUMBER(20,0) |
NULL |
|
|
ACVERSIONNUM4 |
No |
NUMBER(20,0) |
NULL |
|
The following table describes the attributes of the columns of the SPECIALPGMTYPE table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. AC: Resource object name |
|
TMAIL |
No |
NUMBER(1,0) |
NULL |
|
|
TBACKUP |
No |
NUMBER(1,0) |
NULL |
|
|
TXDM |
No |
NUMBER(1,0) |
NULL |
|
|
TDCM |
No |
NUMBER(1,0) |
NULL |
|
|
TPBF |
No |
NUMBER(1,0) |
NULL |
|
|
TPBN |
No |
NUMBER(1,0) |
NULL |
|
|
TPROPAGATE |
No |
NUMBER(1,0) |
NULL |
(r12.0 SP1) |
|
TSTOP |
No |
NUMBER(1,0) |
NULL |
|
|
TSURR |
No |
NUMBER(1,0) |
NULL |
|
|
TREG |
No |
NUMBER(1,0) |
NULL |
|
|
TRESTRICTED |
No |
NUMBER(1,0) |
NULL |
|
The following table describes the attributes of the columns of the SYSCALL table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
PID |
Yes |
NUMBER(20,0) |
NOT NULL |
Key: process pid |
|
PARENTPID |
No |
NUMBER(20,0) |
NULL |
parent process ID |
|
USERID |
No |
NUMBER(20,0) |
NULL |
real user ID |
|
GROUPID |
No |
NUMBER(20,0) |
NULL |
Group ID |
|
INTERCEPTEDPGM |
No |
NVARCHAR2(256) |
NULL |
program name |
|
INTERCEPTEDTIME |
No |
NUMBER(20,0) |
NULL |
Life time of the syscall |
|
SYSCALLNUM |
No |
NUMBER(20,0) |
NULL |
System call number |
|
ISBLOCKING |
No |
NUMBER(1,0) |
NULL |
1 if syscall is dangerous |
The following table describes the attributes of the columns of the SYSCALLUSERSPECIALPGM table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
SAFEPGM |
Yes |
NVARCHAR2(256) |
NOT NULL |
|
The following table describes the attributes of the columns of the UACC table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
RESCLASS |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class of the entity that the permission applies to. |
|
RULEKEY |
Yes |
NVARCHAR2(256) |
NOT NULL |
CA ACF2: Rule set key of rule where permission is found. CA Top Secret: Owned Resource mask for this resource. AC: Resource object name |
|
AREAD |
No |
NUMBER(1,0) |
NULL |
|
|
AWRITE |
No |
NUMBER(1,0) |
NULL |
|
|
AMODIFY |
No |
NUMBER(1,0) |
NULL |
|
|
ACREATE |
No |
NUMBER(1,0) |
NULL |
|
|
AERASE |
No |
NUMBER(1,0) |
NULL |
|
|
AFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
ALANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
AEXEC |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
ACHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
ACHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
AUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
ASEC |
No |
NUMBER(1,0) |
NULL |
|
|
AKILL |
No |
NUMBER(1,0) |
NULL |
|
|
ACONNECT |
No |
NUMBER(1,0) |
NULL |
|
|
ARENAME |
No |
NUMBER(1,0) |
NULL |
|
|
APASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
AAUTHORIZED |
No |
CHAR(18) |
NULL |
|
|
AXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
ACHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
ACRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
ANOTIFY |
No |
NUMBER(1,0) |
NULL |
|
|
AENUM |
No |
NUMBER(1,0) |
NULL |
|
|
AQUERY |
No |
NUMBER(1,0) |
NULL |
|
|
ARCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
ACRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
APRINT |
No |
NUMBER(1,0) |
NULL |
|
|
AMANAGE |
No |
NUMBER(1,0) |
NULL |
|
|
AMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
ASTOP |
No |
NUMBER(1,0) |
NULL |
|
|
APAUSE |
No |
NUMBER(1,0) |
NULL |
|
|
ACONTROL |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOG |
No |
NUMBER(1,0) |
NULL |
|
|
ARESUME |
No |
NUMBER(1,0) |
NULL |
|
The following table describes the attributes of the columns of the USERAC table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
USERID |
Yes |
NVARCHAR2(256) |
NOT NULL |
User ID (name) of this record. Maps to the AC OID of the USER/XUSER object. |
|
USERTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The AC class of this user: USER, XUSER. |
|
DESCRIPTION |
No |
NVARCHAR2(256) |
NULL |
Description / comment of this user. Maps to the AC property COMMENT of the USER/XUSER class. |
|
PROFILE |
No |
NVARCHAR2(256) |
NULL |
A string that specifies a path to the user's profile. This string can include a local absolute path, or a UNC path. Maps to the ONAME of the AC property PROFILE of the USER/XUSER class. |
|
GRACELOGIN |
No |
NUMBER |
NULL |
The number of grace logins a user has after a password expires. When the number of grace logins is exceeded, the user is denied access to the system and must contact the system administrator for a new password. Maps to the AC property GRACELOGIN of the USER/XUSER class. |
|
MAXLOGINS |
No |
NUMBER |
NULL |
Sets the maximum number of terminals the user can log in to at the same time. A value of 0 (zero) means that the user can log in from any number of terminals concurrently. Maps to the AC property MAXLOGINS of the USER/XUSER class. |
|
INACTIVE |
No |
NUMBER |
NULL |
Specifies the number of days that must pass before the system changes the user to inactive. When the number of days is reached, the user cannot log in. Maps to the AC property INACTIVE of the USER/XUSER class. |
|
SUSPENDDATE |
No |
DATE |
NULL |
Disables a user record, but leaves it defined in the database. A user cannot use a suspended user account to log in to the system. Maps to the AC property SUSPEND_DATE of the USER/XUSER class. |
|
SUSPENDWHOCNAME |
No |
NVARCHAR2(80) |
NULL |
The administrator who activated the suspend date. Maps to the CNAME of the AC property SUSPEND_WHO of the USER/XUSER class. |
|
SUSPENDWHOONAME |
No |
NVARCHAR2(256) |
NULL |
Identifier for this object on this system. Maps to the ONAME of the AC property SUSPEND_WHO of the USER/XUSER class. |
|
RESUMEDATE |
No |
DATE |
NULL |
Enables a user record that was disabled by specifying the suspend parameter. Maps to the AC property RESUME_DATE of the USER/XUSER class. |
|
LUTERMINAL |
No |
NVARCHAR2(256) |
NULL |
Last update from terminal. Maps to the AC property LAST_ACC_TERM of the USER/XUSER class. |
|
PASSWDINT |
No |
NUMBER |
NULL |
Sets the number of days that must pass after the password was set or changed before the system prompts the user for a new password. Maps to the AC property PASSWD_INT of the USER/XUSER class. |
|
PASSWDLAC |
No |
TIMESTAMP(6) |
NULL |
The date and time on which an administrator last updated the password. Maps to the AC property PASSWD_L_A_C of the USER/XUSER class. |
|
PASSWDLC |
No |
TIMESTAMP(6) |
NULL |
The date and time on which the user last updated the password. Maps to the AC property PASSWD_L_C of the USER/XUSER class. |
|
PASSWDACW |
No |
NVARCHAR2(256) |
NULL |
The ADMIN user who last changed the user password for this record. Maps to the AC property PASSWD_A_C_W of the USER/XUSER class. |
|
MINTIME |
No |
NUMBER |
NULL |
The minimum number of days that must pass before the user is allowed to change the password again. Maps to the AC property MIN_TIME of the USER/XUSER class. |
|
POLICYMODEL |
No |
NVARCHAR2(256) |
NULL |
Specifies that when a user changes a password with the utility sepass, eTrust AC will propagate the new password to the specified Policy Model (pmdbName). The password is not sent to the Policy Model defined by the parent_pmd or passwd_pmd values in the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustAccessControl\eTrustAccessControl. Maps to the AC property POLICYMODEL of the USER/XUSER class. |
|
SESSIONGROUP |
No |
NVARCHAR2(256) |
NULL |
Used by Single Sign-On. This property assigns an SSO session group to a user. The SESSION_GROUP property is a string with a maximum length of 16 characters. Maps to the AC property SESSION_GROUP of the USER/XUSER class. |
|
LOGINSTATUS |
No |
NVARCHAR2(256) |
NULL |
Login status |
|
PWDNEXTCHGINDAYS |
No |
NUMBER |
NULL |
Password next change in days |
|
APPLISTTIME |
No |
TIMESTAMP(6) |
NULL |
Maps to the AC property APPLIST_TIME of the USER/XUSER class. |
|
AUTHNMTHD |
No |
NVARCHAR2(256) |
NULL |
Authentication method. Maps to the AC property AUTHNMTHD of the USER/XUSER class. |
|
BADPASSWD |
No |
NUMBER |
NULL |
Number of bad password attempts. Maps to the AC property BADPASSWD of the USER/XUSER class. |
|
CALENDAR |
No |
NVARCHAR2(256) |
NULL |
Specifies Unicenter TNG calendar objects, which represent time restrictions in Unicenter TNG. AC maintains a list of these objects for management purposes only, but doesn't protect them. Maps to the AC property CALENDAR of the USER/XUSER class. |
|
UPDTIME |
No |
TIMESTAMP(6) |
NULL |
The date and time the record was last modified. Maps to the AC property UPDTIME of the USER/XUSER class. |
|
LOCATION |
No |
NVARCHAR2(256) |
NULL |
User's location. Maps to the AC property LOCATION of the USER/XUSER class. |
|
|
No |
NVARCHAR2(256) |
NULL |
User's email address. Maps to the AC property EMAIL of the USER/XUSER class. |
|
ORGANIZATION |
No |
NVARCHAR2(256) |
NULL |
User's organization name. Maps to the AC property ORGANIZATION of the USER/XUSER class. |
|
ORGUNIT |
No |
NVARCHAR2(256) |
NULL |
User's organization unit. Maps to the AC property ORG_UNIT of the USER/XUSER class. |
|
PHONE |
No |
NVARCHAR2(256) |
NULL |
User's phone number. Maps to the AC property PHONE of the USER/XUSER class. |
|
COUNTRY |
No |
NVARCHAR2(256) |
NULL |
Specifies the country where the user is located. This string is part of the X.500 naming scheme. eTrust AC does not use it for authorization. Maps to the AC property COUNTRY of the USER/XUSER class. |
|
LOCALAPPS |
No |
NUMBER(1,0) |
NULL |
Maps to the AC property LOCALAPPS of the USER/XUSER class. |
|
LOGSHIFT |
No |
NUMBER(1,0) |
NULL |
Indicates whether to allow login outside of the shift time frame. AC writes an audit record in the audit log for this event. Maps to the AC property LOGSHIFT of the USER/XUSER class. |
|
NOTIFY |
No |
NVARCHAR2(256) |
NULL |
Notifies the user every time the user logs in. Enter a user name, an email address of a user, or the email address of a mail group if an alias is specified. The recipient of the notify messages should log in frequently to respond to the unauthorized access attempts described in each message. Maps to the AC property NOTIFY of the USER/XUSER class. |
|
OIDCRDDATA |
No |
NVARCHAR2(256) |
NULL |
Used by CA Single Sign-On and CA Web Access Control. Maps to the AC property OIDCRDDATA of the USER/XUSER class. |
|
PWDAUTOGEN |
No |
NUMBER(1,0) |
NULL |
Indicates whether the application's password is automatically generated by the Policy Server. Maps to the AC property PWD_AUTOGEN of the USER/XUSER class. |
|
PWDSYNC |
No |
NUMBER(1,0) |
NULL |
Indicates whether the application's password can be identical to the user's other application passwords. Maps to the AC property PWD_SYNC of the USER/XUSER class. |
|
SCRIPTVARS |
No |
NVARCHAR2(256) |
NULL |
Used by CA Single Sign-On and CA Web Access Control, a variables list with the variable values of the application script that are saved per application. Maps to the AC property SCRIPT_VARS of the USER/XUSER class. |
|
SECLEVEL |
No |
NUMBER |
NULL |
Security level to the user record. Maps to the AC property SECLEVEL of the USER/XUSER class. |
|
SECLABEL |
No |
NVARCHAR2(256) |
NULL |
Maps to the ONAME of the AC property SECLABEL of the USER/XUSER class. |
|
SHIFT |
No |
NVARCHAR2(256) |
NULL |
Used by CA Single Sign-On and CA Web Access Control. Maps to the ONAME of the AC property SHIFT of the USER/XUSER class. |
|
UALIAS |
No |
NVARCHAR2(256) |
NULL |
All the aliases of a specific user defined to one or more authentication hosts. Used by CA Single Sign-On and CA Web Access Control. Maps to the AC property UALIAS of the USER/XUSER class. |
|
NOCHGPWD |
No |
NUMBER(1,0) |
NULL |
UNIX only: No change password. Maps to the AC property NOCHNGPASS of the AC class USER. |
|
OWNERONAME |
No |
NVARCHAR2(256) |
NULL |
The owner object name. Maps to the ONAME of the AC property OWNER of the USER/XUSER class. |
|
OWNERCNAME |
No |
NVARCHAR2(80) |
NULL |
The owner class name. GROUP or XGROUP means that the owner record is in the GROUPINFO table. USER or XUSER means that the owner record is in the USERINFO table. Maps to the CNAME of the AC property OWNER of the USER/XUSER class. |
The following table describes the attributes of the columns of the USERACAUDIT table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
USERID |
Yes |
NVARCHAR2(256) |
NOT NULL |
User ID (name) of this record |
|
USERTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The class of this user: USER, XUSER |
|
SUCCESS |
No |
NUMBER(1,0) |
NULL |
CA Access Control logs successful accesses. |
|
FAILURE |
No |
NUMBER(1,0) |
NULL |
logs failed access attempts. |
|
LOGONSUCCESS |
No |
NUMBER(1,0) |
NULL |
CA Access Control logs successful logins. |
|
LOGONFAILURE |
No |
NUMBER(1,0) |
NULL |
CA Access Control logs failed login attempts. |
|
DEBUG |
No |
NUMBER(1,0) |
NULL |
Audit debug events |
|
TRACE |
No |
NUMBER(1,0) |
NULL |
Audit trace events |
The following table describes the attributes of the columns of the USERACMODE table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists |
|
USERID |
Yes |
NVARCHAR2(256) |
NOT NULL |
User ID (name) of this record |
|
USERTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The class of this user: USER, XUSER |
|
MREGULAR |
No |
NUMBER(1,0) |
NULL |
|
|
MAUDITOR |
No |
NUMBER(1,0) |
NULL |
|
|
MOPERATIONS |
No |
NUMBER(1,0) |
NULL |
|
|
MPWOFFICER |
No |
NUMBER(1,0) |
NULL |
|
|
MENABLED |
No |
NUMBER(1,0) |
NULL |
|
|
MIGNHOL |
No |
NUMBER(1,0) |
NULL |
|
|
MSERVER |
No |
NUMBER(1,0) |
NULL |
|
|
MADMIN |
No |
NUMBER(1,0) |
NULL |
|
|
MLOGICAL |
No |
NUMBER(1,0) |
NULL |
|
The following table describes the attributes of the columns of the USERGRP table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record. |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
USERID |
Yes |
NVARCHAR2(256) |
NOT NULL |
User ID (name) of this record. |
|
USERTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The class of this user: USER, XUSER. |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record. Maps to the ONAME of the AC group OID. |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
|
CONNECTIONDATE |
No |
TIMESTAMP(6) |
NULL |
Connection date |
|
OWNERCNAME |
No |
NVARCHAR2(80) |
NULL |
The owner class name. GROUP or XGROUP means that the owner record is in the GROUPINFO table. USER or XUSER means that the owner record is in the USERINFO table. |
|
OWNERONAME |
No |
NVARCHAR2(256) |
NULL |
|
|
MREGULAR |
No |
NUMBER(1,0) |
NULL |
|
|
MAUDITOR |
No |
NUMBER(1,0) |
NULL |
|
|
MOPERATIONS |
No |
NUMBER(1,0) |
NULL |
|
|
MPWOFFICER |
No |
NUMBER(1,0) |
NULL |
|
|
MENABLED |
No |
NUMBER(1,0) |
NULL |
|
|
MIGNHOL |
No |
NUMBER(1,0) |
NULL |
|
|
MSERVER |
No |
NUMBER(1,0) |
NULL |
|
|
MADMIN |
No |
NUMBER(1,0) |
NULL |
|
The following table describes the attributes of the columns of the USERINFO table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
USERID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Identifier for this object on this system. |
|
USERTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The class of this user: USER, XUSER |
|
NAME |
No |
NVARCHAR2(256) |
NULL |
Users full name as defined on security database. This column maps to the AC property FULL_NAME of the USER/XUSER class. |
|
DEFGROUP |
No |
NVARCHAR2(256) |
NULL |
Users default group for USS. This is the DFLTGRP field in CA Top Secret and the GROUP field in CA ACF2. |
|
CRETIME |
No |
TIMESTAMP(6) |
NULL |
Time user was created on the security database. This column maps to the AC property CREATE_TIME of the USER/XUSER class. |
|
LUTIME |
No |
TIMESTAMP(6) |
NULL |
Time user last entered the system. This column maps to the AC property LAST_ACC_TIME of the USER/XUSER class. |
|
ACTDATE |
No |
DATE |
NULL |
CA ACF2 only. Date users account is activated. |
|
EXPDATE |
No |
DATE |
NULL |
The date when the user account expires. This column maps to the AC property EXPIRE_DATE of the USER/XUSER class. |
|
TIMEZONE |
No |
CHAR(3) |
NULL |
An ACID's physical time zone in relation to the CPU's time zone. Time zone values are -12 thru +12. |
|
APPIND |
No |
CHAR(1) |
NULL |
Application Indicator. Indicates which application this record belongs to. Equals to the character ID in the TSS/ACF2 DB schema. Should always be 'A'. |
|
CONSOLE |
No |
CHAR(1) |
NULL |
CA ACF2: Allows access to the TSO Console facility. CA Top Secret: Allows user to issue TSS MODIFY commands. |
|
SUSPEND |
No |
CHAR(1) |
NULL |
Prevents users from accessing the system. |
|
TRACE |
No |
CHAR(1) |
NULL |
Diagnostic trace activated to record all user activity (system entry, resource accesses, violations, etc.). |
|
LDS |
No |
CHAR(1) |
NULL |
User enabled for LDAP synchronization. |
|
EIMRECID |
No |
CHAR(8) |
NULL |
Record Identifier. |
|
LDSRECID |
No |
CHAR(8) |
NULL |
Record Identifier. |
|
PROXYRECID |
No |
CHAR(8) |
NULL |
Record Identifier. |
|
SRCRECID |
No |
CHAR(8) |
NULL |
Used to specify the user's SOURCE record name. |
|
SNAME |
No |
NVARCHAR2(64) |
NULL |
Used to map a user identity from Lotus Notes z/OS UNIX to a CA Top Secret or CA ACF2 userid. |
|
UNAME |
No |
NVARCHAR2(246) |
NULL |
Used to map a user identity from Novell Directory Services to a CA Top Secret or CA ACF2 userid. |
|
SECURITYID |
No |
NVARCHAR2(256) |
NULL |
Vendor-specific security ID for this user entry. This column maps to the AC property SECURITY_ID of the XUSER class. |
The following table describes the attributes of the columns of the USERLIST table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID of this record. |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. |
|
GROUPID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Group ID (name) of this record. |
|
GROUPTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The group's class: GROUP, XGROUP, etc. Maps to the CNAME of the AC group OID. |
|
USERTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
Class name of the user. |
|
USERID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Object name of the user. |
The following table describes the attributes of the columns of the USERREVACL table:
|
Name |
Is PK |
Datatype |
Null Option |
Comment |
|---|---|---|---|---|
|
SNAPSHOTID |
Yes |
NUMBER(20,0) |
NOT NULL |
Snapshot ID for this record |
|
HOSTID |
Yes |
NVARCHAR2(512) |
NOT NULL |
Host ID of this record. System Identifier for system where record exists. |
|
USERID |
Yes |
NVARCHAR2(256) |
NOT NULL |
Identifier for this object on this system. Maps to the AC OID of the USER/XUSER object. |
|
USERTYPE |
Yes |
NVARCHAR2(80) |
NOT NULL |
The class of this user: USER, XUSER. |
|
RESCNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Resource class name |
|
RESONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Resource object name |
|
CONCNAME |
Yes |
NVARCHAR2(80) |
NOT NULL |
Condition class name (i.e. PROGRAM, HOST, CALENDAR). A non-empty string means that a condition object exists in the RESINFO table. An empty strings means unconditional. |
|
CONONAME |
Yes |
NVARCHAR2(256) |
NOT NULL |
Condition object name |
|
AREAD |
No |
NUMBER(1,0) |
NULL |
|
|
AWRITE |
No |
NUMBER(1,0) |
NULL |
|
|
AMODIFY |
No |
NUMBER(1,0) |
NULL |
|
|
ACREATE |
No |
NUMBER(1,0) |
NULL |
|
|
AERASE |
No |
NUMBER(1,0) |
NULL |
|
|
AFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
ALANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
AEXEC |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
ACHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
ACHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
AUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
ASEC |
No |
NUMBER(1,0) |
NULL |
|
|
AKILL |
No |
NUMBER(1,0) |
NULL |
|
|
ACONNECT |
No |
NUMBER(1,0) |
NULL |
|
|
ARENAME |
No |
NUMBER(1,0) |
NULL |
|
|
APASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
AAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
AXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
ACHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
ACRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
ANOTIFY |
No |
NUMBER(1,0) |
NULL |
|
|
AENUM |
No |
NUMBER(1,0) |
NULL |
|
|
AQUERY |
No |
NUMBER(1,0) |
NULL |
|
|
ARCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
ACRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
APRINT |
No |
NUMBER(1,0) |
NULL |
|
|
AMANAGE |
No |
NUMBER(1,0) |
NULL |
|
|
AMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
ASTOP |
No |
NUMBER(1,0) |
NULL |
|
|
APAUSE |
No |
NUMBER(1,0) |
NULL |
|
|
ACONTROL |
No |
NUMBER(1,0) |
NULL |
|
|
ACHOG |
No |
NUMBER(1,0) |
NULL |
|
|
ARESUME |
No |
NUMBER(1,0) |
NULL |
|
|
DREAD |
No |
NUMBER(1,0) |
NULL |
|
|
DWRITE |
No |
NUMBER(1,0) |
NULL |
|
|
DMODIFY |
No |
NUMBER(1,0) |
NULL |
|
|
DCREATE |
No |
NUMBER(1,0) |
NULL |
|
|
DERASE |
No |
NUMBER(1,0) |
NULL |
|
|
DFILESCAN |
No |
NUMBER(1,0) |
NULL |
|
|
DLANGINT |
No |
NUMBER(1,0) |
NULL |
|
|
DEXEC |
No |
NUMBER(1,0) |
NULL |
|
|
DCHOWN |
No |
NUMBER(1,0) |
NULL |
|
|
DCHGRP |
No |
NUMBER(1,0) |
NULL |
|
|
DCHMOD |
No |
NUMBER(1,0) |
NULL |
|
|
DUTIMES |
No |
NUMBER(1,0) |
NULL |
|
|
DSEC |
No |
NUMBER(1,0) |
NULL |
|
|
DKILL |
No |
NUMBER(1,0) |
NULL |
|
|
DCONNECT |
No |
NUMBER(1,0) |
NULL |
|
|
DRENAME |
No |
NUMBER(1,0) |
NULL |
|
|
DPASSWORD |
No |
NUMBER(1,0) |
NULL |
|
|
DAUTHORIZED |
No |
NUMBER(1,0) |
NULL |
|
|
DXAUDIT |
No |
NUMBER(1,0) |
NULL |
|
|
DCHDIR |
No |
NUMBER(1,0) |
NULL |
|
|
DCRSUBK |
No |
NUMBER(1,0) |
NULL |
|
|
DNOTIFY |
No |
NUMBER(1,0) |
NULL |
|
|
DENUM |
No |
NUMBER(1,0) |
NULL |
|
|
DQUERY |
No |
NUMBER(1,0) |
NULL |
|
|
DRCTRL |
No |
NUMBER(1,0) |
NULL |
|
|
DCRLINK |
No |
NUMBER(1,0) |
NULL |
|
|
DPRINT |
No |
NUMBER(1,0) |
NULL |
|
|
DMANAGE |
No |
NUMBER(1,0) |
NULL |
|
|
DMAXALLOWED |
No |
NUMBER(1,0) |
NULL |
|
|
DSTOP |
No |
NUMBER(1,0) |
NULL |
|
|
DPAUSE |
No |
NUMBER(1,0) |
NULL |
|
|
DCONTROL |
No |
NUMBER(1,0) |
NULL |
|
|
DCHOG |
No |
NUMBER(1,0) |
NULL |
|
|
DRESUME |
No |
NUMBER(1,0) |
NULL |
|
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |