¶
23.6.2.System Tables
DB objects related to the User and Role objects are created as follows. The terms group and role are used interchangeably.
create table
SYS_USERS (
U_ID integer unique, -- unique id identifying the security object
U_NAME char (128), -- unique name identifying the security object
U_IS_ROLE integer default 0, -- if true it's a group
U_FULL_NAME char (128), -- for information only, name of that user or group
U_E_MAIL char (128) default '', -- e-mail for contact
U_PASSWORD char (128), -- encrypted password
U_GROUP integer, /* the primary group references SYS_USERS (U_ID), */
U_LOGIN_TIME datetime, -- last login time, can be set in login hooks,
-- otherwise is set when login in webDAV repository
U_ACCOUNT_DISABLED integer default 1, -- if true the account is not functional
U_DAV_ENABLE integer default 0, -- true if DAV login allowed
U_SQL_ENABLE integer default 1, -- true if SQL/(ODBC/JDBC/OLE/DB etc) login allowed.
U_DATA varchar, /* reserved */
U_METHODS integer, /* reserved */
U_DEF_PERMS char (10) default '110100000R', -- see PERMISSIONS option value
U_HOME varchar (128), -- see HOME option value
U_PASSWORD_HOOK varchar, -- see PASSWORD_MODE option value
U_PASSWORD_HOOK_DATA varchar, -- see PASSWORD_MODE_DATA option value
U_GET_PASSWORD varchar, -- see GET_PASSWORD option data
U_DEF_QUAL varchar, -- default qualifier for SQL/ODBC login
U_OPTS long varchar, -- extensibility options for user&group objects
primary key (U_NAME)
)
create table
SYS_ROLE_GRANTS (
GI_SUPER integer references SYS_USERS (U_ID), -- user object id
GI_SUB integer references SYS_USERS (U_ID), -- granted role object id
GI_DIRECT integer default 1, -- false if indirect, i.e.
-- true by inheritance, not direct grant.
GI_GRANT integer, -- who has granted this role
GI_ADMIN integer default 0, -- true if granted with admin option
primary key (GI_SUPER, GI_SUB, GI_DIRECT));
For Backwards compatibility the system tables SYS_DAV_USER, SYS_DAV_GROUP, SYS_DAV_USER_GROUP and SYS_USER_GROUP are re-defined as views:
-- WebDAV Users
create view WS.WS.SYS_DAV_USER (U_ID, U_NAME, U_FULL_NAME, U_E_MAIL, U_PWD,
U_GROUP, U_LOGIN_TIME, U_ACCOUNT_DISABLED, U_METHODS, U_DEF_PERMS, U_HOME)
as select U_ID, U_NAME, U_FULL_NAME, U_E_MAIL, U_PASSWORD as U_PWD,
U_GROUP, U_LOGIN_TIME, U_ACCOUNT_DISABLED, U_METHODS, U_DEF_PERMS, U_HOME
from DB.DBA.SYS_USERS where U_IS_ROLE = 0 and U_DAV_ENABLE = 1;
-- WebDAV Groups
create view WS.WS.SYS_DAV_GROUP (G_ID, G_NAME)
as select U_ID as G_ID, U_NAME as G_NAME
from DB.DBA.SYS_USERS where U_IS_ROLE = 1 and U_DAV_ENABLE = 1;
-- The granted groups to the WebDAV user
create view WS.WS.SYS_DAV_USER_GROUP (UG_UID, UG_GID) as select GI_SUPER, GI_SUB from DB.DBA.SYS_ROLE_GRANTS
where GI_DIRECT = 1;
create view SYS_USER_GROUP (UG_UID, UG_GID) as select GI_SUPER, GI_SUB
from SYS_ROLE_GRANTS where GI_DIRECT = 1;
create table SYS_GRANTS (
G_USER varchar,
G_OP integer,
G_OBJECT varchar,
G_COL varchar,
primary key (G_USER, G_OP, G_OBJECT, G_COL));
These tables are visible only to dba members. The procedure list_grants shows a summary of granted privileges:
SQL> list_grants (0);
These tables should not be modified by applications. Only the SQL statements GRANT, REVOKE, CREATE USER, DELETE USER, SET USER GROUP and SET PASSWORD should be used to maintain user and security information. Security information is cached in RAM during the execution of a Virtuoso process and these statements ensure that the cache stays consistent with the tables.