User mapping tables (UNIX, Linux)
The user mapping tables in the SYSUSER database are system tables that map users to OS-level properties that enable HCL® OneDB® access and control level of discretionary access privileges.
sysusermap table
Database: SYSUSER
| Column | Type | Description |
|---|---|---|
| username | CHAR(32) | PUBLIC or a mapped user name |
| surrogate_id | INT | Identification number for a surrogate user identity. This number is generated when you run the GRANT ACCESS TO statement to create a mapped user. |
syssurrogates table
Database: SYSUSER
| Column | Type | Description |
|---|---|---|
| surrogate_ID | SERIAL | Identification number for a surrogate user identity. This number is generated when you run the GRANT ACCESS TO statement to create a mapped user. |
| os_username | CHAR(32) | User name of an operating system account on the HCL OneDB host computer to be used as the surrogate user identity. The os_username field is null when you set a value to the UID keyword in the GRANT ACCESS TO statement. |
| uid | INT | User identifier number that corresponds with the permissions to which you want to map a user, users, or PUBLIC. This number and the corresponding gid value together form a surrogate user identity. The uid field is null when you specify a name with USER keyword in the GRANT ACCESS TO statement. |
| gid | INT | Group identifier number that corresponds with the permissions to which you want to map a user, users, or PUBLIC. |
| groupname | CHAR(32) | A group name that exists on the operating system of the HCL OneDB host computer. |
| homedir | VARCHAR(255) | Full path name in which user files are stored. The uid and gid must own the directory and have READ, WRITE, and EXECUTE permissions. The directory must not have PUBLIC WRITE permission. |
| userauth | CHAR(10) | Contains userauth pattern that indicates whether the user has server administrator privileges. |
syssurrogategroups table
Database: SYSUSER
| Column | Type | Description |
|---|---|---|
| surrogate_id | INT | Identification number for a surrogate user identity. This number is generated when you run the GRANT ACCESS TO statement to create a mapped user. |
| gid | INT | Group identifier number that corresponds with the permissions to which you want to map a user, users, or PUBLIC. |
| groupname | CHAR(32) | A group name that exists on the operating system of the HCL OneDB host computer. |
| groupseq | SMALLINT | Unique number associated with the group information. |
sysintauthusers table
Database: SYSUSER
Before a user connects to a database of a non-root installation, the server must authenticate the user by verifying credentials in sysintauthusers table. The value that is stored in the sysintauthusers table of the sysusers database is hashed with a 64-bit random salt that is also stored.
| Column | Type | Description |
|---|---|---|
| username | NCHAR(32) | Name for the user. |
| salt | BIGINT | 64-bit salt that the server uses to morph the password before applying the hashing algorithm. The server can use salt to change a password so that two users with the same password do not have the same hashed password in the database. Salt improves security because it prevents password guessing. |
| hashed_password | VARCHAR(128) | A sha-256 hashed and base-64 encoded password. |
| hash_type | CHAR(16) | Type of hashing algorithm used. Currently the SHA-256 algorithm is used. |
| updated | DATETIME YEAR TO SECOND {TIMESTAMP} | N/A |
| flags | INTEGER | Flags used to store some account information (such as the account lock). |
| min_change | INTERVAL DAY(7) TO SECOND | N/A |
| max_change | INTERVAL DAY(7) TO SECOND, | N/A |
| inactive | INTERVAL DAY(7) TO SECOND | N/A |
| ac_expire | DATETIME YEAR TO SECOND | N/A |