B.3 Views

B.3.1 ig.dag_entitlement_entries

Provides an extended view of permission entries.

This view is referenced by the File System Access Permissions collector in Identity Governance.

Table B-5 Entitlement Entries View

Column Name

SQL Server Data Type

PostgreSQL Data Type

Notes

entitlement_id

nvarchar

text

Composite "key" composed of:

  • dag_target_paths id

  • dag_permission_entries id

Example: 3-1

trustee_guid

nvarchar(36)

varchar(36)

Trustee GUID

trustee_sid

nvarchar(256)

varchar(256)

Trustee Security Identifier

trustee_fdn

nvarchar(256)

varchar(256)

Trustee full distinguished name

target_path

nvarchar(max)

text

Target Path in UNC format

category

nvarchar(64)

varchar(64)

Optional category name

B.3.2 ig.dag_entitlements

Provides a simple view of mappings between Data Access Governance Target Paths and identities.

This view is referenced by the File System Access Permissions collector in Identity Governance.

Table B-6 Entitlements View

Column Name

SQL Server Data Type

PostgreSQL Data Type

Notes

id

nvarchar

text

Composite "key" composed of:

  • dag_target_paths id

  • dag_permissions id

Example: 3-1

entitlement

nvarchar

text

Composite value consisting of:

  • target_path

  • dag_permissions id

Example: \\server.lab\Share - 3

description

nvarchar(1024)

varchar(1024)

Optional description

target_path

nvarchar(max)

text

Target Path in UNC format

permission

nvarchar(32)

varchar(32)

One of:

  • Read

  • Write

  • Change Permissions

category

nvarchar(64)

varchar(64)

Optional category name

B.3.3 ig.dag_permission_entries_view

Provides an extended view of ig.dag_permission_entries and includes data from ig.dag_target_paths as well as the converted string value for the aggregate access mask.

Table B-7 Permission Entries View

Column Name

SQL Server Data Type

PostgreSQL Data Type

Notes

id

big integer

big integer

Primary key

scan_id

integer

integer

Reference to srs.scans table

scan_time

datetime2(0)

timestamp without time zone

UTC timestamp copied from scan_start_time in srs.scans

category

nvarchar(64)

varchar(64)

Optional category name

target_path

nvarchar(max)

text

Target Path in UNC format

target_path_hash

binary(20)

bytea

SHA-1 hash of Target Path

target_path_id

integer

integer

References ig.dag_target_paths

trustee

nvarchar(256)

varchar(256)

Trustee name in Domain\SAMAccountName format

trustee_fdn

nvarchar(256)

varchar(256)

Trustee full distinguished name

trustee_guid

nvarchar(36)

varchar(36)

Trustee GUID

trustee_sid

nvarchar(256)

varchar(256)

Trustee Security Identifier

aggregate_access_mask

integer

integer

Aggregate access mask for this identity and Target Path

access_string

nvarchar(64)

varchar(64)

Converted text for aggregate access mask containing one or more of the following:

  • Read

  • Write

  • Change Permissions

target_path_status

integer

integer
  • 0 = Disabled
  • 1 = Enabled
  • 2 = Marked for delete

B.3.4 ig.dag_target_paths_view

Provides an expanded view of Target Paths and includes data from job queue as well as permissions_status from any new scan data referenced in the srs.scans table.

Table B-8 s View

Column Name

SQL Server Data Type

PostgreSQL Data Type

Notes

id

integer

integer

Primary key

target_path

nvarchar(max)

text

Target Path in UNC format

target_path_hash

binary(20)

bytea

SHA-1 hash of Target Path

scan_target_path

nvarchar(256)

varchar(256)

Associated network path from srs.scan_targets

category

nvarchar(64)

varchar(64)

Optional category name

description

nvarchar(1024)

varchar(1024)

Optional description

scan_id

integer

integer

Reference to srs.scans table

scan_time

datetime2(0)

timestamp without time zone

UTC timestamp copied from scan_start_time in srs.scans

process_time

datetime2(0)

timestamp without time zone

Time when aggregate processing completes

identity_count

integer

integer

Number of processed identities

option_flags

integer

integer
  • Processing options:
  • 0 = None
  • 1 = Automatic processing after scan

status

integer

integer
  • 0 = Disabled
  • 1 = Enabled
  • 2 = Marked for delete

queue_time

datetime2(0)

timestamp without time zone

Timestamp when processing job was queued

permissions_status

integer

integer
  • Status of membership post-processing on permission scans:
  • 0 = Unknown
  • 1 = Queued
  • 2 = Processing
  • 3 = Complete

current_scan_id

integer

integer

References srs.scans.id from last processed scan data

job_state

integer

integer
  • 0 = Unknown
  • 1 = Queued
  • 2 = Processing
  • 3 = Canceling
  • 4 = Complete

job_num

integer

integer

Count of queued jobs for a Target Path – internal processing