3.3 Functions

3.3.1 SRS.ACCESS_MASK_BASIC_STRING

Parameters

SQL Server

PostgreSQL

@mask

integer

integer

@path_type

integer

integer

Return Value

nvarchar(128)

varchar(128)

Description: Converts an NTFS access mask value to its basic permissions string equivalent.

Note that the values displayed here are functionally equivalent to what is seen in the primary window of the security tab for an NTFS file system entry:

  • Entries having permissions that do not fit the basic permissions (such as Special permissions) include an asterisk *.

  • The path_type is required since the same flags represent different semantic values for folders, files and shares. Path type must be one of 1 (file), 2 (folder) or 7 (share).

  • Permissions flags are mapped to one or more of the following values:

    • Full Control

    • Modify

    • Read and Execute

    • List Folder Contents (Folders only)

    • Read

    • Write

    • Special Permissions

Example (SQL Server)

Example (PostgreSQL)

3.3.2 SRS.ACCESS_MASK_STRING

Parameters

SQL Server

PostgreSQL

@mask

integer

integer

@path_type

integer

integer

Return Value

nvarchar(128)

varchar(128)

Description: Converts an NTFS access mask value to its advanced permissions string equivalent.

Note that the values displayed here are functionally equivalent to what is seen in the advanced section of the security tab for an NTFS file system entry:

  • The path_type is required since the same flags represent different semantic values for folders, files and shares. Path type must be one of 1 (file), 2 (folder) or 7 (share).

  • Flags correspond to the following values:

    • 0x00000001 Rd / Lf Read data / List folder
    • 0x00000002 Wd / Cf Write data / Create file
    • 0x00000004 Ad / Cs Append data / Create subdirectory
    • 0x00000008 Rx Read extended attributes
    • 0x00000010 Wx Write extended attributes
    • 0x00000020 Xf / Tf File execute / Traverse
    • 0x00000040 Ds Delete child (subdirectory)
    • 0x00000080 Ra Read attributes
    • 0x00000100 Wa Write attributes
    • 0x00010000 De Delete
    • 0x00020000 Rp Read permissions
    • 0x00040000 Cp Change permissions
    • 0x00080000 To Change owner (take ownership)
    • 0x00100000 Sy Synchronize
    • 0x01000000 Ss Access system security
    • 0x10000000 Ga Generic All
    • 0x20000000 Ge Generic Execute
    • 0x40000000 Gw Generic Write
    • 0x80000000 Gr Generic Read

Example (SQL Server)

Example (PostgreSQL)

3.3.3 SRS.AD_ACCOUNT_NAME

Parameters

SQL Server

PostgreSQL

@domain

nvarchar(1024)

varchar(1024)

@name

nvarchar(1024)

varchar(1024)

@sid

binary(68)

bytea

Return Value

nvarchar(max)

text

Description: Converts primary naming values for an Windows security principal to a display name.

  • If domain is null or empty, the leading backslash is not included in the result.

  • If the name is null or empty, the result value is the SDDL sid representation.

  • If the sid is needed but is invalid, the return value is [Invalid SID].

Example

3.3.4 SRS.ACE_FLAGS_STRING

Parameters

SQL Server

PostgreSQL

@flags

integer

integer

Return Value

nvarchar(128)

varchar(128)

Description: Converts the access mask flag to a string representation. Flags are converted as follows:

  • 0x001 (OI) Object inherit
  • 0x002 (CI) Container inherit
  • 0x004 (NP) No propagate
  • 0x008 (IO) Inherit only
  • 0x010 (ID) Inherited
  • 0x040 (SA) Successful access
  • 0x080 (FA) Failed access

Example (SQL Server)

Example (PostgreSQL)

3.3.5 SRS.ACE_TYPE_STRING

Parameters

SQL Server

PostgreSQL

@ace_type

integer

integer

Return Value

nvarchar(128)

varchar(128)

Description: Converts the access mask type value to a corresponding text value.

  • Flags correspond as follows:

    • 0 Access Allowed
    • 1 Access Denied
    • 2 System Audit
    • 3 System Alarm
    • 4 Allowed Compound
    • 5 Allowed Object
    • 6 Denied Object
    • 7 System Audit Object
    • 8 System Alarm Object
    • 9 Allowed Callback
    • 10 Denied Callback
    • 11 Allowed Callback Object
    • 12 Denied Callback Object
    • 13 System Audit Callback
    • 14 System Alarm Callback
    • 15 System Audit Callback Object
    • 16 System Alarm Callback Object
    • 17 System Mandatory Label
  • For NTFS file systems, the primary values of concern are Allowed (0), Denied (1), Audit (2), and System Mandatory Label (17).

Example (SQL Server)

Example (PostgreSQL)

3.3.6 SRS.ATTRIBUTE_STRING

Parameters

SQL Server

PostgreSQL

@flags

integer

integer

Return Value

nvarchar(256)

varchar(256)

Description: Converts an attributes value to its equivalent string representation. Flags correspond to the following values:

  • 0x00000000 None
  • 0x00000001 Ro Read Only
  • 0x00000002 Ar Archive
  • 0x00000004 Sy System
  • 0x00000008 Hi Hidden
  • 0x00000010 Dr Directory
  • 0x00000020 Co Compressed
  • 0x00000040 Ol Offline
  • 0x00000080 De NTFS device
  • 0x00000100 No NTFS Normal
  • 0x00000200 Te NTFS Temporary
  • 0x00000400 Sp NTFS Sparse File
  • 0x00000800 Rp NTFS Reparse Point
  • 0x00001000 Nc NTFS Not content indexed
  • 0x00002000 En NTFS Encrypted
  • 0x00004000 Vi NTFS Virtual
  • 0x00008000 Ex NSS Execute only
  • 0x00010000 Sh NSS Shareable
  • 0x00020000 Ds NSS Don’t Sub-allocate
  • 0x00040000 Tr NSS Transactional
  • 0x00080000 In NSS Indexed
  • 0x00100000 Ra NSS Read Audit
  • 0x00200000 Wa NSS Write Audit
  • 0x00400000 Ip NSS Immediate Purge
  • 0x00800000 Ri NSS Rename Inhibit
  • 0x01000000 Di NSS Delete Inhibit
  • 0x02000000 Ci NSS Copy Inhibit
  • 0x04000000 Dm NSS Don’t Migrate
  • 0x08000000 Ic NSS Immediate Compress
  • 0x10000000 Dc NSS Don’t Compress
  • 0x20000000 Cc NSS Can’t Compress
  • 0x40000000 Fa NSS File Audit
  • 0x80000000 Li NSS Is a Link

Example (SQL Server)

Example (PostgreSQL)

3.3.7 SRS.GUID_BYTES

Parameters

SQL Server

PostgreSQL

@guid_text

nvarchar(38)

varchar(38)

Return Value

varbinary(16)

bytea

Description: Converts a compatible guid text string to its equivalent binary representation.

Recommended input format: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}.

  • Surrounding braces are optional.

  • Hex values A-F may be in upper or lower case.

  • Hyphen separators must be present at the specified 4 locations, or not at all.

Example

3.3.8 SRS.GUID_TEXT

Parameters

SQL Server

PostgreSQL

@guid_binary

varbinary(16)

bytea

Return Value

nvarchar(38)

varchar(38)

Description: Converts a binary guid value to its equivalent string representation. Note that returned guid strings are in the format {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}. All hex values are returned with uppercase A-F.

Example

3.3.9 SRS.NCP_RIGHTS_STRING

Parameters

SQL Server

PostgreSQL

@rights

integer

integer

Return Value

nvarchar(8)

varchar(8

Description: Converts an NCP trustee rights flag to its equivalent string representation. Flags correspond to the following values

  • 0x0001 R Read
  • 0x0002 W Write
  • 0x0004 [Obsolete]
  • 0x0008 C Create
  • 0x0010 E Erase
  • 0x0020 A Access Control
  • 0x0040 F File Scan
  • 0x0080 M Modify
  • 0x0100 S Supervisor

Rights are displayed in the order: SRWCEMFA

Example (SQL Server)

Example (PostgreSQL)

3.3.10 SRS.PATH_HASH

Parameters

SQL Server

PostgreSQL

@path

nvarchar(max)

text

Return Value

binary(20)

bytea

Description: Returns the binary SHA-1 hash for a given path.

  • The input path is first converted to lower-case.

  • Useful for finding a fullpath in the srs.scan_data table using the fullpath_hash index.

Example

3.3.11 SRS.SID_BYTES

Parameters

SQL Server

PostgreSQL

@sid

nvarchar(1024)

varchar(1024)

Return Value

varbinary(68)

bytea

Description: Converts an SDDL representation of a Security Identifier value to its binary form.

Input SID values must be in proper SDDL form.

Example

3.3.12 SRS.SID_TEXT

Parameters

SQL Server

PostgreSQL

@sid_bytes

varbinary(68)

bytea

Return Value

nvarchar(1024)

varchar(1024)

Description: Converts binary Security Identifier to its SDDL string representation.

Example