Database Properties
Database Type: PostgreSQL - 16.1 (Ubuntu 16.1-1.pgdg22.04+1)
Catalog mscmp_syst_authn
Copyright © Lima Buttgereit Holdings LLC d/b/a Muse Systems
This database software and documentation is licensed to you under the terms of the Muse Systems Business Management System License Agreement v1.1 or other written, superseding license that you have obtained from Muse Systems.
Only Muse Systems may license this software to you. Your continued use of this software indicates your agreement to abide by the applicable license terms.
This database may include content copyrighted by and licensed from third parties.
Please see the license or contact us for more information.
Schema ms_syst
Public API for system management oriented data access and operations.
This schema contains procedures, functions, and views suitable for access by applications and integration tools.
Tables
| Table / View | Children | Parents | Columns | Type | Comments |
|---|---|---|---|---|---|
| syst_access_accounts | 0 | 0 | 13 | View | Contains the known login accounts which are used solely for the purpose of authentication of users. Authorization is handled on a per-Instance basis within the application. User Defined Record Supported Operations
|
| syst_disallowed_hosts | 0 | 0 | 9 | View | A simple listing of “banned” IP address which are not allowed to authenticate their users to the system. This registry differs from the syst_*_network_rules tables in that IP addresses here are registered as the result of automatic system heuristics whereas the network rules are direct expressions of system administrator intent. The timing between these two mechanisms is also different in that records in this table are evaluated prior to an authentication attempt and most network rules are processed in the authentication attempt sequence. User Defined Record Supported Operations
|
| syst_instance_type_contexts | 0 | 0 | 11 | View | Establishes Instance Type defaults for each of an Application’s defined datastore contexts. General Usage In practice, these records are used in the creation of Instance Context records, but do not establish a direct relationship; records in this table simply inform us what Instance Contexts should exist and give us default values to use in their creation. User Defined Record Supported Operations
|
| syst_access_account_instance_assocs | 0 | 0 | 14 | View | Associates access accounts with the instances for which they are allowed to authenticate to. Note that being able to authenticate to an instance is not the same as having authorized rights within the instance; authorization is handled by the instance directly. User Defined Record Supported Operations
|
| syst_enum_items | 0 | 0 | 22 | View | The list of values provided by an Enumeration as well as related behavioral and informational metadata. User Defined Record Supported Operations
System Defined Record Supported Operations
|
| syst_instance_contexts | 0 | 0 | 14 | View | Instance specific settings which determine how each Instance connects to the defined Application Contexts. User Defined Record Supported Operations
|
| syst_instances | 0 | 0 | 18 | View | Defines known application instances and provides their configuration settings. User Defined Record Supported Operations
|
| syst_owner_password_rules | 0 | 0 | 19 | View | Defines the password credential complexity standard for a given Owner. While Owners may define stricter standards than the global password credential complexity standard, looser standards than the global will not have any effect and the global standard will be used instead. User Defined Record Supported Operations
|
| syst_instance_network_rules | 0 | 0 | 15 | View | Defines firewall-like rules, scoped to specific instances, indicating which IP addresses are allowed to attempt authentication and which are not. These rules are applied in their defined order after all global_network_rules and owner_network_rules. User Defined Record Supported Operations
|
| syst_enums | 0 | 0 | 16 | View | Enumerates the enumerations known to the system along with additional metadata useful in applying them appropriately. User Defined Record Supported Operations
System Defined Record Supported Operations
|
| syst_identities | 0 | 0 | 16 | View | The identities with which access accounts are identified to the system. The most common example of an identity would be a user name such as an email address. User Defined Record Supported Operations
|
| syst_owner_network_rules | 0 | 0 | 15 | View | Defines firewall-like rules, scoped to specific owners, indicating which IP addresses are allowed to attempt authentication and which are not. These rules are applied in their defined order after all global_network_rules and before all instance_network_rules. User Defined Record Supported Operations
|
| syst_global_network_rules | 0 | 0 | 14 | View | Defines firewall-like rules that are global in scope indicating which IP addresses are allowed to attempt authentication and which are not. This also includes the concept of global defaults applied to new Owner IP address rules. These rules are applied in their defined ordering prior to all other rule sets. User Defined Record Supported Operations
|
| syst_disallowed_passwords | 0 | 0 | 1 | View | A list of hashed passwords which are disallowed for use in the system when the password rule to disallow common/known compromised passwords is enabled. Currently the expectation is that common passwords will be stored as sha1 hashes. User Defined Record Supported Operations
|
| syst_global_password_rules | 0 | 0 | 18 | View | Establishes a minimum standard for password credential complexity globally. Individual Owners may define more restrictive complexity requirements for their own accounts and instances, but may not weaken those defined globally. System Defined Record Supported Operations
|
| syst_applications | 0 | 0 | 11 | View | Describes the known applications which is managed by the global database and authentication infrastructure. User Defined Record Supported Operations
System Defined Record Supported Operations
|
| syst_credentials | 0 | 0 | 14 | View | Hosts the Credentials by which a user or external system will prove its Identity. General Usage Note that not all Credential types are available for authentication with all Identity types. User Defined Record Supported Operations
|
| syst_owners | 0 | 0 | 11 | View | Identifies instance owners. Instance owners are typically the clients which have commissioned the use of an application instance. User Defined Record Supported Operations
|
| syst_password_history | 0 | 0 | 10 | View | Keeps the history of access account prior passwords for enforcing the reuse password rule. User Defined Record Supported Operations
|
| syst_enum_functional_types | 0 | 0 | 15 | View | For those Enumerations requiring Functional Type designation, this table defines the available types and persists related metadata. Note that not all Enumerations require Functional Types. User Defined Record Supported Operations
System Defined Record Supported Operations
|
| syst_application_contexts | 0 | 0 | 15 | View | Applications are written with certain security and connection characteristics in mind which correlate to database roles used by the application for establishing connections. This table defines the datastore contexts the application is expecting so that Instance records can be validated against the expectations. User Defined Record Supported Operations
System Defined Record Supported Operations
|
| syst_instance_type_applications | 0 | 0 | 10 | View | A many-to-many relation indicating which Instance Types are usable for each Application. General Usage Note that creating ms_syst_data.syst_application_contexts records prior to inserting an Instance Type/Application association into this table is recommended as default Instance Type Context records can be created automatically on INSERT into this table so long as the supporting data is available. After insert here, manipulations of what Contexts Applications require must be handled manually. User Defined Record Supported Operations
|