syst_credentials


Description

Hosts the Credentials by which a user or external system will prove its Identity.

General Usage

Note that not all Credential types are available for authentication with all Identity types.

Columns

Column Type Size Nulls Auto Default Children Parents Comments
id uuid 2147483647 uuid_generate_v7()

The record’s primary key. The definitive identifier of the record in the system.

General Usage

This column is system maintained and should be considered read only in normal operations.

access_account_id uuid 2147483647 null
syst_access_accounts.id syst_credentials_access_accounts_fk C

The Access Account for which the Credential is to be used.

credential_type_id uuid 2147483647 null
syst_enum_items.id syst_credentials_credential_types_fk R

The kind of Credential that the record represents.

General Usage

Note that the behavior and use cases of the Credential may have specific processing and handling requirements based on the Functional Type of the Credential ype.

credential_for_identity_id uuid 2147483647 null
syst_identities.id syst_credentials_for_identities_fk C

When an Access Account Identity is created for either Identity Validation or Access Account recovery, a single use Identity is created as well as a single use Credential. In this specific case, the one time use Credential and the one time use Identity are linked. This is especially important in recovery scenarios to ensure that only the correct recovery communication can recover the account. This field identifies the which Identity is associated with the Credential.

For regular use Identities, there are no special Credential requirements that would be needed to for a link and the value in this column should be null.

credential_data text 2147483647 null

The actual data which supports verifying the presented Identity in relation to the Access Account.

last_updated timestamptz 35,6 now()

For Credential types where rules regarding updating may apply, such as common passwords, this column indicates when the Credential was last updated (timestamp of last password change, for example).

General Usage

This field is explicitly not for dating trivial or administrative changes which don’t actually materially change the Credential data; please consult the appropriate diagnostic fields for those use cases.

force_reset timestamptz 35,6 null

Indicates whether or not certain Credential types, such as passwords, must be updated.

General Usage

When NOT NULL, the user must update their Credential on the next login; when NULL updating the Credential is not being administratively forced.

diag_timestamp_created timestamptz 35,6 now()

The database server date/time when the transaction which created the record started.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_role_created text 2147483647 null

The database role which created the record.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_timestamp_modified timestamptz 35,6 now()

The database server date/time when the transaction which modified the record started. This field will be the same as diag_timestamp_created for inserted records.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_wallclock_modified timestamptz 35,6 clock_timestamp()

The database server date/time at the moment the record was actually modified. For long running transactions this time may be significantly later than the value of diag_timestamp_modified.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_role_modified text 2147483647 null

The database role which modified the record.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_row_version int8 19 1

The current version of the row. The value here indicates how many actual data changes have been made to the row. If an update of the row leaves all data fields the same, disregarding the updates to the diag_* columns, the row version is not updated, nor are any updates made to the other diag_* columns other than diag_update_count.

General Usage

This column is system maintained and should be considered read only in normal operations.

Direct Usage

This column is frequently used by by application logic to resolve the “dirty write” issues which can arise from concurrent data changes. As such any administrative override of automatic system maintenance of this value should consider the ramifications on application function.

diag_update_count int8 19 0

Records the number of times the record has been updated regardless as to if the update actually changed any data. In this way needless or redundant record updates can be found. This row starts at 0 and therefore may be the same as the diag_row_version - 1.

General Usage

This column is system maintained and should be considered read only in normal operations.

Indexes

Constraint Name Type Sort Column(s)
syst_credentials_pk Primary key Asc id
syst_credentials_udx Must be unique Asc/Asc/Asc access_account_id + credential_type_id + credential_for_identity_id

Relationships