syst_owner_network_rules


Description

Defines firewall-like rules, scoped to specific owners, indicating which IP addresses are allowed to attempt authentication and which are not. These rules are applied in their defined order after all global_network_rules and before all instance_network_rules.

Columns

Column Type Size Nulls Auto Default Children Parents Comments
id uuid 2147483647 uuid_generate_v7()

The record’s primary key. The definitive identifier of the record in the system.

General Usage

This column is system maintained and should be considered read only in normal operations.

owner_id uuid 2147483647 null
syst_owners.id syst_owner_network_rules_owner_fk C

The database identifier of the Owner record for whom the Network Rule is being defined.

ordering int4 10 null

Defines the order in which IP rules are applied. Lower values are applied prior to higher values.

General Usage

All records are ordered using unique ordering values within each owner value. When a new Owner Network Rule is inserted with the ordering value of an existing Owner Network Rule record for the same Owner, the system will assume the new record should be “inserted before” the existing record. Therefore the existing record will be reordered behind the new record by incrementing the existing record’s ordering value by one. This reordering process happens recursively until there are no ordering value conflicts for any of an Owner’s Network Rule records.

functional_type text 2147483647 null

Indicates how the system will interpret the IP address rule.

General Usage

The valid functional types are:

  • allow - the rule is explicitly allowing an IP address, network, or range of IP addresses to continue in the authentication process.

  • deny - the rule is explicitly rejecting an IP address, network, or range of IP addresses from the authentication process.

ip_host_or_network inet 2147483647 null

An IPv4 or IPv6 IP address or network block expressed using standard CIDR notation.

General Usage

If this value is given you should not provide an IP host address range in the ip_host_range_lower/ip_host_range_upper columns. Providing range column values when this column is not null will result in a consistency check failure.

ip_host_range_lower inet 2147483647 null

An IPv4 or IPv6 IP host address which is the lower bound (inclusive) of a range of IP addresses.

General Usage

If the value in this column is not null a value must also be provided for the ip_host_range_upper column. Both ip_host_range_lower and ip_host_range_upper must be of the same IP family (IPv4 or IPv6).

ip_host_range_upper inet 2147483647 null

An IPv4 or IPv6 IP host address which is the upper bound (inclusive) of a range of IP addresses.

General Usage

If the value in this column is not null a value must also be provided for the ip_host_range_lower column. Both ip_host_range_lower and ip_host_range_upper must be of the same IP family (IPv4 or IPv6).

diag_timestamp_created timestamptz 35,6 now()

The database server date/time when the transaction which created the record started.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_role_created text 2147483647 null

The database role which created the record.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_timestamp_modified timestamptz 35,6 now()

The database server date/time when the transaction which modified the record started. This field will be the same as diag_timestamp_created for inserted records.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_wallclock_modified timestamptz 35,6 clock_timestamp()

The database server date/time at the moment the record was actually modified. For long running transactions this time may be significantly later than the value of diag_timestamp_modified.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_role_modified text 2147483647 null

The database role which modified the record.

General Usage

This column is system maintained and should be considered read only in normal operations.

diag_row_version int8 19 1

The current version of the row. The value here indicates how many actual data changes have been made to the row. If an update of the row leaves all data fields the same, disregarding the updates to the diag_* columns, the row version is not updated, nor are any updates made to the other diag_* columns other than diag_update_count.

General Usage

This column is system maintained and should be considered read only in normal operations.

Direct Usage

This column is frequently used by by application logic to resolve the “dirty write” issues which can arise from concurrent data changes. As such any administrative override of automatic system maintenance of this value should consider the ramifications on application function.

diag_update_count int8 19 0

Records the number of times the record has been updated regardless as to if the update actually changed any data. In this way needless or redundant record updates can be found. This row starts at 0 and therefore may be the same as the diag_row_version - 1.

General Usage

This column is system maintained and should be considered read only in normal operations.

Indexes

Constraint Name Type Sort Column(s)
syst_owner_network_rules_pk Primary key Asc id
syst_owner_network_rules_owner_ordering_udx Must be unique Asc/Asc owner_id + ordering

Check Constraints

Constraint Name Constraint
syst_owner_network_rules_functional_type_chk ((functional_type = ANY (ARRAY['allow'::text, 'deny'::text])))
syst_owner_network_rules_host_or_range_chk ((((ip_host_or_network IS NOT NULL) AND (ip_host_range_lower IS NULL) AND (ip_host_range_upper IS NULL)) OR ((ip_host_or_network IS NULL) AND (ip_host_range_lower IS NOT NULL) AND (ip_host_range_upper IS NOT NULL))))
syst_owner_network_rules_ip_range_family_chk ((family(ip_host_range_lower) = family(ip_host_range_upper)))

Relationships