diff options
| -rw-r--r-- | docs/design-schema | 94 | 
1 files changed, 67 insertions, 27 deletions
| diff --git a/docs/design-schema b/docs/design-schema index c82c387..14e880e 100644 --- a/docs/design-schema +++ b/docs/design-schema @@ -25,16 +25,16 @@ Object Metadata            ob_acl_show           integer default null references acls(ac_id),            ob_acl_delete         integer default null references acls(ac_id),            ob_acl_flags          integer default null references acls(ac_id), -          ob_expires            datetime, +          ob_expires            datetime default null,            ob_created_by         varchar(255) not null,            ob_created_from       varchar(255) not null,            ob_created_on         datetime not null, -          ob_stored_by          varchar(255), -          ob_stored_from        varchar(255), -          ob_stored_on          datetime, -          ob_downloaded_by      varchar(255), -          ob_downloaded_from    varchar(255), -          ob_downloaded_on      datetime, +          ob_stored_by          varchar(255) default null, +          ob_stored_from        varchar(255) default null, +          ob_stored_on          datetime default null, +          ob_downloaded_by      varchar(255) default null, +          ob_downloaded_from    varchar(255) default null, +          ob_downloaded_on      datetime default null,            primary key (ob_name, ob_type));      Object names are not globally unique but only unique within their @@ -46,18 +46,21 @@ Object Metadata      references entries in the following table:        create table acls -         (ac_id                 integer auto_increment primary key); +         (ac_id                 integer auto_increment primary key, +          ac_name               varchar(255) not null);      This just keeps track of unique ACL identifiers.  The data is then      stored in:        create table acl_entry -         (ae_id                 integer not null references acls(ac_id), +         (ae_id                 integer +              not null references acls(ac_id),            ae_scheme             varchar(32)                not null references acl_schemes(as_name), -          ae_identifier         varchar(255)); +          ae_identifier         varchar(255) +              not null); -    Finally, each object may have zero or more flags associated with it. +    Each object may have zero or more flags associated with it.        create table flags           (fl_object             varchar(255) @@ -67,6 +70,59 @@ Object Metadata            fl_flag               varchar(32)                not null references flag_names(fn_name)); +    Every change made to any object in the wallet database will be +    recorded in this table. + +      create table object_history +         (oh_id                 integer auto_increment primary key, +          oh_object             varchar(255) +              not null references objects(ob_object), +          oh_type               varchar(16) +              not null references objects(ob_type), +          oh_action +               enum('create', 'delete', 'get', 'store', set') not null, +          oh_field +              enum('owner', 'acl_get', 'acl_store', 'acl_show', +                   'acl_delete', 'acl_flags', 'expires', 'flags', +                   'type_data'), +          oh_type_field         varchar(255), +          oh_from               varchar(255), +          oh_to                 varchar(255), +          oh_by                 varchar(255) not null, +          oh_from               varchar(255) not hull, +          oh_on                 datetime not null, +          primary key (oh_object, oh_type)); + +    For a change of type create, get, store, or delete, only the action +    and the trace records (by, from, and on) are stored.  For changes to +    columns or to the flags table, oh_field takes what attribute is +    changed, oh_from takes the previous value converted to a string and +    oh_to takes the next value similarly converted to a string.  The +    special field value "type_data" is used when type-specific data is +    changed, and in that case (and only that case) some type-specific name +    for the data being changed is stored in oh_type_field. + +    Every change made to any ACL in the database will be recorded in this +    table. + +      create table acl_history +         (ah_id                 integer auto_increment primary key, +          ah_acl                integer not null, +          ah_action             enum('create', 'delete', 'add', 'remove') +              not null, +          ah_scheme             varchar(32), +          ah_identifier         varchar(255), +          ah_by                 varchar(255) not null, +          ah_from               varchar(255) not null, +          ah_on                 datetime not null); + +    For a change of type create or delete, only the action and the trace +    records (by, from, and on) are stored.  For a change to the lines of +    an ACL, the scheme and identifier of the line that was added or +    deleted is included.  Note that changes to the ACL name are not +    recorded; ACLs are always tracked by system-generated ID, so name +    changes are purely cosmetic. +      The following are normalization tables used to constrain the values         create table types @@ -78,22 +134,6 @@ Object Metadata        create table flag_names           (fn_name               varchar(32) primary key); -ACL Backend Data - -    To support the krb5-group ACL type, groups are stored in the following -    table: - -      create table krb5_groups -         (kg_name               varchar(255) primary key, -          kg_owner              integer default null references acls(ac_id)); - -    Each group contains zero or more principals: - -      create table krb5_members -         (km_group              varchar(255) -              not null references krb5_groups(kg_name), -          km_principal          varchar(255) not null); -  Storage Backend Data      To support restricting the allowable enctypes for a given keytab, the | 
