5.3 Views

5.3.1 ad.ds_objects_view

Column Name

SQL Server

PostgreSQL

Notes

forest_dns

nvarchar(256)

varchar(256)

Forest DNS name

domain_dns

nvarchar(256)

varchar(256)

Domain DNS name

domain_netbios

nvarchar(15)

varchar(15)

Domain NetBIOS name

id

bigint

bigint

Primary key

dn

nvarchar(max)

text

Distinguished name

db_domain_sid

nvarchar(256)

varchar(256)

SID of the domain itself

db_last_update

datetime2(3)

timestamp

Last update time for this entry in the database

account_expires

datetime2(0)

timestamp

 

create_timestamp

datetime2(0)

timestamp

 

department

nvarchar(64)

varchar(64)

 

description

nvarchar(1024)

varchar(1024)

Only uses first value of this multi-value attribute

display_name

nvarchar(256)

varchar(256)

 

dns_host_name

nvarchar(2048)

varchar(2048)

Applies to Computer objects

given_name

nvarchar(64)

varchar(64)

 

group_type

integer

integer

See https://docs.microsoft.com/en-us/windows/win32/adschema/a-grouptype for details.

  • Flags:
  • 0x01 - System created group
  • 0x02 - Global group
  • 0x04 - Domain Local group
  • 0x08 - Universal group

0x10 - APP_BASIC group for Windows Server Authorization Manager

0x20 - APP_QUERY group for Windows Server Authorization Manager

0x80000000 - Security Group. If not set, then a Distribution Group

last_logon_timestamp

datetime2(0)

timestamp

NOTE: This attribute only has 14-day granularity.

See: https://docs.microsoft.com/en-us/windows/win32/adschema/a-lastlogontimestamp

mail

nvarchar(256)

varchar(256)

 

managed_by_guid

nvarchar(36)

varchar(36)

GUID of referenced DS object

manager_guid

nvarchar(36)

varchar(36)

GUID of referenced DS object

object_category

nvarchar(256)

varchar(256)

Using LDAP display name, not FDN.

object_class

nvarchar(256)

varchar(256)

Only includes structural class value from this multi-value attribute.

object_guid

nvarchar(36)

varchar(36)

Object's GUID

object_sid

nvarchar(256)

varchar(256)

Object's Security Identifier

primary_group_sid

varbinary(68)

varchar(256)

SID of referenced object

sam_account_name

nvarchar(256)

varchar(256)

SAM account name

sam_account_type

integer

integer

See https://docs.microsoft.com/en-us/windows/win32/adschema/a-samaccounttype for details.

  • Enum values:
  • 0x00000000 - Domain
  • 0x10000000 - Group
  • 0x10000001 - Non-security Group object
  • 0x20000000 - Alias object
  • 0x20000001 - Non-security Alias object
  • 0x30000000 - Normal User account
  • 0x30000001 - Machine (computer) account
  • 0x30000002 - Trust account
  • 0x40000000 - APP_BASIC Group
  • 0x40000001 - APP_QUERY Group

sam_principal_name

nvarchar(256)

varchar(256)

NetBIOS\SamAccountName. From msDS-PrincipalName.

Note that the NetBIOS name here may be different from the associated domain NetBIOS name where this account was scanned.

This is especially true for domain Builtin\* accounts and foreign security principals.

surname

nvarchar(64)

varchar(64)

 

title

nvarchar(128)

varchar(128)

 

uac_flags

integer

integer

  • Combines both userAccessControl and msDs-User-Account-Control-Computed attribute values into a single flag.
  • See the following for details:
  • https://docs.microsoft.com/en-us/windows/win32/adschema/a-useraccountcontrol
  • https://docs.microsoft.com/en-us/windows/win32/adschema/a-msds-user-account-control-computed
  • Flags values:
  • 0x00000001 - Logon script is executed
  • 0x00000002 - User Account disabled
  • 0x00000008 - Home directory required
  • 0x00000010 - Account currently locked out
  • 0x00000020 - No password required
  • 0x00000040 - User cannot change password
  • 0x00000080 - User can send encrypted password
  • 0x00000100 - Temporary duplicate account
  • 0x00000200 - Normal account - typical user
  • 0x00000800 - Inter-domain trust account
  • 0x00001000 - Computer (Workstation / Member Server) account
  • 0x00002000 - Domain controller computer account
  • 0x00010000 - Password does not expire
  • 0x00020000 - Majority Node Set (MNS) logon account
  • 0x00040000 - Smart card required for logon
  • 0x00080000 - Service account trusted for Kerberos delegation
  • 0x00100000 - Account not allowed trust for delegation
  • 0x00200000 - Account can only use DES keys
  • 0x00400000 - Account does not require Kerberos pre-authentication for logon
  • 0x00800000 - User password has expired
  • 0x01000000 - Account enabled for delegation
  • 0x04000000 - Partial secrets account
  • 0x08000000 - Account can only use Use AES keys

upn

nvarchar(1024)

varchar(1024)

User principal name

5.3.2 srs.baseline_fs_scandata

Column Name

SQL Server

PostgreSQL

Notes

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

fullpath

nvarchar(max)

text

Full UNC path to the file system entry

name

nvarchar(256)

varchar(256)

File or directory name

filename_extension

nvarchar(32)

varchar(32)

File name extension

create_time

datetime2(0)

timestamp

Stored as UTC time

modify_time

datetime2(0)

timestamp

Stored as UTC time

access_time

datetime2(0)

timestamp

Stored as UTC time

size

bigint

bigint

For files, actual size; for directories, accumulative size of all subordinate files

size_on_disk

bigint

bigint

Assumes typical allocation unit size of 4K

size_compressed

bigint

bigint

Only accurate for NTFS file systems

owner_identity_system

nvarchar(256)

varchar(256)

Owner’s Identity System name

owner_domain

nvarchar(256)

varchar(256)

Owner’s Active Directory domain

owner_name

nvarchar(256)

varchar(256)

SAM Account name

owner_fdn

nvarchar(512)

varchar(512)

Full distinguished object name

owner_display_name

nvarchar(max)

text

Domain\SamAccountName

owner_id

varbinary(68)

bytea

Security Identifier (SID)

attributes

integer

integer

  • 0x0 = None
  • 0x1 = Read Only
  • 0x2 = Archive
  • 0x4 = System
  • 0x8 = Hidden
  • 0x10 = Directory
  • 0x20 = Compressed
  • 0x40 = Offline
  • 0x80 = NTFS device
  • 0x100 = NTFS Normal
  • 0x200 = NTFS Temporary
  • 0x400 = NTFS Sparse File
  • 0x800 = NTFS Reparse Point
  • 0x1000 = NTFS Not content indexed
  • 0x2000 = NTFS Encrypted
  • 0x4000 = NTFS Virtual

attribute_string

nvarchar(256)

varchar(256)

See srs.attribute_string function

fullpath_hash

binary(20)

bytea

SHA-1 hash of lowercase fullpath

idx

integer

integer

Scan index; unique per scan

parent_idx

integer

integer

Parent index. Used for hierarchical relation processing

path_depth

integer

integer

Entry depth with respect to the scan target’s root path.

ns_left

integer

integer

Nested-set Left index – used for hierarchical relation processing

ns_right

integer

integer

Nested-set Right index – used for hierarchical relation processing

scan_id

integer

integer

Reference to scans table

scan_data_id

bigint

bigint

Reference to scan_data table

path_type

integer

integer

  • 0 = Unknown
  • 1 = File
  • 2 = Directory
  • 3 = File Symbolic Link
  • 4 = Directory Symbolic Link
  • 5 = Junction
  • 6 = Mount Point
  • 7 = Share
  • 8 = Volume
  • 9 = DFS Link
  • 10 = DFS Folder
  • 11 = DFS Root
  • 12 = HSM Stub
  • 13 = Reparse Point Unknown
  • 17 = Single Instance Storage Stub
  • 18 = Named Stream

status_code

integer

integer

 

5.3.3 srs.baseline_fs_scans

Column Name

SQL Server

PostgreSQL

Notes

id

bigint

bigint

Primary key

scan_id

integer

integer

Reference to scans table

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

platform

integer

integer

  • 0 = Unknown
  • 1 = Windows

filesystem

integer

integer

  • 0 = Unknown
  • 1 = NTFS

scan_type

integer

integer

Should always be 1

progress_status

integer

integer

  • -2 = Waiting for retry
  • -1 = Ready for cleanup
  • 0 = Waiting for delegation
  • 1 = Delegated / scan in progress
  • 2 = Scan file transfer in progress
  • 3 = Database update in progress
  • 4 = Current - scan process complete
  • 5 = Database update pending
  • 6 = Previous
  • 7 = Retained

identity_system_id

integer

integer

 

scan_target_id

integer

integer

 

status_code

integer

integer

 

ntfs_abe_enabled

bit

boolean

Flag indicating that the Windows share has ABE enabled

agent

nvarchar(256)

varchar(256)

Name of agent that performed the scan

file_count

integer

integer

Number of files in the scan

directory_count

integer

integer

Number of directories in the scan

link_count

integer

integer

Number of links (junctions, symbolic links, reparse points) in the scan

5.3.4 srs.baseline_ntfs_aces

Column Name

SQL Server

PostgreSQL

Notes

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

fullpath

nvarchar(max)

text

Full UNC path to the file system entry

trustee_identity_system

nvarchar(256)

varchar(256)

Trustee’s Identity System name

trustee_domain

nvarchar(256)

varchar(256)

Trustee’s Active Directory domain

trustee_name

nvarchar(256)

varchar(256)

SAMAccount name

trustee_fdn

nvarchar(512)

varchar(512)

Full distinguished name

trustee_display_name

nvarchar(max)

text

DOMAIN\SAMAccount

trustee_type

integer

integer

  • 0 = Unknown / Other
  • 1 = User
  • 2 = Group
  • 3 = Computer

sid

varbinary(68)

bytea

 

access_mask

integer

integer

  • 0x1 = Read Data / List Directory
  • 0x2 = Write Data / Create File
  • 0x4 = Append Data / Create Subdirectory
  • 0x8 = Read Extended Attributes
  • 0x10 = Write Extended Attributes
  • 0x20 = File Execute / Traverse
  • 0x40 = Delete Child
  • 0x80 = Read Attributes
  • 0x100 = Write Attributes
  • 0x10000 = Delete
  • 0x20000 = Read Permissions
  • 0x40000 = Change Permissions
  • 0x80000 = Change Owner
  • 0x100000 = Synchronize
  • 0x1000000 = Access System Security
  • 0x10000000 = Generic All
  • 0x20000000 = Generic Execute
  • 0x40000000 = Generic Write
  • 0x80000000 = Generic Read

access_mask_string

nvarchar(128)

varchar(128)

See srs.access_mask_string

basic_permissions

nvarchar(128)

varchar(128)

See srs.access_mask_basic_string

ace_type

smallint

smallint

  • 0 = Access Allowed
  • 1 = Access Denied
  • 2 = System Audit
  • 9 = Allowed Callback
  • 10 = Denied Callback
  • 13 = System Audit Callback
  • 17 = System Mandatory Label

ace_type_string

nvarchar(128)

varchar(128)

See srs.ace_type_string

ace_flags

smallint

smallint

  • 0x1 = Object Inherit
  • 0x2 = Container Inherit
  • 0x4 = No Propagate
  • 0x8 = Inherit Only
  • 0x10 = Inherited
  • 0x40 = Successful Access
  • 0x80 = Failed Access

ace_flags_string

nvarchar(128)

varchar(128)

See srs.ace_flags_string

idx

integer

integer

Scan index; unique per scan

parent_idx

integer

integer

Parent index. Used for hierarchical relation processing

path_depth

integer

integer

Entry depth with respect to the scan target’s root path.

ns_left

integer

integer

Nested-set Left index – used for hierarchical relation processing

ns_right

integer

integer

Nested-set Right index – used for hierarchical relation processing

scan_id

integer

integer

Reference to scans table

scan_data_id

bigint

bigint

Reference to scan_data table

path_type

integer

integer

  • 0 = Unknown
  • 1 = File
  • 2 = Directory
  • 3 = File Symbolic Link
  • 4 = Directory Symbolic Link
  • 5 = Junction
  • 6 = Mount Point
  • 7 = Share
  • 8 = Volume
  • 9 = DFS Link
  • 10 = DFS Folder
  • 11 = DFS Root
  • 12 = HSM Stub
  • 13 = Reparse Point Unknown
  • 17 = Single Instance Storage Stub
  • 18 = Named Stream

status_code

integer

integer

 

identity_system_id

integer

integer

Reference to identity_systems table

scan_target_id

integer

integer

Reference to scan_targets table

ad_object_id

integer

integer

Reference to ad_objects table

5.3.5 srs.baseline_permissions_scans

Column Name

SQL Server

PostgreSQL

Notes

id

bigint

bigint

Primary key

scan_id

integer

integer

Reference to scans table

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

platform

smallint

smallint

  • 0 = Unknown
  • 1 = Windows

filesystem

smallint

smallint

  • 0 = Unknown
  • 1 = NTFS

scan_type

integer

integer

Should always be 2

progress_status

integer

integer

  • -2 = Waiting for retry
  • -1 = Ready for cleanup
  • 0 = Waiting for delegation
  • 1 = Delegated / scan in progress
  • 2 = Scan file transfer in progress
  • 3 = Database update in progress
  • 4 = Current - scan process complete
  • 5 = Database update pending
  • 6 = Previous
  • 7 = Retained

identity_system_id

integer

integer

Reference to identity_systems table

scan_target_id

integer

integer

Reference to scan_targets table

status_code

integer

integer

 

ntfs_abe_enabled

bit

boolean

Flag indicating that the Windows share has ABE enabled

agent

nvarchar(256)

varchar(256)

Name of agent that performed the scan

directory_count

integer

integer

Number of directories in the scan

5.3.6 srs.current_fs_scandata

Column Name

SQL Server

PostgreSQL

Notes

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

fullpath

nvarchar(max)

text

Full UNC path to the file system entry

name

nvarchar(256)

varchar(256)

File or directory name

filename_extension

nvarchar(32)

varchar(32)

File name extension

create_time

datetime2(0)

timestamp

Stored as UTC time

modify_time

datetime2(0)

timestamp

Stored as UTC time

access_time

datetime2(0)

timestamp

Stored as UTC time

size

bigint

bigint

For files, actual size; for directories, accumulative size of all subordinate files

size_on_disk

bigint

bigint

Assumes typical allocation unit size of 4K

size_compressed

bigint

bigint

Only accurate for NTFS file systems

owner_identity_system

nvarchar(256)

varchar(256)

Owner’s Identity System name

owner_domain

nvarchar(256)

varchar(256)

Owner’s Active Directory domain

owner_name

nvarchar(256)

varchar(256)

SAM Account name

owner_fdn

nvarchar(512)

varchar(512)

Full distinguished object name

owner_display_name

nvarchar(max)

text

Domain\SamAccountName

owner_id

varbinary(68)

bytea

Security Identifier (SID)

attributes

integer

integer

  • 0x0 = None
  • 0x1 = Read Only
  • 0x2 = Archive
  • 0x4 = System
  • 0x8 = Hidden
  • 0x10 = Directory
  • 0x20 = Compressed
  • 0x40 = Offline
  • 0x80 = NTFS device
  • 0x100 = NTFS Normal
  • 0x200 = NTFS Temporary
  • 0x400 = NTFS Sparse File
  • 0x800 = NTFS Reparse Point
  • 0x1000 = NTFS Not content indexed
  • 0x2000 = NTFS Encrypted
  • 0x4000 = NTFS Virtual

attribute_string

nvarchar(256)

varchar(256)

See srs.attribute_string function

fullpath_hash

binary(20)

bytea

SHA-1 hash of lowercase fullpath

idx

integer

integer

Scan index; unique per scan

parent_idx

integer

integer

Parent index. Used for hierarchical relation processing

path_depth

integer

integer

Entry depth with respect to the scan target’s root path.

ns_left

integer

integer

Nested-set Left index – used for hierarchical relation processing

ns_right

integer

integer

Nested-set Right index – used for hierarchical relation processing

scan_id

integer

integer

Reference to scans table

scan_data_id

bigint

bigint

Reference to scan_data table

path_type

integer

integer

  • 0 = Unknown
  • 1 = File
  • 2 = Directory
  • 3 = File Symbolic Link
  • 4 = Directory Symbolic Link
  • 5 = Junction
  • 6 = Mount Point
  • 7 = Share
  • 8 = Volume
  • 9 = DFS Link
  • 10 = DFS Folder
  • 11 = DFS Root
  • 12 = HSM Stub
  • 13 = Reparse Point Unknown
  • 17 = Single Instance Storage Stub
  • 18 = Named Stream

status_code

integer

integer

 

5.3.7 srs.current_fs_scans

Column

SQL Server

PostgreSQL

Notes

id

bigint

bigint

Primary key

scan_id

integer

integer

Reference to scans table

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

platform

integer

integer

  • 0 = Unknown
  • 1 = Windows

filesystem

integer

integer

  • 0 = Unknown
  • 1 = NTFS

scan_type

integer

integer

Should always be 1

progress_status

integer

integer

  • -2 = Waiting for retry
  • -1 = Ready for cleanup
  • 0 = Waiting for delegation
  • 1 = Delegated / scan in progress
  • 2 = Scan file transfer in progress
  • 3 = Database update in progress
  • 4 = Current - scan process complete
  • 5 = Database update pending
  • 6 = Previous
  • 7 = Retained

identity_system_id

integer

integer

Reference to identity_systems table

scan_target_id

integer

integer

Reference to scan_targets table

status_code

integer

integer

 

ntfs_abe_enabled

bit

boolean

Flag indicating that the Windows share has ABE enabled

is_valid

bit

boolean

[Deprecated]

agent

nvarchar(256)

varchar(256)

Name of agent that performed the scan

file_count

integer

integer

Number of files in the scan

directory_count

integer

integer

Number of directories in the scan

link_count

integer

integer

Number of links (junctions, symbolic links, reparse points) in the scan

5.3.8 srs.current_ntfs_aces

Column Name

SQL Server

PostgreSQL

Notes

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

fullpath

nvarchar(max)

text

Full UNC path to the file system entry

trustee_identity_system

nvarchar(256)

varchar(256)

Trustee’s Identity System name

trustee_domain

nvarchar(256)

varchar(256)

Trustee’s Active Directory domain

trustee_name

nvarchar(256)

varchar(256)

SAMAccount name

trustee_fdn

nvarchar(512)

varchar(512)

Full distinguished name

trustee_display_name

nvarchar(max)

text

DOMAIN\SAMAccount

trustee_type

integer

integer

  • 0 = Unknown / Other
  • 1 = User
  • 2 = Group
  • 3 = Computer

sid

varbinary(68)

bytea

 

access_mask

integer

integer

  • 0x1 = Read Data / List Directory
  • 0x2 = Write Data / Create File
  • 0x4 = Append Data / Create Subdirectory
  • 0x8 = Read Extended Attributes
  • 0x10 = Write Extended Attributes
  • 0x20 = File Execute / Traverse
  • 0x40 = Delete Child
  • 0x80 = Read Attributes
  • 0x100 = Write Attributes
  • 0x10000 = Delete
  • 0x20000 = Read Permissions
  • 0x40000 = Change Permissions
  • 0x80000 = Change Owner
  • 0x100000 = Synchronize
  • 0x1000000 = Access System Security
  • 0x10000000 = Generic All
  • 0x20000000 = Generic Execute
  • 0x40000000 = Generic Write
  • 0x80000000 = Generic Read

access_mask_string

nvarchar(128)

varchar(128)

See srs.access_mask_string

basic_permissions

nvarchar(128)

varchar(128)

See srs.access_mask_basic_string

ace_type

smallint

smallint

  • 0 = Access Allowed
  • 1 = Access Denied
  • 2 = System Audit
  • 9 = Allowed Callback
  • 10 = Denied Callback
  • 13 = System Audit Callback
  • 17 = System Mandatory Label

ace_type_string

nvarchar(128)

varchar(128)

See srs.ace_type_string

ace_flags

smallint

smallint

  • 0x1 = Object Inherit
  • 0x2 = Container Inherit
  • 0x4 = No Propagate
  • 0x8 = Inherit Only
  • 0x10 = Inherited
  • 0x40 = Successful Access
  • 0x80 = Failed Access

ace_flags_string

nvarchar(128)

varchar(128)

See srs.ace_flags_string

idx

integer

integer

Scan index; unique per scan

parent_idx

integer

integer

Parent index. Used for hierarchical relation processing

path_depth

integer

integer

Entry depth with respect to the scan target’s root path.

ns_left

integer

integer

Nested-set Left index – used for hierarchical relation processing

ns_right

integer

integer

Nested-set Right index – used for hierarchical relation processing

scan_id

integer

integer

Reference to scans table

scan_data_id

bigint

bigint

Reference to scan_data table

path_type

integer

integer

  • 0 = Unknown
  • 1 = File
  • 2 = Directory
  • 3 = File Symbolic Link
  • 4 = Directory Symbolic Link
  • 5 = Junction
  • 6 = Mount Point
  • 7 = Share
  • 8 = Volume
  • 9 = DFS Link
  • 10 = DFS Folder
  • 11 = DFS Root
  • 12 = HSM Stub
  • 13 = Reparse Point Unknown
  • 17 = Single Instance Storage Stub
  • 18 = Named Stream

status_code

integer

integer

 

identity_system_id

integer

integer

Reference to identity_systems table

scan_target_id

integer

integer

Reference to scan_targets table

ad_object_id

integer

integer

Reference to ad_objects table

5.3.9 srs.current_permissions_scans

Column Name

SQL Server

PostgreSQL

Notes

id

bigint

bigint

Primary key

scan_id

integer

integer

Reference to scans table

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

platform

smallint

smallint

  • 0 = Unknown
  • 1 = Windows

filesystem

smallint

smallint

  • 0 = Unknown
  • 1 = NTFS

scan_type

integer

integer

Should always be 2

progress_status

integer

integer

  • -2 = Waiting for retry
  • -1 = Ready for cleanup
  • 0 = Waiting for delegation
  • 1 = Delegated / scan in progress
  • 2 = Scan file transfer in progress
  • 3 = Database update in progress
  • 4 = Current - scan process complete
  • 5 = Database update pending
  • 6 = Previous
  • 7 = Retained

identity_system_id

integer

integer

Reference to identity_systems table

scan_target_id

integer

integer

Reference to scan_targets table

status_code

integer

integer

 

ntfs_abe_enabled

bit

boolean

Flag indicating that the Windows share has ABE enabled

is_valid

bit

boolean

[Deprecated]

agent

nvarchar(256)

varchar(256)

Name of agent that performed the scan

directory_count

integer

integer

Number of directories in the scan

5.3.10 srs.previous_fs_scandata

Column Name

SQL Server

PostgreSQL

Notes

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

fullpath

nvarchar(max)

text

Full UNC path to the file system entry

name

nvarchar(256)

varchar(256)

File or directory name

filename_extension

nvarchar(32)

varchar(32)

File name extension

create_time

datetime2(0)

timestamp

Stored as UTC time

modify_time

datetime2(0)

timestamp

Stored as UTC time

access_time

datetime2(0)

timestamp

Stored as UTC time

size

bigint

bigint

For files, actual size; for directories, accumulative size of all subordinate files

size_on_disk

bigint

bigint

Assumes typical allocation unit size of 4K

size_compressed

bigint

bigint

Only accurate for NTFS file systems

owner_identity_system

nvarchar(256)

varchar(256)

Owner’s Identity System name

owner_domain

nvarchar(256)

varchar(256)

Owner’s Active Directory domain

owner_name

nvarchar(256)

varchar(256)

SAM Account name

owner_fdn

nvarchar(512)

varchar(512)

Full distinguished object name

owner_display_name

nvarchar(max)

text

Domain\SamAccountName

owner_id

varbinary(68)

bytea

Security Identifier (SID)

attributes

integer

integer

  • 0x0 = None
  • 0x1 = Read Only
  • 0x2 = Archive
  • 0x4 = System
  • 0x8 = Hidden
  • 0x10 = Directory
  • 0x20 = Compressed
  • 0x40 = Offline
  • 0x80 = NTFS device
  • 0x100 = NTFS Normal
  • 0x200 = NTFS Temporary
  • 0x400 = NTFS Sparse File
  • 0x800 = NTFS Reparse Point
  • 0x1000 = NTFS Not content indexed
  • 0x2000 = NTFS Encrypted
  • 0x4000 = NTFS Virtual

attribute_string

nvarchar(256)

varchar(256)

See srs.attribute_string function

fullpath_hash

binary(20)

bytea

SHA-1 hash of lowercase fullpath

idx

integer

integer

Scan index; unique per scan

parent_idx

integer

integer

Parent index. Used for hierarchical relation processing

path_depth

integer

integer

Entry depth with respect to the scan target’s root path.

ns_left

integer

integer

Nested-set Left index – used for hierarchical relation processing

ns_right

integer

integer

Nested-set Right index – used for hierarchical relation processing

scan_id

integer

integer

Reference to scans table

scan_data_id

bigint

bigint

Reference to scan_data table

path_type

integer

integer

  • 0 = Unknown
  • 1 = File
  • 2 = Directory
  • 3 = File Symbolic Link
  • 4 = Directory Symbolic Link
  • 5 = Junction
  • 6 = Mount Point
  • 7 = Share
  • 8 = Volume
  • 9 = DFS Link
  • 10 = DFS Folder
  • 11 = DFS Root
  • 12 = HSM Stub
  • 13 = Reparse Point Unknown
  • 17 = Single Instance Storage Stub
  • 18 = Named Stream

status_code

integer

integer

 

5.3.11 srs.previous_fs_scans

Column Name

SQL Server

PostgreSQL

Notes

id

bigint

bigint

Primary key

scan_id

integer

integer

Reference to scans table

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

platform

integer

integer

  • 0 = Unknown
  • 1 = Windows

filesystem

integer

integer

  • 0 = Unknown
  • 1 = NTFS

scan_type

integer

integer

Should always be 1

progress_status

integer

integer

  • -2 = Waiting for retry
  • -1 = Ready for cleanup
  • 0 = Waiting for delegation
  • 1 = Delegated / scan in progress
  • 2 = Scan file transfer in progress
  • 3 = Database update in progress
  • 4 = Current - scan process complete
  • 5 = Database update pending
  • 6 = Previous
  • 7 = Retained

identity_system_id

integer

integer

 

scan_target_id

integer

integer

 

status_code

integer

integer

 

ntfs_abe_enabled

bit

boolean

Flag indicating that the Windows share has ABE enabled

agent

nvarchar(256)

varchar(256)

Name of agent that performed the scan

file_count

integer

integer

Number of files in the scan

directory_count

integer

integer

Number of directories in the scan

link_count

integer

integer

Number of links (junctions, symbolic links, reparse points) in the scan

5.3.12 srs.previous_ntfs_aces

Column Name

SQL Server

PostgreSQL

Notes

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

fullpath

nvarchar(max)

text

Full UNC path to the file system entry

trustee_identity_system

nvarchar(256)

varchar(256)

Trustee’s Identity System name

trustee_domain

nvarchar(256)

varchar(256)

Trustee’s Active Directory domain

trustee_name

nvarchar(256)

varchar(256)

SAMAccount name

trustee_fdn

nvarchar(512)

varchar(512)

Full distinguished name

trustee_display_name

nvarchar(max)

text

DOMAIN\SAMAccount

trustee_type

integer

integer

  • 0 = Unknown / Other
  • 1 = User
  • 2 = Group
  • 3 = Computer

sid

varbinary(68)

bytea

 

access_mask

integer

integer

  • 0x1 = Read Data / List Directory
  • 0x2 = Write Data / Create File
  • 0x4 = Append Data / Create Subdirectory
  • 0x8 = Read Extended Attributes
  • 0x10 = Write Extended Attributes
  • 0x20 = File Execute / Traverse
  • 0x40 = Delete Child
  • 0x80 = Read Attributes
  • 0x100 = Write Attributes
  • 0x10000 = Delete
  • 0x20000 = Read Permissions
  • 0x40000 = Change Permissions
  • 0x80000 = Change Owner
  • 0x100000 = Synchronize
  • 0x1000000 = Access System Security
  • 0x10000000 = Generic All
  • 0x20000000 = Generic Execute
  • 0x40000000 = Generic Write
  • 0x80000000 = Generic Read

access_mask_string

nvarchar(128)

varchar(128)

See srs.access_mask_string

basic_permissions

nvarchar(128)

varchar(128)

See srs.access_mask_basic_string

ace_type

smallint

smallint

  • 0 = Access Allowed
  • 1 = Access Denied
  • 2 = System Audit
  • 9 = Allowed Callback
  • 10 = Denied Callback
  • 13 = System Audit Callback
  • 17 = System Mandatory Label

ace_type_string

nvarchar(128)

varchar(128)

See srs.ace_type_string

ace_flags

smallint

smallint

  • 0x1 = Object Inherit
  • 0x2 = Container Inherit
  • 0x4 = No Propagate
  • 0x8 = Inherit Only
  • 0x10 = Inherited
  • 0x40 = Successful Access
  • 0x80 = Failed Access

ace_flags_string

nvarchar(128)

varchar(128)

See srs.ace_flags_string

idx

integer

integer

Scan index; unique per scan

parent_idx

integer

integer

Parent index. Used for hierarchical relation processing

path_depth

integer

integer

Entry depth with respect to the scan target’s root path.

ns_left

integer

integer

Nested-set Left index – used for hierarchical relation processing

ns_right

integer

integer

Nested-set Right index – used for hierarchical relation processing

scan_id

integer

integer

Reference to scans table

scan_data_id

bigint

bigint

Reference to scan_data table

path_type

integer

integer

  • 0 = Unknown
  • 1 = File
  • 2 = Directory
  • 3 = File Symbolic Link
  • 4 = Directory Symbolic Link
  • 5 = Junction
  • 6 = Mount Point
  • 7 = Share
  • 8 = Volume
  • 9 = DFS Link
  • 10 = DFS Folder
  • 11 = DFS Root
  • 12 = HSM Stub
  • 13 = Reparse Point Unknown
  • 17 = Single Instance Storage Stub
  • 18 = Named Stream

status_code

integer

integer

 

identity_system_id

integer

integer

Reference to identity_systems table

scan_target_id

integer

integer

Reference to scan_targets table

ad_object_id

integer

integer

Reference to ad_objects table

5.3.13 srs.previous_permissions_scans

Column Name

SQL Server

PostgreSQL

Notes

id

bigint

bigint

Primary key

scan_id

integer

integer

Reference to scans table

identity_system

nvarchar(256)

varchar(256)

Identity system name

domain

nvarchar(256)

varchar(256)

Active Directory domain

server

nvarchar(256)

varchar(256)

Server name

scan_target

nvarchar(256)

varchar(256)

UNC root path for scan target

platform

smallint

smallint

  • 0 = Unknown
  • 1 = Windows

filesystem

smallint

smallint

  • 0 = Unknown
  • 1 = NTFS

scan_type

integer

integer

Should always be 2

progress_status

integer

integer

  • -2 = Waiting for retry
  • -1 = Ready for cleanup
  • 0 = Waiting for delegation
  • 1 = Delegated / scan in progress
  • 2 = Scan file transfer in progress
  • 3 = Database update in progress
  • 4 = Current - scan process complete
  • 5 = Database update pending
  • 6 = Previous
  • 7 = Retained

identity_system_id

integer

integer

Reference to identity_systems table

scan_target_id

integer

integer

Reference to scan_targets table

status_code

integer

integer

 

ntfs_abe_enabled

bit

boolean

Flag indicating that the Windows share has ABE enabled

agent

nvarchar(256)

varchar(256)

Name of agent that performed the scan

directory_count

integer

integer

Number of directories in the scan