Skip to content

SecureCloudDB User Data Model Documentation

Table of Contents

Top

protos/clouddb/wire/user.proto

DbUserHistory

Field Type Label Description
postgres PostgresHistory
mysql MySQLUserHistory
redshift RedshiftUserHistory
mariadb MariaDbUserHistory

MariaDbUserHistory

Field Type Label Description
users_table_snapshot MySQLUsersTable

MySQLUserHistory

Field Type Label Description
users_table_snapshot MySQLUsersTable

MySQLUsersTable

Field Type Label Description
username string User (together with Host makes up the unique identifier for this account.
host string Host (together with User makes up the unique identifier for this account.
password string Hashed password, generated by the PASSWORD() function.
select_priv YesNo Can perform SELECT statements.
insert_priv YesNo Can perform INSERT statements.
update_priv YesNo Can perform UPDATE statements.
delete_priv YesNo Can perform DELETE statements.
create_priv YesNo Can CREATE DATABASE's or CREATE TABLE's.
drop_priv YesNo Can DROP DATABASE's or DROP TABLE's.
reload_priv YesNo Can execute FLUSH statements or equivalent mysqladmin commands.
shutdown_priv YesNo Can shut down the server with SHUTDOWN or mysqladmin shutdown.
process_priv YesNo Can show information about active processes, via SHOW PROCESSLIST or mysqladmin processlist.
file_priv YesNo Read and write files on the server, using statements like LOAD DATA INFILE or functions like LOAD_FILE(). Also needed to create CONNECT outward tables. MariaDB server must have permission to access those files.
grant_priv YesNo User can grant privileges they possess.
index_priv YesNo Can create an index on a table using the CREATE INDEX statement. Without the INDEX privilege, user can still create indexes when creating a table using the CREATE TABLE statement if the user has have the CREATE privilege, and user can create indexes using the ALTER TABLE statement if they have the ALTER privilege.
alter_priv YesNo Can perform ALTER TABLE statements.
show_db_priv YesNo Can list all databases using the SHOW DATABASES statement. Without the SHOW DATABASES privilege, user can still issue the SHOW DATABASES statement, but it will only list databases containing tables on which they have privileges.
super_priv YesNo Can execute superuser statements: CHANGE MASTER TO, KILL (users who do not have this privilege can only KILL their own threads), PURGE LOGS, SET global system variables, or the mysqladmin debug command. Also, this permission allows the user to write data even if the read_only startup option is set, enable or disable logging, enable or disable replication on slaves, specify a DEFINER for statements that support that clause, connect once after reaching the MAX_CONNECTIONS. If a statement has been specified for the init-connect mysqld option, that command will not be executed when a user with SUPER privileges connects to the server.
create_temp_table_priv YesNo Can create temporary tables with the CREATE TEMPORARY TABLE statement.
lock_tables_priv YesNo Acquire explicit locks using the LOCK TABLES statement; user also needs to have the SELECT privilege on a table in order to lock it.
execute_priv YesNo Can execute stored procedure or functions.
repl_slave_priv YesNo Accounts used by slave servers on the master need this privilege. This is needed to get the updates made on the master.
repl_client_priv YesNo Can execute SHOW MASTER STATUS and SHOW SLAVE STATUS statements.
create_view_priv YesNo Can create a view using the CREATE_VIEW statement.
show_view_priv YesNo Can show the CREATE VIEW statement to create a view using the SHOW CREATE VIEW statement.
create_routine_priv YesNo Can create stored programs using the CREATE PROCEDURE and CREATE FUNCTION statements.
alter_routine_priv YesNo Can change the characteristics of a stored function using the ALTER FUNCTION statement.
create_user_priv YesNo Can create a user using the CREATE USER statement, or implicitly create a user with the GRANT statement.
event_priv YesNo Create, drop and alter events.
trigger_priv YesNo Can execute triggers associated with tables the user updates, execute the CREATE TRIGGER and DROP TRIGGER statements.
create_tablespace_priv YesNo no docs
delete_history_priv YesNo Can delete rows created through system versioning.
ssl_type string TLS type - see TLS options (https://mariadb.com/kb/en/grant/#per-account-tls-options)
ssl_cipher bytes TLS cipher - see TLS options.
x509_issuer bytes X509 cipher - see TLS options.
x509_subject bytes SSL subject - see TLS options.
max_questions int32 Number of queries the user can perform per hour. Zero is unlimited. See per-account resource limits.
max_updates int32 Number of updates the user can perform per hour. Zero is unlimited. See per-account resource limits.
max_connections int32 Number of connections the account can start per hour. Zero is unlimited. See per-account resource limits.
max_user_connections int32 Number of simultaneous connections the account can have. Zero is unlimited. See per-account resource limits.
plugin string Authentication plugin used on connection. If empty, uses the default.
authentication_plugin string Authentication string for the authentication plugin.
password_expired YesNo MySQL-compatibility option, not implemented in MariaDB.
is_role YesNo Whether the user is a role.
default_role string Role which will be enabled on user login automatically.
max_statement_time double If non-zero, how long queries can run before being killed automatically.

PostgresHistory

Field Type Label Description
roles PostgresHistory.PgRoles repeated

PostgresHistory.PgRoles

Field Type Label Description
rolname string Role name
rolsuper bool Role has superuser privileges
rolinherit bool Role automatically inherits privileges of roles it is a member of
rolcreaterole bool Role can create more roles
rolcreatedb bool Role can create databases
rolcanlogin bool Role can log in. That is, this role can be given as the initial session authorization identifier
rolreplication bool Role is a replication role. A replication role can initiate replication connections and create and drop replication slots.
rolconnlimit int32 For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit.
rolvaliduntil google.protobuf.Timestamp Password expiry time (only used for password authentication); null if no expiration
rolbypassrls bool Role bypasses every row level security policy, see Section 5.7 for more information.
rolconfigs string repeated Role-specific defaults for run-time configuration variables
oid int32

RedshiftUserHistory

Field Type Label Description
pg_history PostgresHistory

YesNo

Name Number Description
UNSET 0
YES 1
NO 2

Scalar Value Types

.proto Type Notes C++ Java Python Go C# PHP Ruby
double double double float float64 double float Float
float float float float float32 float float Float
int32 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. int32 int int int32 int integer Bignum or Fixnum (as required)
int64 Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. int64 long int/long int64 long integer/string Bignum
uint32 Uses variable-length encoding. uint32 int int/long uint32 uint integer Bignum or Fixnum (as required)
uint64 Uses variable-length encoding. uint64 long int/long uint64 ulong integer/string Bignum or Fixnum (as required)
sint32 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. int32 int int int32 int integer Bignum or Fixnum (as required)
sint64 Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. int64 long int/long int64 long integer/string Bignum
fixed32 Always four bytes. More efficient than uint32 if values are often greater than 2^28. uint32 int int uint32 uint integer Bignum or Fixnum (as required)
fixed64 Always eight bytes. More efficient than uint64 if values are often greater than 2^56. uint64 long int/long uint64 ulong integer/string Bignum
sfixed32 Always four bytes. int32 int int int32 int integer Bignum or Fixnum (as required)
sfixed64 Always eight bytes. int64 long int/long int64 long integer/string Bignum
bool bool boolean boolean bool bool boolean TrueClass/FalseClass
string A string must always contain UTF-8 encoded or 7-bit ASCII text. string String str/unicode string string string String (UTF-8)
bytes May contain any arbitrary sequence of bytes. string ByteString str []byte ByteString string String (ASCII-8BIT)