IBM Security Privileged Identity Manager, Version 2.0
Shared access tables
IBM® Security Privileged Identity Manager creates and
uses these database tables to store information related to Shared Access Management.
ERCREDENTIALLEASE table
The ERCREDENTIALLEASE3 table
stores the lease information for a checked out credential. If a credential
is checked out as a pool member, the table also stores the pool information.
DB_REPLICATION_CONFIG table
The DB_REPLICATION_CONFIG3 table
stores mapping information of the LDAP object replicated to the database
table.
SA_BULK_LOAD table
The SA_BULK_LOAD3 table stores
the shared access batch load request data.
SA_EVAL_CRED_TAG table
The SA_EVAL_CRED_TAG3 table
stores the credential tag information.
SA_CREDPOOL_DESCRIPTION table
The SA_CREDPOOL_DESCRIPTION3 table
stores the description of a credential pool. Each credential pool
might have zero or multiple descriptions.
SA_CREDPOOL_GROUP table
The SA_CREDPOOL_GROUP3 table
stores the group definition of a credential pool. Each credential
pool might consist of one or multiple groups.
SA_CREDPOOL_OWNER table
The SA_CREDPOOL_OWNER3 table
stores the owner of a credential pool. Each credential pool might
have zero or multiple owners. A pool owner can be an organizational
role or a person.
SA_EVALUATION_BU table
The SA_EVALUATION_BU3 table
stores organizational container information.
SA_EVALUATION_BU_HIERARCHY table
The SA_EVALUATION_BU_HIERARCHY3 table stores the flattened organizational container
hierarchy tree.
SA_EVALUATION_CREDENTIAL table
The SA_EVALUATION_CREDENTIAL3 table
stores credential information relevant to shared access authorization
evaluation.
SA_EVAL_CRED_DESCRIPTION table
The SA_EVAL_CRED_DESCRIPTION3 table
stores the description of a credential. Each credential might have
zero or multiple descriptions.
SA_EVALUATION_CREDENTIAL_POOL table
The SA_ EVALUATION_CREDENTIAL_POOL3 table
stores credential pool information relevant to shared access authorization
evaluation.
SA_EVALUATION_SERVICE table
The SA_EVALUATION_SERVICE3 table
stores service, which contains either credentials in the vault or
credential pools. This table stores only the service information relevant
to shared access authorization evaluation.
SA_EVALUATION_SERVICE_TAG table
The SA_EVALUATION_SERVICE_TAG3 table
stores the service tag information for services stored in SA_EVALUATION_SERVICE or SA_VAULT_SERVICE.
Each service might have zero or multiple tags.
SA_GLOBAL_CONFIGURATION table
The SA_GLOBAL_CONFIGURATION3 table
stores information about the shared access global configuration settings.
This table has only one row.
SA_POLICY table
The SA_POLICY3 table stores
shared access policy information.
SA_POLICY_DESCRIPTION table
The SA_POLICY_DESCRIPTION3 table
stores the description of a shared access policy. Each policy might
have zero or multiple descriptions.
SA_POLICY_ENTITLEMENT table
The SA_POLICY_ENTITLEMENT3 table
stores the shared access policy entitlements. Each policy might have
one or multiple entitlements.
SA_POLICY_ERURI table
The SA_POLICY_ERURI3 table
stores the universal resource identifier of a shared access policy.
Each policy might have zero or multiple universal resource identifiers.
SA_POLICY_MEMBERSHIP table
The SA_POLICY_MEMBERSHIP3 table
stores the shared access policy memberships. Each policy might have
one or multiple memberships.
SA_VAULT_SERVICE table
The SA_VAULT_SERVICE4 table
stores credential service information.
SA_VAULT_SERVICE_ALIAS table
The SA_VAULT_SERVICE_ALIAS4 table
stores the credential service aliases. Each credential service might
have zero or multiple aliases.
SYNCH_OBJECT_LOCK table
The SYNCH_OBJECT_LOCK3 table
is used for locking objects during update to prevent data replication
target object out of synch with the replication source.
V_AUTHORIZED_CREDENTIALS view
The V_AUTHORIZED_CREDENTIALS3 view returns the authorized
credentials by policy, role, and entitlement.
V_AUTHORIZED_CREDENTIALPOOLS view
The V_AUTHORIZED_CREDENTIALPOOLS3 view returns the
authorized credential pools by policy, role, and
entitlement.
V_SA_EVALUATION_SERVICE view
The V_SA_EVALUATION_SERVICE4 view
returns the union of SA_EVALUATION_SERVICE and SA_VAULT_SERVICE.