VMware ACE Management Server Administrator's Manual page 56

ACE Management Server Administrator's Manual

ACE, Package, Instance, Access, and UserData records are never deleted from the database. They are
marked as deleted with the deleted field set to TRUE, so that the previous information can be inspected
for audit purposes.

The guest and host operating system portions of the ACE policy set are stored in the
PolicyDb_RuntimePolicy table in respective fields as strings, if their size is less than 2000 bytes. If the
policy component exceeds 2000 bytes, the string is split in 2000‐byte chunks and stored in the
PolicyDb_LongField table. In this case, the value for the respective ExtKey field in the RuntimePolicy table
contains the foreign key pointing to the corresponding series of strings in the LongField table (see the
notes in the table definition).
The following is the database schema script.
/* Name – value pairs of service information, e.g. DB schema version number */
CREATE TABLE PolicyDb_MetaInfo (
name VARCHAR(128),
value VARCHAR(1024),
PRIMARY KEY(name));
/* This table holds data for guest and host policy sets, split in 2K chunks */
/* Select all fields for the key in the order of index and append strings together */
/* to reconstruct the policy set */
CREATE TABLE PolicyDb_LongField (
longFieldKey VARCHAR(128),
longFieldIndex INTEGER,
longFieldValue VARCHAR(2000),
sessionExpires VARCHAR(21),
PRIMARY KEY (longFieldKey, longFieldIndex));
/* ACE Master data */
CREATE TABLE PolicyDb_Ace (
aceUID VARCHAR(128),
aceName VARCHAR(128),
activePolicySetVersion INTEGER NOT NULL,
aceTsCreated VARCHAR(21) DEFAULT 0 NOT NULL,
aceTsLastModified VARCHAR(21) DEFAULT 0 NOT NULL,
deleted VARCHAR(7) DEFAULT 'FALSE',
PRIMARY KEY(aceUID));
/* Package data */
CREATE TABLE PolicyDb_Package (
packageUID VARCHAR(128),
aceUID VARCHAR(128) NOT NULL,
pkgName VARCHAR(128),
pkgUseValidDates VARCHAR(7)
DEFAULT 'FALSE' NOT NULL,
pkgValidDateStart VARCHAR(21) NOT NULL,
pkgValidDateEnd VARCHAR(21) NOT NULL,
pkgDisabled VARCHAR(7) DEFAULT 'FALSE' NOT NULL,
pkgProtectionKey VARCHAR(1024),
pkgPreview VARCHAR(7) DEFAULT 'FALSE' NOT NULL, /* Is preview package */
pkgTsCreated VARCHAR(21) DEFAULT 0 NOT NULL,
pkgTsLastModified VARCHAR(21) DEFAULT 0 NOT NULL, /* Last modified timestamp */
deleted VARCHAR(7) DEFAULT 'FALSE',
PRIMARY KEY(packageUID),
FOREIGN KEY(aceUID) REFERENCES PolicyDb_Ace(aceUID));
/* Access Control object data (single item of the list, associated with ACE Master)*/
CREATE TABLE PolicyDb_Access (
accessPK VARCHAR(128),
aceUID VARCHAR(128),
identityData VARCHAR(128),
accVersion INTEGER NOT NULL,
identityType INTEGER NOT NULL,
identityName VARCHAR(128),
accUseInstanceLimit VARCHAR(7)
56
/* Name of the name-value pair */
/* Value of the name-value pair */
/* Unique ID of the long field series */
/* Index in the series */
/* Up to 2000 chars of field value chunk */
/* Optional field for storing session blob */
/* Unique ID (primary key) */
/* Name of this ace */
/* Soft foreign key to active RT policy*/
/* Creation timestamp */
/* Last modified timestamp */
/* Is this entry deleted (tombstone) */
/* Unique ID (primary key) */
/* The ACE it belongs to. */
/* UI visible name. */
/* Use validity dates or always valid */
/* The package is valid from this date.*/
/* The package is valid till this date.*/
/* Is the package disabled */
/* The key used for package distribution */
/* Creation timestamp */
/* Is this entry deleted (tombstone) */
/* Unique ID (primary key) */
/* Ace for which this access policy is (FK)*/
/* Internal representation, SID in AD */
/* case, token value goes here. */
/* Access object version number */
/* AD User, Group, or Token Value */
/* UI visible user/group name in AD case */
VMware, Inc.