rbac build
This commit is contained in:
200
dbcreate.sql
200
dbcreate.sql
@@ -260,6 +260,9 @@ JOIN dbo.RolePermissions rp ON rp.Role_ID = r.Role_ID
|
||||
JOIN dbo.Permission p ON p.ID = rp.Permission_ID;
|
||||
GO
|
||||
|
||||
|
||||
|
||||
|
||||
/* =========================================================
|
||||
FIXED vEventLog (SEQUELIZE MATCH + SYSTEM FIX)
|
||||
========================================================= */
|
||||
@@ -412,4 +415,199 @@ SELECT
|
||||
'00000000-0000-0000-0000-000000000001',
|
||||
ID
|
||||
FROM dbo.[Role]
|
||||
WHERE Name='ADMIN';
|
||||
WHERE Name='ADMIN';
|
||||
GO
|
||||
|
||||
/* =========================================================
|
||||
EXTENDED RBAC VIEWS
|
||||
========================================================= */
|
||||
|
||||
-- ========================================================
|
||||
-- 1. USER GROUPS (DIRECT + INHERITED)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vAuthenticationGroupsExpanded AS
|
||||
SELECT
|
||||
ag.Authentication_ObjectGUID,
|
||||
g.ObjectGUID AS GroupGUID,
|
||||
g.Name AS GroupName,
|
||||
'DIRECT' AS Source
|
||||
FROM dbo.AuthenticationGroups ag
|
||||
JOIN dbo.[Group] g
|
||||
ON g.ObjectGUID = ag.Group_ObjectGUID
|
||||
|
||||
UNION ALL
|
||||
|
||||
SELECT
|
||||
ag.Authentication_ObjectGUID,
|
||||
gc.ParentGroup_ObjectGUID,
|
||||
g.Name,
|
||||
'INHERITED'
|
||||
FROM dbo.AuthenticationGroups ag
|
||||
JOIN dbo.GroupClosure gc
|
||||
ON gc.ChildGroup_ObjectGUID = ag.Group_ObjectGUID
|
||||
JOIN dbo.[Group] g
|
||||
ON g.ObjectGUID = gc.ParentGroup_ObjectGUID;
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 2. ROLES (DIRECT + GROUP + HIERARCHY)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vAuthenticationRolesExpanded AS
|
||||
SELECT
|
||||
ar.Authentication_ObjectGUID,
|
||||
ar.Role_ID,
|
||||
r.Name AS RoleName,
|
||||
'DIRECT' AS Source
|
||||
FROM dbo.AuthenticationRoles ar
|
||||
JOIN dbo.[Role] r
|
||||
ON r.ID = ar.Role_ID
|
||||
|
||||
UNION ALL
|
||||
|
||||
SELECT
|
||||
ag.Authentication_ObjectGUID,
|
||||
gr.Role_ID,
|
||||
r.Name,
|
||||
'GROUP'
|
||||
FROM dbo.AuthenticationGroups ag
|
||||
JOIN dbo.GroupRoles gr
|
||||
ON gr.Group_ObjectGUID = ag.Group_ObjectGUID
|
||||
JOIN dbo.[Role] r
|
||||
ON r.ID = gr.Role_ID
|
||||
|
||||
UNION ALL
|
||||
|
||||
SELECT
|
||||
ag.Authentication_ObjectGUID,
|
||||
gr.Role_ID,
|
||||
r.Name,
|
||||
'GROUP_INHERITED'
|
||||
FROM dbo.AuthenticationGroups ag
|
||||
JOIN dbo.GroupClosure gc
|
||||
ON gc.ChildGroup_ObjectGUID = ag.Group_ObjectGUID
|
||||
JOIN dbo.GroupRoles gr
|
||||
ON gr.Group_ObjectGUID = gc.ParentGroup_ObjectGUID
|
||||
JOIN dbo.[Role] r
|
||||
ON r.ID = gr.Role_ID;
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 3. EFFECTIVE ROLES (DEDUPLICATED)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vAuthenticationEffectiveRoles AS
|
||||
SELECT DISTINCT
|
||||
Authentication_ObjectGUID,
|
||||
Role_ID,
|
||||
RoleName
|
||||
FROM dbo.vAuthenticationRolesExpanded;
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 4. PERMISSIONS (DETAILED WITH ROLE SOURCE)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vAuthenticationPermissionsDetailed AS
|
||||
SELECT
|
||||
r.Authentication_ObjectGUID,
|
||||
r.Role_ID,
|
||||
r.RoleName,
|
||||
p.Scope,
|
||||
p.Resource,
|
||||
p.Action,
|
||||
CONCAT(p.Scope,'.',p.Resource,'.',p.Action) AS PermissionKey
|
||||
FROM dbo.vAuthenticationRolesExpanded r
|
||||
JOIN dbo.RolePermissions rp
|
||||
ON rp.Role_ID = r.Role_ID
|
||||
JOIN dbo.Permission p
|
||||
ON p.ID = rp.Permission_ID;
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 5. PERMISSION MATRIX (FAST LOOKUP)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vPermissionMatrix AS
|
||||
SELECT DISTINCT
|
||||
Authentication_ObjectGUID,
|
||||
CONCAT(Scope,'.',Resource,'.',Action) AS PermissionKey
|
||||
FROM dbo.vAuthenticationPermissionsDetailed;
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 6. GROUP ROLES OVERVIEW
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vGroupRolesDetailed AS
|
||||
SELECT
|
||||
g.ObjectGUID,
|
||||
g.Name AS GroupName,
|
||||
r.ID AS Role_ID,
|
||||
r.Name AS RoleName
|
||||
FROM dbo.GroupRoles gr
|
||||
JOIN dbo.[Group] g
|
||||
ON g.ObjectGUID = gr.Group_ObjectGUID
|
||||
JOIN dbo.[Role] r
|
||||
ON r.ID = gr.Role_ID;
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 7. GROUP HIERARCHY (READABLE)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vGroupHierarchyReadable AS
|
||||
SELECT
|
||||
parent.ObjectGUID AS ParentGroupGUID,
|
||||
parent.Name AS ParentGroupName,
|
||||
child.ObjectGUID AS ChildGroupGUID,
|
||||
child.Name AS ChildGroupName,
|
||||
gc.Depth
|
||||
FROM dbo.GroupClosure gc
|
||||
JOIN dbo.[Group] parent
|
||||
ON parent.ObjectGUID = gc.ParentGroup_ObjectGUID
|
||||
JOIN dbo.[Group] child
|
||||
ON child.ObjectGUID = gc.ChildGroup_ObjectGUID;
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 8. USER OVERVIEW (ADMIN DASHBOARD)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vAuthenticationOverview AS
|
||||
SELECT a.ObjectGUID, a.sAMAccountName, a.mail, a.givenName, a.sn, a.active, a.online, COUNT(DISTINCT r.Role_ID) AS RoleCount, COUNT(DISTINCT g.GroupGUID) AS GroupCount, a.title, a.department, a.streetAddress,
|
||||
a.telephoneNumber, a.physicalDeliveryOfficeName, a.distinguishedName, dbo.ObjectSource.Name AS ObjectSourceName
|
||||
FROM dbo.Authentication AS a LEFT OUTER JOIN
|
||||
dbo.ObjectSource ON a.ObjectSource_ID = dbo.ObjectSource.ID LEFT OUTER JOIN
|
||||
dbo.vAuthenticationRolesExpanded AS r ON r.Authentication_ObjectGUID = a.ObjectGUID LEFT OUTER JOIN
|
||||
dbo.vAuthenticationGroupsExpanded AS g ON g.Authentication_ObjectGUID = a.ObjectGUID
|
||||
GROUP BY a.ObjectGUID, a.sAMAccountName, a.mail, a.givenName, a.sn, a.active, a.online, a.title, a.department, a.streetAddress, a.telephoneNumber, a.physicalDeliveryOfficeName, a.distinguishedName, dbo.ObjectSource.Name
|
||||
GO
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 8.1. GROUP OVERVIEW (ADMIN DASHBOARD)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vGroupOverview AS
|
||||
SELECT dbo.[Group].ObjectGUID, dbo.[Group].Name, COUNT(DISTINCT ag.Authentication_ObjectGUID) AS UserCount, COUNT(DISTINCT gr.Role_ID) AS RoleCount, dbo.ObjectSource.Name AS ObjectSourceName,
|
||||
dbo.[Group].distinguishedName
|
||||
FROM dbo.ObjectSource RIGHT OUTER JOIN
|
||||
dbo.[Group] ON dbo.ObjectSource.ID = dbo.[Group].ObjectSource_ID LEFT OUTER JOIN
|
||||
dbo.AuthenticationGroups AS ag ON dbo.[Group].ObjectGUID = ag.Group_ObjectGUID LEFT OUTER JOIN
|
||||
dbo.GroupRoles AS gr ON dbo.[Group].ObjectGUID = gr.Group_ObjectGUID
|
||||
GROUP BY dbo.[Group].ObjectGUID, dbo.[Group].Name, dbo.ObjectSource.Name, dbo.[Group].distinguishedName
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- 9. BONUS: PERMISSION TRACE (WHY DOES USER HAVE THIS?)
|
||||
-- ========================================================
|
||||
CREATE OR ALTER VIEW dbo.vPermissionTrace AS
|
||||
SELECT
|
||||
apd.Authentication_ObjectGUID,
|
||||
apd.RoleName,
|
||||
apd.Scope,
|
||||
apd.Resource,
|
||||
apd.Action,
|
||||
apd.PermissionKey
|
||||
FROM dbo.vAuthenticationPermissionsDetailed apd;
|
||||
GO
|
||||
Reference in New Issue
Block a user