rbac and licenses

dbcreate.sql

@@ -44,26 +44,27 @@ GO
 -- DROP TABLE IF EXISTS dbo.ObjectSource;
 -- DROP TABLE IF EXISTS dbo.AuthenticationUAC;
 -- DROP TABLE IF EXISTS dbo.Vault;
-GO
+-- GO
 
 
 /* =========================================================
    CORE TABLES
 ========================================================= */
 CREATE TABLE dbo.Vault (
-	ID int IDENTITY(1,1) NOT NULL,
-	CustomerGUID uniqueidentifier NOT NULL,
-	Feature nvarchar(128) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
-	Payload nvarchar(MAX) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
-	Signature nvarchar(MAX) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
-	Active bit DEFAULT 1 NOT NULL,
-	ExpiresAt datetime NULL,
-	CreatedAt datetime DEFAULT getdate() NOT NULL,
-	UpdatedAt datetime DEFAULT getdate() NULL,
-	CONSTRAINT PK__Vault__3214EC275180843D PRIMARY KEY (ID)
+    ID INT IDENTITY(1,1) NOT NULL,
+    License_ID INT NOT NULL,
+    Customer_ID INT NOT NULL,
+    Signature NVARCHAR(512) NOT NULL,
+    EncryptedPayload VARBINARY(MAX) NOT NULL,
+    ExpiresAt DATETIME2 NULL,
+    Status_ID TINYINT NOT NULL,
+    LastVerifiedAt DATETIME2 NULL,
+    CreateDate DATETIME2 NOT NULL 
+        CONSTRAINT DF_Vault_CreateDate DEFAULT SYSDATETIME(),
+    CONSTRAINT PK_Vault PRIMARY KEY (ID),
+    CONSTRAINT CK_Vault_Status CHECK (Status_ID IN (0,1,2,3,4))
 );
 
-
 CREATE TABLE dbo.ObjectSource (
     ID INT IDENTITY(1,1) PRIMARY KEY,
     Name VARCHAR(100) NOT NULL UNIQUE
@@ -371,9 +372,10 @@ INSERT INTO dbo.EventLevels VALUES
 INSERT INTO dbo.[Role] (Name,Description,RoleType)
 VALUES ('ADMIN','System Administrators','SYSTEM');
 
-INSERT INTO dbo.Permission (Scope,Resource,Action)
-VALUES ('SYSTEM','ALL','ALL');
 
+INSERT INTO dbo.Permission (Scope,Resource,Action) VALUES 
+('SYSTEM','ALL','ALL')
+('SYSTEM','ALL','Default_Access')
 
 INSERT INTO dbo.RolePermissions
 SELECT r.ID, p.ID
@@ -382,6 +384,10 @@ JOIN dbo.Permission p ON p.Scope='SYSTEM'
 WHERE r.Name='ADMIN';
 
 
+INSERT INTO dbo.Group (ObjectGUID,Name,ObjectSource_ID) VALUES 
+('00000000-0000-0000-0000-000000000001','ADMINISTRATORS',1)
+('00000000-0000-0000-0000-000000000002','USERS',1);
+
 /* =========================================================
    ADMIN USER
 ========================================================= */
@@ -499,19 +505,28 @@ SELECT
     r.Description,
     r.RoleType,
 
-    COUNT(DISTINCT gr.Group_ObjectGUID) AS GroupCount,
-    COUNT(DISTINCT vau.ObjectGUID) AS UserCount
+    ISNULL(g.GroupCount, 0) AS GroupCount,
+    ISNULL(u.UserCount, 0) AS UserCount
 
-FROM dbo.Role AS r
+FROM dbo.Role r
 
-LEFT JOIN dbo.vAuthenticationRoles AS vau 
-    ON vau.Role_ID = r.ID
+-- 👥 Gruppen zählen
+LEFT JOIN (
+    SELECT 
+        Role_ID, 
+        COUNT(DISTINCT Group_ObjectGUID) AS GroupCount
+    FROM dbo.GroupRoles
+    GROUP BY Role_ID
+) g ON g.Role_ID = r.ID
 
-LEFT JOIN dbo.GroupRoles AS gr 
-    ON gr.Role_ID = r.ID
-
-GROUP BY 
-    r.ID, r.Name, r.Description, r.RoleType;
+-- 👤 NUR direkte User zählen (WICHTIG)
+LEFT JOIN (
+    SELECT 
+        Role_ID, 
+        COUNT(DISTINCT Authentication_ObjectGUID) AS UserCount
+    FROM dbo.AuthenticationRoles
+    GROUP BY Role_ID
+) u ON u.Role_ID = r.ID;
 GO
 
 
@@ -606,7 +621,7 @@ FROM            dbo.ObjectSource RIGHT OUTER JOIN
                          dbo.AuthenticationGroups AS ag ON dbo.[Group].ObjectGUID = ag.Group_ObjectGUID LEFT OUTER JOIN
                          dbo.GroupRoles AS gr ON dbo.[Group].ObjectGUID = gr.Group_ObjectGUID
 GROUP BY dbo.[Group].ObjectGUID, dbo.[Group].Name, dbo.ObjectSource.Name, dbo.[Group].distinguishedName
-
+GO
 
 -- ========================================================
 -- 9. BONUS: PERMISSION TRACE (WHY DOES USER HAVE THIS?)