Permissions (RESOURCEACLHISTORY Table)

When resource ACLs are modified, all the ACLs are assigned the same time stamp so that they are identified as one complete set. The timestamp is the only way to identify a set.

The history table maintains the full set of permissions associated with the member or role. Set keys are RESOURCETYPE, GRANTEEID, and MODDATE.

To find out permissions granted to a resource, identify one complete set of permissions using RESOURCETYPE, GRANTEEID, and MODDATE. Select the set which has same time stamp for a GRANTEEID and RESOURCETYPE. This set represents the total permissions for the grantee of that resource type. As "Create permissions" are stored with resource ID = 0, you can have two resource IDs in this set, that is, 0 and the specific resource ID.

When permissions are deleted for a grantee through the UI, the existing set is added to the history table with active = N. In this case, the history table has the corresponding deleted entries as the trigger is also fired for an update. However, when permissions are changed, permissions are deleted and re-added. In this case, the history table only has the new set.