From 2740d4927c42fb66b44fcdbfb55cafa07ae8b928 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Mon, 22 Nov 2021 18:45:01 +0530 Subject: [PATCH 01/34] Added page to describe the configurations to secure your cluster --- .../release/overview/03_security/01_securing_your_cluster.mdx | 4 ++++ .../overview/{03_security.mdx => 03_security/index.mdx} | 0 2 files changed, 4 insertions(+) create mode 100644 product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx rename product_docs/docs/biganimal/release/overview/{03_security.mdx => 03_security/index.mdx} (100%) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx new file mode 100644 index 00000000000..d5394b0f0c5 --- /dev/null +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -0,0 +1,4 @@ +--- +title: "Securing your cluster" +--- + diff --git a/product_docs/docs/biganimal/release/overview/03_security.mdx b/product_docs/docs/biganimal/release/overview/03_security/index.mdx similarity index 100% rename from product_docs/docs/biganimal/release/overview/03_security.mdx rename to product_docs/docs/biganimal/release/overview/03_security/index.mdx From 747ed9570c67e2c6d74cbfb566e6632dcf65b251 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Wed, 1 Dec 2021 12:31:44 +0530 Subject: [PATCH 02/34] Added a stub --- .../overview/03_security/01_securing_your_cluster.mdx | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index d5394b0f0c5..37ce245d600 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -2,3 +2,10 @@ title: "Securing your cluster" --- +Azure policies enforce conditions for resources that you create in your subscription. To enable BigAnimal to + +For the smooth functioning of BigAnimal with Azure, you need to define an Azure Policy to. These rules enforce +- Security practices +- BigAnimal-specific rules (like naming or locations) for your organization, here are the configurations that EDB needs + +Requirement by BigAnimal From 267c8ce8dae60d64bc98eec2a9814b1fc05e50cd Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Fri, 3 Dec 2021 00:39:42 +0530 Subject: [PATCH 03/34] Created a structure for Securing you cluster page Fleshing out the details --- .../03_security/01_securing_your_cluster.mdx | 174 +++++++++++++++++- 1 file changed, 169 insertions(+), 5 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index 37ce245d600..accbe08d324 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -2,10 +2,174 @@ title: "Securing your cluster" --- -Azure policies enforce conditions for resources that you create in your subscription. To enable BigAnimal to +Azure Security Center helps assess and enforce BigAnimal's security requirements across the resources used to deploy your clusters. -For the smooth functioning of BigAnimal with Azure, you need to define an Azure Policy to. These rules enforce -- Security practices -- BigAnimal-specific rules (like naming or locations) for your organization, here are the configurations that EDB needs -Requirement by BigAnimal +# Configure the default Azure Security Center (ASC) policy + +Before deploying your clusters, EDB recommends that you perform the following steps in each of your Azure subscriptions: + +## Configure the default Azure Security Center (ASC) policy + +Define the parameters in your default ASC policy to ensure that your resources are compliant with BigAnimal's security requirements. + +#### Allowed container ports list +BigAnimal runs containers using these ports: + * 5432 + * 9187 + * 8000 + * 9000 + * 9443 + * 9402 + * 10250 + * 9090 + * 8080 + * 8443 + * 2020 + * 3000 + * 6443 + * 9100 + * 9102 + * 9201 + * 8081 + +#### Recommended Allowed service ports list + +BigAnimal runs containers using these services ports: + * 5432 + * 9402 + * 443 + * 8080 + * 9090 + * 3000 + * 8443 + * 9443 + * 9100 + * 9201 + + +#### Recommended Allowed AppArmor profiles + +BigAnimal uses AppArmor's default profile: + * runtime/default + +#### Recommended Allowed capabilities + +BigAnimal runs containers with minimum security capabilities only required to implement data plane functionality such as logging functionality. + + * FOWNER + +#### Recommended Max allowed memory bytes in Kubernetes cluster + +BigAnimal runs containers with a maximum allowed memory bytes of 6Gi. + +#### Recommended Max allowed CPU units in Kubernetes cluster + +BigAnimal runs containers with a maximum of two allowed CPU units 2. + +#### Recommended Allowed host paths + +BigAnimal uses the following hotpaths in its containers: + +``` +{ + "paths": [ + { + "pathPrefix": "/var/log", + "readOnly": false + }, + { + "pathPrefix": "/var/lib/docker/containers", + "readOnly": true + }, + { + "pathPrefix": "/", + "readOnly": true + }, + { + "pathPrefix": "/sys", + "readOnly": true + }, + { + "pathPrefix": "/proc", + "readOnly": true + }, + { + "pathPrefix": "/var/run/docker.sock", + "readOnly": false + }, + { + "pathPrefix": "/run/containerd/containerd.sock", + "readOnly": false + }, + { + "pathPrefix": "/dev", + "readOnly": false + }, + { + "pathPrefix": "/boot", + "readOnly": true + }, + { + "pathPrefix": "/lib/modules", + "readOnly": false + }, + { + "pathPrefix": "/usr", + "readOnly": true + }, + { + "pathPrefix": "/etc", + "readOnly": true + } + ] +} +``` +#### To configure the ASC policy parameters + +1. Launch the Azure Policy service in the Azure portal by searching for and selecting the *Policy* service in the search box at the top. + +1. Select **Assignments** on the left side of the Azure Policy page. + +1. Select **Assign Policy** from the top of the Policy - Assignments page. + +1. On the Assign Policy page, set the Scope by selecting the ellipsis and then selecting the applicable subscription. A scope determines what resources or grouping of resources the policy assignment gets enforced on. Then use the **Select** button at the bottom of the Scope page. + +1. Select the Policy definition ellipsis to open the list of available definitions. Azure Policy comes with built-in policy definitions you can use. Many are available, such as: + - Enforce tag and its value + - Apply tag and its value + - Inherit a tag from the resource group if missing + - For a partial list of available built-in policies, see Azure Policy samples. + +1. Search through the policy definitions list to find the ASC policy policy definition you need. Select that policy and then use the Select button. + +1. The Assignment name is automatically populated with the policy name you selected, but you can change it. For this example. You can also add an optional Description. The description provides details about this policy assignment. Assigned by will automatically fill based on who is logged in. This field is optional, so custom values can be entered. + +1. Leave policy enforcement Enabled. For more information, see Policy assignment - enforcement mode. + +1. Select Next at the bottom of the page or the Parameters tab at the top of the page to move to the next segment of the assignment wizard. + +1. If the policy definition selected on the Basics tab included parameters, they are configured on this tab. Since the Audit VMs that do not use managed disks has no parameters, select Next at the bottom of the page or the Remediation tab at the top of the page to move to the next segment of the assignment wizard. + +1. Leave Create a Managed Identity unchecked. This box must be checked when the policy or initiative includes a policy with either the deployIfNotExists or modify effect. As the policy used for this quickstart doesn't, leave it blank. For more information, see managed identities and how remediation security works. + +1. Select Next at the bottom of the page or the Non-compliance messages tab at the top of the page to move to the next segment of the assignment wizard. + +1. Set the Non-compliance message to Virtual machines should use a managed disk. This custom message is displayed when a resource is denied or for non-compliant resources during regular evaluation. + +1. Select Next at the bottom of the page or the Review + Create tab at the top of the page to move to the next segment of the assignment wizard. + +1. Review the selected options, then select Create at the bottom of the page. + +## Remediate non-compliant resources + +You're now ready to identify non-compliant resources to understand the compliance state of the resources in your subscription. + +Select Compliance in the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under Non-compliant resources. + +When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant. + + +# Security scores and alerts + +This section provides information to help you understand and improve your current security using secure scores and alerts. \ No newline at end of file From 74b3b1f1e5048001701cdea97dba1813d95707b2 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Thu, 9 Dec 2021 18:03:14 +0530 Subject: [PATCH 04/34] Adding colour to the structure and preparing queries for developer due to lack of access to build --- .../03_security/01_securing_your_cluster.mdx | 138 +++++++++--------- 1 file changed, 72 insertions(+), 66 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index accbe08d324..21a4237cb4e 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -2,76 +2,67 @@ title: "Securing your cluster" --- -Azure Security Center helps assess and enforce BigAnimal's security requirements across the resources used to deploy your clusters. +To harden security in you cluster, EDB recommends that you restict all resources to the following requirements: +##### Allowed container ports list -# Configure the default Azure Security Center (ASC) policy - -Before deploying your clusters, EDB recommends that you perform the following steps in each of your Azure subscriptions: - -## Configure the default Azure Security Center (ASC) policy - -Define the parameters in your default ASC policy to ensure that your resources are compliant with BigAnimal's security requirements. - -#### Allowed container ports list BigAnimal runs containers using these ports: - * 5432 - * 9187 - * 8000 - * 9000 - * 9443 - * 9402 - * 10250 - * 9090 - * 8080 - * 8443 - * 2020 - * 3000 - * 6443 - * 9100 - * 9102 - * 9201 - * 8081 - -#### Recommended Allowed service ports list - -BigAnimal runs containers using these services ports: - * 5432 - * 9402 - * 443 - * 8080 - * 9090 - * 3000 - * 8443 - * 9443 - * 9100 - * 9201 +* 5432 +* 9187 +* 8000 +* 9000 +* 9443 +* 9402 +* 10250 +* 9090 +* 8080 +* 8443 +* 2020 +* 3000 +* 6443 +* 9100 +* 9102 +* 9201 +* 8081 + +##### Allowed service ports list -#### Recommended Allowed AppArmor profiles +BigAnimal runs containers using these services ports: -BigAnimal uses AppArmor's default profile: - * runtime/default +* 5432 +* 9402 +* 443 +* 8080 +* 9090 +* 3000 +* 8443 +* 9443 +* 9100 +* 9201 -#### Recommended Allowed capabilities +##### Allowed AppArmor profiles -BigAnimal runs containers with minimum security capabilities only required to implement data plane functionality such as logging functionality. +BigAnimal uses AppArmor's *runtime/default* default profile. + +##### Allowed capabilities - * FOWNER +BigAnimal runs containers with minimum security capabilities of *FOWNER*, which is only required to implement data plane functionality such as logging. -#### Recommended Max allowed memory bytes in Kubernetes cluster +##### Max allowed memory bytes in Kubernetes cluster -BigAnimal runs containers with a maximum allowed memory bytes of 6Gi. +BigAnimal runs containers with maximum allowed memory bytes of 6Gi. -#### Recommended Max allowed CPU units in Kubernetes cluster +##### Recommended Max allowed CPU units in Kubernetes cluster BigAnimal runs containers with a maximum of two allowed CPU units 2. -#### Recommended Allowed host paths +##### Recommended Allowed host paths BigAnimal uses the following hotpaths in its containers: -``` +```js + { "paths": [ { @@ -124,8 +115,16 @@ BigAnimal uses the following hotpaths in its containers: } ] } + ``` -#### To configure the ASC policy parameters + +## Remediate resources in your cluster + +Azure Security Center (ASC) helps assess and enforce BigAnimal's security requirements across the resources used to deploy your clusters. + +### To configure the default ASC policy + +Perform the following steps in each of your Azure subscriptions: 1. Launch the Azure Policy service in the Azure portal by searching for and selecting the *Policy* service in the search box at the top. @@ -136,40 +135,47 @@ BigAnimal uses the following hotpaths in its containers: 1. On the Assign Policy page, set the Scope by selecting the ellipsis and then selecting the applicable subscription. A scope determines what resources or grouping of resources the policy assignment gets enforced on. Then use the **Select** button at the bottom of the Scope page. 1. Select the Policy definition ellipsis to open the list of available definitions. Azure Policy comes with built-in policy definitions you can use. Many are available, such as: - - Enforce tag and its value - - Apply tag and its value - - Inherit a tag from the resource group if missing - - For a partial list of available built-in policies, see Azure Policy samples. + * Enforce tag and its value + * Apply tag and its value + * Inherit a tag from the resource group if missing + * For a partial list of available built-in policies, see Azure Policy samples. -1. Search through the policy definitions list to find the ASC policy policy definition you need. Select that policy and then use the Select button. +1. Search through the policy definitions list to find the ASC policy definition you need. Select that policy and then click the **Select** button. -1. The Assignment name is automatically populated with the policy name you selected, but you can change it. For this example. You can also add an optional Description. The description provides details about this policy assignment. Assigned by will automatically fill based on who is logged in. This field is optional, so custom values can be entered. +1. The Assignment name is automatically populated with the policy name you selected, but you can change it. + For this example, You can also add an optional Description. The description provides details about this policy assignment. Assigned by will automatically fill based on who is logged in. This field is optional, so custom values can be entered. 1. Leave policy enforcement Enabled. For more information, see Policy assignment - enforcement mode. 1. Select Next at the bottom of the page or the Parameters tab at the top of the page to move to the next segment of the assignment wizard. -1. If the policy definition selected on the Basics tab included parameters, they are configured on this tab. Since the Audit VMs that do not use managed disks has no parameters, select Next at the bottom of the page or the Remediation tab at the top of the page to move to the next segment of the assignment wizard. +1. Configure the parameters in your default ASC policy to only allow BigAnimal's requirements. + +1. To remediate non-compliant resources, select Next at the bottom of the page or the Remediation tab at the top of the page to move to the next segment of the assignment wizard. See + +### To remediate non-compliant resources + +Once you have modified the default ASC policy definition parameters, ensure that your resources are compliant with BigAnimal's security requirements from Remediation tab of the assignment wizard. Perform the following steps: 1. Leave Create a Managed Identity unchecked. This box must be checked when the policy or initiative includes a policy with either the deployIfNotExists or modify effect. As the policy used for this quickstart doesn't, leave it blank. For more information, see managed identities and how remediation security works. 1. Select Next at the bottom of the page or the Non-compliance messages tab at the top of the page to move to the next segment of the assignment wizard. -1. Set the Non-compliance message to Virtual machines should use a managed disk. This custom message is displayed when a resource is denied or for non-compliant resources during regular evaluation. +1. Set the Non-compliance message to **TBD** . This custom message is displayed when a resource is denied or for non-compliant resources during regular evaluation. 1. Select Next at the bottom of the page or the Review + Create tab at the top of the page to move to the next segment of the assignment wizard. 1. Review the selected options, then select Create at the bottom of the page. -## Remediate non-compliant resources +You're now ready to montor and identify non-compliant resources to understand the compliance state of the resources in your subscription. -You're now ready to identify non-compliant resources to understand the compliance state of the resources in your subscription. - -Select Compliance in the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under Non-compliant resources. +Select Compliance in the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under non-compliant resources. When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant. # Security scores and alerts -This section provides information to help you understand and improve your current security using secure scores and alerts. \ No newline at end of file +Azure's secure score is based on the [Azure Security Benchmark](https://docs.microsoft.com/en-us/azure/security/benchmarks/introduction), and helps you understand and improve your current security using secure scores and alerts. + +To increase your security, review Azure Security Center's recommendations page for the outstanding actions necessary to raise your score. See this section for information on why you might be seeing a particular alert and whether you can take steps to improve the security in your cluster. \ No newline at end of file From a1ab8341016cb90087cb09f4a8f9d342863a3630 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Wed, 19 Jan 2022 14:07:31 +0530 Subject: [PATCH 05/34] Create a plan on how to proceed based on Ben's comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The plan: I have added the last paragraph in Security page introducing the user to the children pages, which provide details on how the user can further harden security. So my recommended structure for the pages is as follows: Security Enforcing ASC policy definitions Reviewing ASC recommendations For Enforcing ASC policy definitions: There is some content added in that page, which needs a lot of polishing. We probably need to refine the exact steps on how the user can: 1. Configure ASC policy definitions 2. Remediate non-compliant resources For Reviewing ASC recommendations: This page will contain the information under security recommendations listed under “Restrict unauthorised network access“ in Azure Security Center Recommendation. Ben’s comments to my queries will be a great help. --- .../03_security/01_securing_your_cluster.mdx | 21 +++++++------------ .../02_reviewing_asc_recommendations.mdx | 5 +++++ .../release/overview/03_security/index.mdx | 4 ++++ 3 files changed, 16 insertions(+), 14 deletions(-) create mode 100644 product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index 21a4237cb4e..dbe27f8721b 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -1,8 +1,9 @@ --- -title: "Securing your cluster" +title: "Enforcing ASC policy definitions" --- -To harden security in you cluster, EDB recommends that you restict all resources to the following requirements: +You can use an Azure policy definition to create and enforce rules about specific security conditions. Use the built in ASC policy definition in your subscription to configure parameters such as allowed container ports, maximum allowed memory bytes in a kubernetes cluster, and so on. EDB recommends the following list of parameters and configurations in BigAnimal: + ##### Allowed container ports list @@ -118,10 +119,6 @@ BigAnimal uses the following hotpaths in its containers: ``` -## Remediate resources in your cluster - -Azure Security Center (ASC) helps assess and enforce BigAnimal's security requirements across the resources used to deploy your clusters. - ### To configure the default ASC policy Perform the following steps in each of your Azure subscriptions: @@ -167,15 +164,11 @@ Once you have modified the default ASC policy definition parameters, ensure that 1. Review the selected options, then select Create at the bottom of the page. -You're now ready to montor and identify non-compliant resources to understand the compliance state of the resources in your subscription. - -Select Compliance in the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under non-compliant resources. - -When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant. +## Remediate resources in your cluster -# Security scores and alerts +You're now ready to monitor and identify non-compliant resources to understand the compliance state of the resources in your subscription. -Azure's secure score is based on the [Azure Security Benchmark](https://docs.microsoft.com/en-us/azure/security/benchmarks/introduction), and helps you understand and improve your current security using secure scores and alerts. +Select Compliance in the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under non-compliant resources. -To increase your security, review Azure Security Center's recommendations page for the outstanding actions necessary to raise your score. See this section for information on why you might be seeing a particular alert and whether you can take steps to improve the security in your cluster. \ No newline at end of file +When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant. \ No newline at end of file diff --git a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx new file mode 100644 index 00000000000..f0997272991 --- /dev/null +++ b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx @@ -0,0 +1,5 @@ +--- +title: "Reviewing ASC recommendations" +--- + +To increase your security, review Azure Security Center's recommendations page for the outstanding actions necessary to raise your score. See this section for information on why you might be seeing a particular alert and whether you can take steps to improve the security in your cluster. diff --git a/product_docs/docs/biganimal/release/overview/03_security/index.mdx b/product_docs/docs/biganimal/release/overview/03_security/index.mdx index 3bfe932eb4f..f3decb0ac0c 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/index.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/index.mdx @@ -16,3 +16,7 @@ BigAnimal runs in your own cloud account, isolates your data from other users, a - **pgAudit:** The classes of statements being logged for pgAudit are set globally on a cluster with `pgaudit.log = 'write,ddl'`. The following statements made on tables are logged by default when the cluster type is PostgreSQL: `INSERT`, `UPDATE`, `DELETE`, `TRUNCATE`, AND `COPY`. All `DDL` is logged. - **Database cluster permissions** The edb_admin account created during the *create cluster* process includes the `CREATEDB` and `CREATEROLE` database roles. EDB recommends using the edb_admin account to create a new application user and new application database for further isolation. See [Managing Postgres access](../using_cluster/01_postgres_access) for more information. + +To further harden security in your Azure subscription, see: +- [Links to children pages] +- [Links to children pages] \ No newline at end of file From 9a38bb52659abc5775a4584046ac37e07931ebdd Mon Sep 17 00:00:00 2001 From: David Wicinas <93669463+dwicinas@users.noreply.github.com> Date: Mon, 24 Jan 2022 11:46:14 -0500 Subject: [PATCH 06/34] Began adding security recommendations --- .../02_reviewing_asc_recommendations.mdx | 43 ++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx index f0997272991..67f2b13d7d7 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx @@ -2,4 +2,45 @@ title: "Reviewing ASC recommendations" --- -To increase your security, review Azure Security Center's recommendations page for the outstanding actions necessary to raise your score. See this section for information on why you might be seeing a particular alert and whether you can take steps to improve the security in your cluster. +To increase your security, review Azure Security Center's recommendations page for actions you can take to raise your security score. See this section for information on why you might be seeing a particular alert and whether you can take steps to improve the security in your cluster. + +Azure Home > Microsoft Defender for the Cloud > recommendations + +## Restricted access to host network and a range of ports - Medium + +To avoid the possibility of a compromised container, Azure Security Center recommends restricting access to the host network for Kubernetes pods as well as restricting pod access to an allowable range of ports on the host. + +BigAnimal must run some containers that may use the node network namespace to monitor the network traffic statistics of Kubernetes cluster worker nodes. To prevent any traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. **IS THAT TEXT ACCURATE? SOURCE MATERIAL WAS NOT CLEAR?** + +For more information about restricting access, go to **Home > Microsoft Defender for the Cloud > Recommendations**. Expand **Restrict unauthorized network access**, select **Usage of host networking and ports should be restricted** and follow the recommendations provided there. + +## Azure Firewall - Low + +BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound. + +If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). + +## Privileged containers + +Azure recommends avoiding privileged containers because they have all the root capabilities of a host machine. However, BigAnimal must run some containers in privileged mode for control plane functionality such as securing and monitoring the application. + +## Immutable read-only root file systems + +Azure recommends that containers should run with a read-only root file system in a Kubernetes cluster. Immutable file systems can prevent malicious changes at run-time. + +BigAnimal must run some containers that must run with a read-only root filesystem for control plane functionality, for example, to use system calls to secure and monitor our application. **IS THAT STATEMENT CORRECT?** + +For more information about restricting access, go to **Home > Microsoft Defender for the Cloud > Recommendations**. Expand **Manage access and permissions**, select **Immutable (read-only) root filesystem should be enforced for containers** and follow the recommendations provided there. + +## Disable automounting API credentials + +Azure recommmends disabling automounting API credentials to prevent a potentially compromised pod running API commands against a Kubernetes cluster. + +To prevent this scenario, BigAnimal created service accounts and roles with least privileges for Kubernetes operators and operands. + +## Containers should not run as root + +Azure recommends that containers should not run as root. Running a process as the root user inside a container runs it as root on the host. If there's a compromise, an attacker has root in the container. + +BigAnimal must run some containers as root users to provide some control plane functionality, for example, to deliver logging functionality. BigAnimal tightly restrict use of the root user, and no containers running as root expose network connectivity. + From a095070399982879d2d378a71c93d9942b28bc77 Mon Sep 17 00:00:00 2001 From: David Wicinas <93669463+dwicinas@users.noreply.github.com> Date: Tue, 25 Jan 2022 11:45:08 -0500 Subject: [PATCH 07/34] Revised draft of Microsoft Defender for Cloud recommendations --- .../02_reviewing_asc_recommendations.mdx | 81 ++++++++++++++----- 1 file changed, 60 insertions(+), 21 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx index 67f2b13d7d7..a7f1894733d 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx @@ -1,46 +1,85 @@ --- -title: "Reviewing ASC recommendations" +title: "Reviewing Microsoft Defender for Cloud recommendations" --- -To increase your security, review Azure Security Center's recommendations page for actions you can take to raise your security score. See this section for information on why you might be seeing a particular alert and whether you can take steps to improve the security in your cluster. +Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the security state of your Azure resources to identify potential vulnerabilities. When using BigAnimal, Microsoft Defender for Cloud makes certain recommendations. See the following sections to understand why Microsoft raises some alerts and whether you can take steps to improve security in your cluster. -Azure Home > Microsoft Defender for the Cloud > recommendations +## Restrict unauthorized network access -## Restricted access to host network and a range of ports - Medium +Microsoft Defender for Cloud may raise the following network access issues for a BigAnimal deployment: -To avoid the possibility of a compromised container, Azure Security Center recommends restricting access to the host network for Kubernetes pods as well as restricting pod access to an allowable range of ports on the host. +### Usage of host networking and ports should be restricted -BigAnimal must run some containers that may use the node network namespace to monitor the network traffic statistics of Kubernetes cluster worker nodes. To prevent any traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. **IS THAT TEXT ACCURATE? SOURCE MATERIAL WAS NOT CLEAR?** +To avoid the possibility of a compromised container, Microsoft recommends restricting access to the host network for Kubernetes pods as well as restricting pod access to an allowable range of ports on the host. -For more information about restricting access, go to **Home > Microsoft Defender for the Cloud > Recommendations**. Expand **Restrict unauthorized network access**, select **Usage of host networking and ports should be restricted** and follow the recommendations provided there. +However, BigAnimal runs some containers that may use the node network namespace to monitor network traffic statistics of Kubernetes cluster worker nodes. To prevent any traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. -## Azure Firewall - Low +### Virtual networks should be protected by Azure Firewall -BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound. +BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound traffic. If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). -## Privileged containers +## Manage access and permissions -Azure recommends avoiding privileged containers because they have all the root capabilities of a host machine. However, BigAnimal must run some containers in privileged mode for control plane functionality such as securing and monitoring the application. +Microsoft Defender for Cloud may raise the following access and permission issues for a BigAnimal deployment. -## Immutable read-only root file systems +### Privileged containers should be avoided -Azure recommends that containers should run with a read-only root file system in a Kubernetes cluster. Immutable file systems can prevent malicious changes at run-time. +Azure recommends avoiding privileged containers because they have all the root capabilities of a host machine. However, BigAnimal must run some containers in privileged mode for control plane functionality, such as securing and monitoring the application. -BigAnimal must run some containers that must run with a read-only root filesystem for control plane functionality, for example, to use system calls to secure and monitor our application. **IS THAT STATEMENT CORRECT?** +### Immutable (read-only) root filesystem should be enforced for containers -For more information about restricting access, go to **Home > Microsoft Defender for the Cloud > Recommendations**. Expand **Manage access and permissions**, select **Immutable (read-only) root filesystem should be enforced for containers** and follow the recommendations provided there. +Azure recommends that containers should run with an immutable read-only root file system in a Kubernetes cluster. Immutable file systems can prevent malicious changes at run-time. -## Disable automounting API credentials +Some BigAnimal containers must run with a read-only root filesystem for control plane functionality. This capability is necessary, for example, to use system calls to secure and monitor the BigAnimal application. -Azure recommmends disabling automounting API credentials to prevent a potentially compromised pod running API commands against a Kubernetes cluster. +## Running containers as root user should be avoided -To prevent this scenario, BigAnimal created service accounts and roles with least privileges for Kubernetes operators and operands. +Azure recommends that containers should not run as root. Running a process as the root user inside a container runs the process as root on the host. If a compromise occurs, an attacker has root access in the container. + +BigAnimal must run some containers as the root user to provide some aspects of control plane functionality, such as logging. BigAnimal tightly restricts use of the root user, and no containers running as root expose network connectivity. + +## Containers sharing sensitive host namespaces should be avoided + +To protect against privilege escalation outside a container, Azure recommends you avoid pod access to sensitive host namespaces (that is, host process IDs and host IPCs) in a Kubernetes cluster. + +However, to monitor network traffic statistics for cluster worker nodes, BigAnimal must run some containers that can share the host process ID namespace. To prevent any traffic sniffing and worker node system configuration changes, BigAnimal has eliminated *all* security capabilities from those containers. + +## Container with privilege escalation should be avoided + +To prevent a process from gaining more privilege than its parent process, Microsoft recommends that containers shouldn't run with privilege escalation to root in a Kubernetes cluster. The AllowPrivilegeEscalation attribute controls whether a process can gain more privileges than its parent process. + +To enable some monitoring capabilities for Kubernetes, BigAnimal must run some containers that may allow privilege escalation. + +## Enable auditing and logging -## Containers should not run as root +Microsoft recommends enabling diagnostic logs in Virtual Machine Scale Sets and Key Vault. -Azure recommends that containers should not run as root. Running a process as the root user inside a container runs it as root on the host. If there's a compromise, an attacker has root in the container. +BigAnimal does not enable diagnostic logs for Virtual Machine Scale Sets and Key Vault, but it does enable diagnostic logs for Kubernetes services. Resources managed by BigAnimal are logged in Kubernetes service logs. If you must enable other logs for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). -BigAnimal must run some containers as root users to provide some control plane functionality, for example, to deliver logging functionality. BigAnimal tightly restrict use of the root user, and no containers running as root expose network connectivity. +## Enable enhanced security features + +Microsoft Defender for Cloud now includes the capabiilities of Microsoft Defender for open-source relational databases. + +BigAnimal does not enable any of the following capabilities: +- Microsoft Defender for servers +- Microsoft Defender for Storage +- Microsoft Defender for Key Vault +- Microsoft Defender for Containers +- Microsoft Defender for Kubernetes Service clusters +- Microsoft Defender for Resources Manager +- Microsoft Defender for DNS + +If you have questions about enabling any of those capabilities for BigAnimal, contact [support@biganimal.com](mailto:support@biganimal.com). + +## Implement security best practices + +Microsoft Defender for Cloud may suggest the following best practice for a BigAnimal deployment: + +## Kubernetes clusters should disable automounting API credentials + +Microsoft recommmends disabling automounting API credentials to prevent a potentially compromised pod from running API commands against a Kubernetes cluster. + +To prevent this scenario, BigAnimal created service accounts and roles with least privileges for Kubernetes operators and operands. From c0654393ba1ccf36b61215192940c67d9c38aeed Mon Sep 17 00:00:00 2001 From: David Wicinas <93669463+dwicinas@users.noreply.github.com> Date: Wed, 26 Jan 2022 09:16:06 -0500 Subject: [PATCH 08/34] minor grammatical tweaks --- .../03_security/02_reviewing_asc_recommendations.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx index a7f1894733d..25da8dc0919 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx @@ -26,23 +26,23 @@ Microsoft Defender for Cloud may raise the following access and permission issue ### Privileged containers should be avoided -Azure recommends avoiding privileged containers because they have all the root capabilities of a host machine. However, BigAnimal must run some containers in privileged mode for control plane functionality, such as securing and monitoring the application. +Microsoft recommends avoiding privileged containers because they have all the root capabilities of a host machine. However, BigAnimal must run some containers in privileged mode for control plane functionality, such as securing and monitoring the application. ### Immutable (read-only) root filesystem should be enforced for containers -Azure recommends that containers should run with an immutable read-only root file system in a Kubernetes cluster. Immutable file systems can prevent malicious changes at run-time. +Microsoft recommends that containers should run with an immutable read-only root file system in a Kubernetes cluster. Immutable file systems can prevent malicious changes at run-time. Some BigAnimal containers must run with a read-only root filesystem for control plane functionality. This capability is necessary, for example, to use system calls to secure and monitor the BigAnimal application. ## Running containers as root user should be avoided -Azure recommends that containers should not run as root. Running a process as the root user inside a container runs the process as root on the host. If a compromise occurs, an attacker has root access in the container. +Microsoft recommends that containers should not run as root. Running a process as the root user inside a container runs the process as root on the host. If a compromise occurs, an attacker has root access in the container. BigAnimal must run some containers as the root user to provide some aspects of control plane functionality, such as logging. BigAnimal tightly restricts use of the root user, and no containers running as root expose network connectivity. ## Containers sharing sensitive host namespaces should be avoided -To protect against privilege escalation outside a container, Azure recommends you avoid pod access to sensitive host namespaces (that is, host process IDs and host IPCs) in a Kubernetes cluster. +To protect against privilege escalation outside a container, Microsoft recommends you avoid pod access to sensitive host namespaces (that is, host process IDs and host IPCs) in a Kubernetes cluster. However, to monitor network traffic statistics for cluster worker nodes, BigAnimal must run some containers that can share the host process ID namespace. To prevent any traffic sniffing and worker node system configuration changes, BigAnimal has eliminated *all* security capabilities from those containers. From 415e8d9885482d787ba775bd30c0d3efe2c77c88 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Tue, 8 Feb 2022 20:44:00 +0530 Subject: [PATCH 09/34] Used the Azure and Dev environment access to improve content --- .../03_security/01_securing_your_cluster.mdx | 155 +++++++++--------- 1 file changed, 76 insertions(+), 79 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index dbe27f8721b..280ebcc228f 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -2,65 +2,92 @@ title: "Enforcing ASC policy definitions" --- -You can use an Azure policy definition to create and enforce rules about specific security conditions. Use the built in ASC policy definition in your subscription to configure parameters such as allowed container ports, maximum allowed memory bytes in a kubernetes cluster, and so on. EDB recommends the following list of parameters and configurations in BigAnimal: - - -##### Allowed container ports list - -BigAnimal runs containers using these ports: - -* 5432 -* 9187 -* 8000 -* 9000 -* 9443 -* 9402 -* 10250 -* 9090 -* 8080 -* 8443 -* 2020 -* 3000 -* 6443 -* 9100 -* 9102 -* 9201 -* 8081 - -##### Allowed service ports list - -BigAnimal runs containers using these services ports: - -* 5432 -* 9402 -* 443 -* 8080 -* 9090 -* 3000 -* 8443 -* 9443 -* 9100 -* 9201 +For each subscription belonging to your organization, Azure automatically assigns a default set of policies to ensure baseline security. You can customize these default policies to match BigAnimal's specific requirement to furhter harden security in your resources. + +## Customize the default ASC policy + +Perform the following steps for each of your Azure subscriptions: + +1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. + +1. Select **Compliance** on the left side of the Policy page. + +1. On the Policy | Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. + Click the **Select** button at the bottom of the Scope page to add your selection. + +1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure as part of onboarding. The policy initiative for each subscription is labelled as **ASC Default (subscription: )** + +1. Select a policy inititative in the list and click **Edit assignment** + +1. On the Edit Initiative Assignment page click the **Parameters** tab. + +1. Clear the **Only show parameters that need input or review** check box. + +1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the JSON values in ()[] to update the parameters. + +1. To remediate non-compliant resources, select Next at the bottom of the page or the Remediation tab at the top of the page to move to the next segment of the assignment wizard. See + +### Security configurations required by BigAnimal + +Use the values below each of the parameters to configure the default ASC policy of a subscription. + +!!! Note + You can directly copy the JSON values provided below, if applicable. + +##### Allowed container ports list + +**JSON value**: + +```js + +["5432", "9187", "8000", "9000", "9443", "9402", "10250", "9090", "8080", "8443", "2020", "3000", "6443", "9100", "9102", "9201", "8081"] + +``` + +##### Allowed service ports list in Kubernetes cluster + +**JSON value**: + +```js + +["5432", "9402", "443", "8080", "9090", "3000", "8443", "9443", "9100", "9201"] + +``` ##### Allowed AppArmor profiles -BigAnimal uses AppArmor's *runtime/default* default profile. +**JSON value**: + +```js + +["runtime/default"] + +``` -##### Allowed capabilities +##### Allowed capabilities + +**JSON value**: + +```js + +["FOWNER"] + +``` + +##### Max allowed memory bytes in Kubernetes cluster + +**Value**: `6Gi` -BigAnimal runs containers with minimum security capabilities of *FOWNER*, which is only required to implement data plane functionality such as logging. -##### Max allowed memory bytes in Kubernetes cluster -BigAnimal runs containers with maximum allowed memory bytes of 6Gi. +##### Max allowed CPU units in Kubernetes cluster -##### Recommended Max allowed CPU units in Kubernetes cluster +**Value**: `2` -BigAnimal runs containers with a maximum of two allowed CPU units 2. -##### Recommended Allowed host paths +##### Allowed host paths -BigAnimal uses the following hotpaths in its containers: +**JSON value**: ```js @@ -119,38 +146,8 @@ BigAnimal uses the following hotpaths in its containers: ``` -### To configure the default ASC policy - -Perform the following steps in each of your Azure subscriptions: - -1. Launch the Azure Policy service in the Azure portal by searching for and selecting the *Policy* service in the search box at the top. - -1. Select **Assignments** on the left side of the Azure Policy page. - -1. Select **Assign Policy** from the top of the Policy - Assignments page. - -1. On the Assign Policy page, set the Scope by selecting the ellipsis and then selecting the applicable subscription. A scope determines what resources or grouping of resources the policy assignment gets enforced on. Then use the **Select** button at the bottom of the Scope page. - -1. Select the Policy definition ellipsis to open the list of available definitions. Azure Policy comes with built-in policy definitions you can use. Many are available, such as: - * Enforce tag and its value - * Apply tag and its value - * Inherit a tag from the resource group if missing - * For a partial list of available built-in policies, see Azure Policy samples. - -1. Search through the policy definitions list to find the ASC policy definition you need. Select that policy and then click the **Select** button. - -1. The Assignment name is automatically populated with the policy name you selected, but you can change it. - For this example, You can also add an optional Description. The description provides details about this policy assignment. Assigned by will automatically fill based on who is logged in. This field is optional, so custom values can be entered. - -1. Leave policy enforcement Enabled. For more information, see Policy assignment - enforcement mode. - -1. Select Next at the bottom of the page or the Parameters tab at the top of the page to move to the next segment of the assignment wizard. - -1. Configure the parameters in your default ASC policy to only allow BigAnimal's requirements. - -1. To remediate non-compliant resources, select Next at the bottom of the page or the Remediation tab at the top of the page to move to the next segment of the assignment wizard. See -### To remediate non-compliant resources +### Remediate non-compliant resources Once you have modified the default ASC policy definition parameters, ensure that your resources are compliant with BigAnimal's security requirements from Remediation tab of the assignment wizard. Perform the following steps: From 8f7e7c08bea3ed6a1131c6a38d6d7673ccc022eb Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Thu, 10 Feb 2022 16:11:58 +0530 Subject: [PATCH 10/34] Re writing content based on my finding after finally having access to the dev build --- .../03_security/01_securing_your_cluster.mdx | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index 280ebcc228f..248b6d2fc3c 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -2,11 +2,11 @@ title: "Enforcing ASC policy definitions" --- -For each subscription belonging to your organization, Azure automatically assigns a default set of policies to ensure baseline security. You can customize these default policies to match BigAnimal's specific requirement to furhter harden security in your resources. +For each subscription belonging to your organization, Azure automatically assigns a default set of policies to ensure baseline security. You can customize these default policies to match BigAnimal's specific requirement and further harden security of your resources. ## Customize the default ASC policy -Perform the following steps for each of your Azure subscriptions: +To be able to customize the default ASC policy, you must have Perform the following steps for each of your Azure subscriptions: 1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. @@ -23,7 +23,7 @@ Perform the following steps for each of your Azure subscriptions: 1. Clear the **Only show parameters that need input or review** check box. -1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the JSON values in ()[] to update the parameters. +1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the parameter values specified in [Security configurations required by BigAnimal](#security-configurations-required-by-biganimal) to update the parameters. 1. To remediate non-compliant resources, select Next at the bottom of the page or the Remediation tab at the top of the page to move to the next segment of the assignment wizard. See @@ -145,11 +145,9 @@ Use the values below each of the parameters to configure the default ASC policy } ``` - - ### Remediate non-compliant resources -Once you have modified the default ASC policy definition parameters, ensure that your resources are compliant with BigAnimal's security requirements from Remediation tab of the assignment wizard. Perform the following steps: +Once you have modified the default ASC policy definition associated with each subscription, ensure that your resources are compliant with BigAnimal's security requirements from Remediation tab of the assignment wizard. Perform the following steps: 1. Leave Create a Managed Identity unchecked. This box must be checked when the policy or initiative includes a policy with either the deployIfNotExists or modify effect. As the policy used for this quickstart doesn't, leave it blank. For more information, see managed identities and how remediation security works. @@ -161,11 +159,10 @@ Once you have modified the default ASC policy definition parameters, ensure that 1. Review the selected options, then select Create at the bottom of the page. - -## Remediate resources in your cluster +## Monitor resources in your cluster You're now ready to monitor and identify non-compliant resources to understand the compliance state of the resources in your subscription. -Select Compliance in the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under non-compliant resources. +Select **Compliance** on the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under non-compliant resources. -When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant. \ No newline at end of file +When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. For details on the The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant. \ No newline at end of file From 5f301a82734e057a172f794c459f6c08c646d8ac Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Fri, 11 Feb 2022 12:41:21 +0530 Subject: [PATCH 11/34] Removed remediation steps based on discussion with Ellen --- .../03_security/01_securing_your_cluster.mdx | 34 +++++++------------ .../02_reviewing_asc_recommendations.mdx | 2 +- .../release/overview/03_security/index.mdx | 3 +- 3 files changed, 15 insertions(+), 24 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index 248b6d2fc3c..db449b3804f 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -1,21 +1,20 @@ --- -title: "Enforcing ASC policy definitions" +title: "Customizing policy definitions" --- -For each subscription belonging to your organization, Azure automatically assigns a default set of policies to ensure baseline security. You can customize these default policies to match BigAnimal's specific requirement and further harden security of your resources. +For each subscription belonging to your organization, Azure automatically assigns a default set of policies to ensure baseline security of your resources. You can customize these default policies to match BigAnimal's specific requirement and further harden security of your resources. ## Customize the default ASC policy -To be able to customize the default ASC policy, you must have Perform the following steps for each of your Azure subscriptions: +To be able to customize the default ASC policy, you must perform the following steps for each of your Azure subscriptions: 1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. 1. Select **Compliance** on the left side of the Policy page. -1. On the Policy | Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. - Click the **Select** button at the bottom of the Scope page to add your selection. +1. On the Policy | Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. Click the **Select** button at the bottom of the Scope page to add your selection. -1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure as part of onboarding. The policy initiative for each subscription is labelled as **ASC Default (subscription: )** +1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure's onboarding process. The policy initiative for each subscription is labelled as *ASC Default (subscription: )* 1. Select a policy inititative in the list and click **Edit assignment** @@ -25,14 +24,17 @@ To be able to customize the default ASC policy, you must have Perform the follow 1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the parameter values specified in [Security configurations required by BigAnimal](#security-configurations-required-by-biganimal) to update the parameters. -1. To remediate non-compliant resources, select Next at the bottom of the page or the Remediation tab at the top of the page to move to the next segment of the assignment wizard. See +1. Select the **Review + create** tab at the top of the wizard. + +1. Review your selections, then select **Create** at the bottom of the page. ### Security configurations required by BigAnimal Use the values below each of the parameters to configure the default ASC policy of a subscription. !!! Note - You can directly copy the JSON values provided below, if applicable. + + You can directly copy the parameter values provided below. Values are provided in JSON wherever applicable. ##### Allowed container ports list @@ -145,19 +147,6 @@ Use the values below each of the parameters to configure the default ASC policy } ``` -### Remediate non-compliant resources - -Once you have modified the default ASC policy definition associated with each subscription, ensure that your resources are compliant with BigAnimal's security requirements from Remediation tab of the assignment wizard. Perform the following steps: - -1. Leave Create a Managed Identity unchecked. This box must be checked when the policy or initiative includes a policy with either the deployIfNotExists or modify effect. As the policy used for this quickstart doesn't, leave it blank. For more information, see managed identities and how remediation security works. - -1. Select Next at the bottom of the page or the Non-compliance messages tab at the top of the page to move to the next segment of the assignment wizard. - -1. Set the Non-compliance message to **TBD** . This custom message is displayed when a resource is denied or for non-compliant resources during regular evaluation. - -1. Select Next at the bottom of the page or the Review + Create tab at the top of the page to move to the next segment of the assignment wizard. - -1. Review the selected options, then select Create at the bottom of the page. ## Monitor resources in your cluster @@ -165,4 +154,5 @@ You're now ready to monitor and identify non-compliant resources to understand t Select **Compliance** on the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under non-compliant resources. -When a condition is evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. For details on the The following table shows how different policy effects work with the condition evaluation for the resulting compliance state. Although you don't see the evaluation logic in the Azure portal, the compliance state results are shown. The compliance state result is either compliant or non-compliant. \ No newline at end of file +When a policy initiative and its conditions are evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. For details on compliance states, see [How compliance works](https://docs.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data#how-compliance-works). + diff --git a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx index 25da8dc0919..2b0f6bb49a5 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx @@ -2,7 +2,7 @@ title: "Reviewing Microsoft Defender for Cloud recommendations" --- -Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the security state of your Azure resources to identify potential vulnerabilities. When using BigAnimal, Microsoft Defender for Cloud makes certain recommendations. See the following sections to understand why Microsoft raises some alerts and whether you can take steps to improve security in your cluster. +When using BigAnimal, Microsoft Defender for Cloud makes certain recommendations. See the following sections to understand why Microsoft raises some alerts and whether you can take steps to improve security in your cluster. ## Restrict unauthorized network access diff --git a/product_docs/docs/biganimal/release/overview/03_security/index.mdx b/product_docs/docs/biganimal/release/overview/03_security/index.mdx index f3decb0ac0c..1e220e949d1 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/index.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/index.mdx @@ -17,6 +17,7 @@ BigAnimal runs in your own cloud account, isolates your data from other users, a - **Database cluster permissions** The edb_admin account created during the *create cluster* process includes the `CREATEDB` and `CREATEROLE` database roles. EDB recommends using the edb_admin account to create a new application user and new application database for further isolation. See [Managing Postgres access](../using_cluster/01_postgres_access) for more information. -To further harden security in your Azure subscription, see: +Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the security state of your Azure resources to identify potential vulnerabilities. When using BigAnimal, Microsoft Defender for Cloud makes certain recommendations. See the following sections to understand why Microsoft raises alerts and how you can further customize baseline policy definitions to match BigAnimal's specific requirements. + - [Links to children pages] - [Links to children pages] \ No newline at end of file From d899a41d3b26dd45a9905381a03dee673919b06f Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Fri, 11 Feb 2022 13:41:34 +0530 Subject: [PATCH 12/34] polishing content --- .../03_security/01_securing_your_cluster.mdx | 87 ++++++++----------- .../02_reviewing_asc_recommendations.mdx | 8 +- 2 files changed, 41 insertions(+), 54 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx index db449b3804f..ce46bdb711d 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx @@ -4,30 +4,6 @@ title: "Customizing policy definitions" For each subscription belonging to your organization, Azure automatically assigns a default set of policies to ensure baseline security of your resources. You can customize these default policies to match BigAnimal's specific requirement and further harden security of your resources. -## Customize the default ASC policy - -To be able to customize the default ASC policy, you must perform the following steps for each of your Azure subscriptions: - -1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. - -1. Select **Compliance** on the left side of the Policy page. - -1. On the Policy | Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. Click the **Select** button at the bottom of the Scope page to add your selection. - -1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure's onboarding process. The policy initiative for each subscription is labelled as *ASC Default (subscription: )* - -1. Select a policy inititative in the list and click **Edit assignment** - -1. On the Edit Initiative Assignment page click the **Parameters** tab. - -1. Clear the **Only show parameters that need input or review** check box. - -1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the parameter values specified in [Security configurations required by BigAnimal](#security-configurations-required-by-biganimal) to update the parameters. - -1. Select the **Review + create** tab at the top of the wizard. - -1. Review your selections, then select **Create** at the bottom of the page. - ### Security configurations required by BigAnimal Use the values below each of the parameters to configure the default ASC policy of a subscription. @@ -36,63 +12,47 @@ Use the values below each of the parameters to configure the default ASC policy You can directly copy the parameter values provided below. Values are provided in JSON wherever applicable. -##### Allowed container ports list - -**JSON value**: +##### Allowed container ports list: ```js - ["5432", "9187", "8000", "9000", "9443", "9402", "10250", "9090", "8080", "8443", "2020", "3000", "6443", "9100", "9102", "9201", "8081"] - ``` -##### Allowed service ports list in Kubernetes cluster -**JSON value**: +##### Allowed service ports list in Kubernetes cluster: ```js - ["5432", "9402", "443", "8080", "9090", "3000", "8443", "9443", "9100", "9201"] - ``` -##### Allowed AppArmor profiles -**JSON value**: +##### Allowed AppArmor profiles: ```js - ["runtime/default"] - ``` -##### Allowed capabilities -**JSON value**: +##### Allowed capabilities: ```js - ["FOWNER"] - ``` -##### Max allowed memory bytes in Kubernetes cluster - -**Value**: `6Gi` +##### Max allowed memory bytes in Kubernetes cluster: +`6Gi` -##### Max allowed CPU units in Kubernetes cluster -**Value**: `2` +##### Max allowed CPU units in Kubernetes cluster: +`2` -##### Allowed host paths -**JSON value**: +##### Allowed host paths: ```js - { "paths": [ { @@ -145,9 +105,36 @@ Use the values below each of the parameters to configure the default ASC policy } ] } - ``` +## Customize the default ASC policy + +To be able to customize the default ASC policy, you must perform the following steps for each of your Azure subscriptions: + +!!! Note + You need Microsoft.Authorizations/PolicyAssignments/write permissions to be able to update policy initiatives in Azure. + + +1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. + +1. Select **Compliance** on the left side of the Policy page. + +1. On the Policy | Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. Click the **Select** button at the bottom of the Scope page to add your selection. + +1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure's onboarding process. The policy initiative for each subscription is labelled as *ASC Default (subscription: )* + +1. Select a policy inititative in the list and click **Edit assignment** + +1. On the Edit Initiative Assignment page click the **Parameters** tab. + +1. Clear the **Only show parameters that need input or review** check box. + +1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the parameter values specified in [Security configurations required by BigAnimal](#security-configurations-required-by-biganimal) to update the parameters. + +1. Select the **Review + create** tab at the top of the wizard. + +1. Review your selections, then select **Create** at the bottom of the page. + ## Monitor resources in your cluster You're now ready to monitor and identify non-compliant resources to understand the compliance state of the resources in your subscription. diff --git a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx index 2b0f6bb49a5..57236dcf8d2 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx @@ -8,13 +8,13 @@ When using BigAnimal, Microsoft Defender for Cloud makes certain recommendations Microsoft Defender for Cloud may raise the following network access issues for a BigAnimal deployment: -### Usage of host networking and ports should be restricted +#### Usage of host networking and ports should be restricted To avoid the possibility of a compromised container, Microsoft recommends restricting access to the host network for Kubernetes pods as well as restricting pod access to an allowable range of ports on the host. However, BigAnimal runs some containers that may use the node network namespace to monitor network traffic statistics of Kubernetes cluster worker nodes. To prevent any traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. -### Virtual networks should be protected by Azure Firewall +#### Virtual networks should be protected by Azure Firewall BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound traffic. @@ -24,11 +24,11 @@ If your organization requires an Azure Firewall for compliance purposes, contact Microsoft Defender for Cloud may raise the following access and permission issues for a BigAnimal deployment. -### Privileged containers should be avoided +#### Privileged containers should be avoided Microsoft recommends avoiding privileged containers because they have all the root capabilities of a host machine. However, BigAnimal must run some containers in privileged mode for control plane functionality, such as securing and monitoring the application. -### Immutable (read-only) root filesystem should be enforced for containers +#### Immutable (read-only) root filesystem should be enforced for containers Microsoft recommends that containers should run with an immutable read-only root file system in a Kubernetes cluster. Immutable file systems can prevent malicious changes at run-time. From 3b5605b6a1c158261e9f91a3b6026193fd9f3e53 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Wed, 23 Feb 2022 00:08:20 +0530 Subject: [PATCH 13/34] Incorporated Ben's comments --- .../01_customizing_policy_ definitions.mdx | 197 ++++++++++++++++++ .../03_security/01_securing_your_cluster.mdx | 145 ------------- .../02_reviewing_asc_recommendations.mdx | 85 -------- .../release/overview/03_security/index.mdx | 7 +- 4 files changed, 198 insertions(+), 236 deletions(-) create mode 100644 product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx delete mode 100644 product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx delete mode 100644 product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx new file mode 100644 index 00000000000..91b32f93fc4 --- /dev/null +++ b/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx @@ -0,0 +1,197 @@ +--- +title: "Customizing Azure policy definitions" +--- + +To prevent conflicts with external workloads, BigAnimal does not make policy customizations in your Azure subscription. However, you can manually customize baseline policies as per requirements specific to BigAnimal. + +### Customize baseline policy definitions + +Perform the following steps for each of your Azure subscriptions: + +!!! Note + You need Microsoft.Authorizations/PolicyAssignments/write permissions to be able to update policy initiatives in Azure. + + +1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. + +1. Select **Compliance** on the left side of the Policy page. + +1. On the Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. Click the **Select** button at the bottom of the Scope page to add your selection. + +1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure's onboarding process. The policy initiative for each subscription is labelled as *ASC Default (subscription: )* + +1. Select a policy inititative in the list and click **Edit assignment**. + +1. On the Edit Initiative Assignment page click the **Parameters** tab. + +1. Clear the **Only show parameters that need input or review** check box. + +1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the parameter values specified in [Configurations required by BigAnimal](#configurations-required-by-biganimal) to update the parameters. + +1. Select the **Review + create** tab at the top of the wizard. + +1. Review your selections, then select **Create** at the bottom of the page. + +You're now ready to monitor and identify non-compliant resources to understand the compliance state of the resources in your subscription. + +### Configurations required by BigAnimal + +Use the values below each of the parameters while configuring the baseline policy of a subscription. + +!!! Note + + JSON values are provided wherever applicable. + + +**Allowed service ports list in Kubernetes cluster**: + +```js +["5432", "9402", "443", "8080", "9090", "3000", "8443", "9443", "9100", "9201", "8088"] +``` + + +**Allowed AppArmor profiles**: + +```js +["runtime/default"] +``` + + +**Allowed capabilities**: + +```js +["FOWNER"] +``` + + +**Max allowed memory bytes in Kubernetes cluster**: + +`6Gi` + + +**Max allowed CPU units in Kubernetes cluster**: + +`2` + + +**Allowed host paths for pod in Kubernetes cluster**: + +```js +{ + "paths": [ + { + "pathPrefix": "/var/log", + "readOnly": false + }, + { + "pathPrefix": "/var/lib/docker/containers", + "readOnly": true + }, + { + "pathPrefix": "/", + "readOnly": true + }, + { + "pathPrefix": "/sys", + "readOnly": true + }, + { + "pathPrefix": "/proc", + "readOnly": true + }, + { + "pathPrefix": "/var/run/docker.sock", + "readOnly": false + }, + { + "pathPrefix": "/run/containerd/containerd.sock", + "readOnly": false + }, + { + "pathPrefix": "/dev", + "readOnly": false + }, + { + "pathPrefix": "/boot", + "readOnly": true + }, + { + "pathPrefix": "/lib/modules", + "readOnly": false + }, + { + "pathPrefix": "/usr", + "readOnly": true + }, + { + "pathPrefix": "/etc", + "readOnly": true + } + ] +} +``` + +### Understanding recommendations from Microsoft Defender for Cloud + +Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the security state of your Azure resources to identify potential vulnerabilities. When using BigAnimal, you might see the following recommendations from Microsoft Defender for Cloud. + +**Usage of host networking and ports should be restricted** + +BigAnimal runs containers that use the node network namespace to monitor network traffic statistics of Kubernetes cluster worker nodes. To prevent any traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. + +To monitor and identify non-compliant resources you can modify the *Allowed container ports list*, *Allowed service ports list in Kubernetes cluster* parameters as described in [Customizing baseline policy definitions](to-customize-baseline-policy-definitions) + +**Virtual networks should be protected by Azure Firewall** + +BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound traffic. + +If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). + +**Privileged containers should be avoided** + +BigAnimal must run some containers in privileged mode for control plane functionality, such as securing and monitoring the application. + +To monitor and identify non-compliant resources you can modify the *Allowed capabilities* parameter as described in [Customizing baseline policy definitions](customizing-baseline-policy-definitions). + +**Immutable (read-only) root filesystem should be enforced for containers** + +Some BigAnimal containers must run with a read-only root filesystem for control plane functionality. This capability is necessary, for example, to use system calls to secure and monitor the BigAnimal application. + +**Running containers as root user should be avoided** + +BigAnimal must run some containers as the root user to provide some aspects of control plane functionality, such as logging. BigAnimal tightly restricts use of the root user, and no containers running as root expose network connectivity. + +**Containers sharing sensitive host namespaces should be avoided** + +To monitor network traffic statistics for cluster worker nodes, BigAnimal must run some containers that can share the host process ID namespace. To prevent any traffic sniffing and worker node system configuration changes, BigAnimal has eliminated *all* security capabilities from those containers. + +**Container with privilege escalation should be avoided** + +To enable some monitoring capabilities for Kubernetes, BigAnimal must run some containers that may allow privilege escalation. + +**Kubernetes clusters should disable automounting API credentials** + +Microsoft recommmends disabling automounting API credentials to prevent a potentially compromised pod from running API commands against a Kubernetes cluster. + +To prevent this scenario, BigAnimal creates service accounts and roles with least privileges for Kubernetes operators and operands. + +#### Enable auditing and logging + +Microsoft recommends enabling diagnostic logs in Virtual Machine Scale Sets and Key Vault. + +BigAnimal does not enable diagnostic logs for Virtual Machine Scale Sets and Key Vault, but it does enable diagnostic logs for Kubernetes services. Resources managed by BigAnimal are logged in Kubernetes service logs. If you must enable other logs for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). + +#### Enable enhanced security features + +Microsoft Defender for Cloud now includes the capabilities of Microsoft Defender for open-source relational databases. + +BigAnimal does not enable any of the following capabilities: +- Microsoft Defender for servers +- Microsoft Defender for Storage +- Microsoft Defender for Key Vault +- Microsoft Defender for Containers +- Microsoft Defender for Kubernetes Service clusters +- Microsoft Defender for Resources Manager +- Microsoft Defender for DNS + +If you have questions about enabling any of those capabilities for BigAnimal, contact [support@biganimal.com](mailto:support@biganimal.com). \ No newline at end of file diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx deleted file mode 100644 index ce46bdb711d..00000000000 --- a/product_docs/docs/biganimal/release/overview/03_security/01_securing_your_cluster.mdx +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: "Customizing policy definitions" ---- - -For each subscription belonging to your organization, Azure automatically assigns a default set of policies to ensure baseline security of your resources. You can customize these default policies to match BigAnimal's specific requirement and further harden security of your resources. - -### Security configurations required by BigAnimal - -Use the values below each of the parameters to configure the default ASC policy of a subscription. - -!!! Note - - You can directly copy the parameter values provided below. Values are provided in JSON wherever applicable. - -##### Allowed container ports list: - -```js -["5432", "9187", "8000", "9000", "9443", "9402", "10250", "9090", "8080", "8443", "2020", "3000", "6443", "9100", "9102", "9201", "8081"] -``` - - -##### Allowed service ports list in Kubernetes cluster: - -```js -["5432", "9402", "443", "8080", "9090", "3000", "8443", "9443", "9100", "9201"] -``` - - -##### Allowed AppArmor profiles: - -```js -["runtime/default"] -``` - - -##### Allowed capabilities: - -```js -["FOWNER"] -``` - - -##### Max allowed memory bytes in Kubernetes cluster: - -`6Gi` - - -##### Max allowed CPU units in Kubernetes cluster: - -`2` - - -##### Allowed host paths: - -```js -{ - "paths": [ - { - "pathPrefix": "/var/log", - "readOnly": false - }, - { - "pathPrefix": "/var/lib/docker/containers", - "readOnly": true - }, - { - "pathPrefix": "/", - "readOnly": true - }, - { - "pathPrefix": "/sys", - "readOnly": true - }, - { - "pathPrefix": "/proc", - "readOnly": true - }, - { - "pathPrefix": "/var/run/docker.sock", - "readOnly": false - }, - { - "pathPrefix": "/run/containerd/containerd.sock", - "readOnly": false - }, - { - "pathPrefix": "/dev", - "readOnly": false - }, - { - "pathPrefix": "/boot", - "readOnly": true - }, - { - "pathPrefix": "/lib/modules", - "readOnly": false - }, - { - "pathPrefix": "/usr", - "readOnly": true - }, - { - "pathPrefix": "/etc", - "readOnly": true - } - ] -} -``` - -## Customize the default ASC policy - -To be able to customize the default ASC policy, you must perform the following steps for each of your Azure subscriptions: - -!!! Note - You need Microsoft.Authorizations/PolicyAssignments/write permissions to be able to update policy initiatives in Azure. - - -1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. - -1. Select **Compliance** on the left side of the Policy page. - -1. On the Policy | Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. Click the **Select** button at the bottom of the Scope page to add your selection. - -1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure's onboarding process. The policy initiative for each subscription is labelled as *ASC Default (subscription: )* - -1. Select a policy inititative in the list and click **Edit assignment** - -1. On the Edit Initiative Assignment page click the **Parameters** tab. - -1. Clear the **Only show parameters that need input or review** check box. - -1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the parameter values specified in [Security configurations required by BigAnimal](#security-configurations-required-by-biganimal) to update the parameters. - -1. Select the **Review + create** tab at the top of the wizard. - -1. Review your selections, then select **Create** at the bottom of the page. - -## Monitor resources in your cluster - -You're now ready to monitor and identify non-compliant resources to understand the compliance state of the resources in your subscription. - -Select **Compliance** on the left side of the page. If there are any existing resources that aren't compliant with this new assignment, they appear under non-compliant resources. - -When a policy initiative and its conditions are evaluated against your existing resources and found true, then those resources are marked as non-compliant with the policy. For details on compliance states, see [How compliance works](https://docs.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data#how-compliance-works). - diff --git a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx b/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx deleted file mode 100644 index 57236dcf8d2..00000000000 --- a/product_docs/docs/biganimal/release/overview/03_security/02_reviewing_asc_recommendations.mdx +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: "Reviewing Microsoft Defender for Cloud recommendations" ---- - -When using BigAnimal, Microsoft Defender for Cloud makes certain recommendations. See the following sections to understand why Microsoft raises some alerts and whether you can take steps to improve security in your cluster. - -## Restrict unauthorized network access - -Microsoft Defender for Cloud may raise the following network access issues for a BigAnimal deployment: - -#### Usage of host networking and ports should be restricted - -To avoid the possibility of a compromised container, Microsoft recommends restricting access to the host network for Kubernetes pods as well as restricting pod access to an allowable range of ports on the host. - -However, BigAnimal runs some containers that may use the node network namespace to monitor network traffic statistics of Kubernetes cluster worker nodes. To prevent any traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. - -#### Virtual networks should be protected by Azure Firewall - -BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound traffic. - -If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). - -## Manage access and permissions - -Microsoft Defender for Cloud may raise the following access and permission issues for a BigAnimal deployment. - -#### Privileged containers should be avoided - -Microsoft recommends avoiding privileged containers because they have all the root capabilities of a host machine. However, BigAnimal must run some containers in privileged mode for control plane functionality, such as securing and monitoring the application. - -#### Immutable (read-only) root filesystem should be enforced for containers - -Microsoft recommends that containers should run with an immutable read-only root file system in a Kubernetes cluster. Immutable file systems can prevent malicious changes at run-time. - -Some BigAnimal containers must run with a read-only root filesystem for control plane functionality. This capability is necessary, for example, to use system calls to secure and monitor the BigAnimal application. - -## Running containers as root user should be avoided - -Microsoft recommends that containers should not run as root. Running a process as the root user inside a container runs the process as root on the host. If a compromise occurs, an attacker has root access in the container. - -BigAnimal must run some containers as the root user to provide some aspects of control plane functionality, such as logging. BigAnimal tightly restricts use of the root user, and no containers running as root expose network connectivity. - -## Containers sharing sensitive host namespaces should be avoided - -To protect against privilege escalation outside a container, Microsoft recommends you avoid pod access to sensitive host namespaces (that is, host process IDs and host IPCs) in a Kubernetes cluster. - -However, to monitor network traffic statistics for cluster worker nodes, BigAnimal must run some containers that can share the host process ID namespace. To prevent any traffic sniffing and worker node system configuration changes, BigAnimal has eliminated *all* security capabilities from those containers. - -## Container with privilege escalation should be avoided - -To prevent a process from gaining more privilege than its parent process, Microsoft recommends that containers shouldn't run with privilege escalation to root in a Kubernetes cluster. The AllowPrivilegeEscalation attribute controls whether a process can gain more privileges than its parent process. - -To enable some monitoring capabilities for Kubernetes, BigAnimal must run some containers that may allow privilege escalation. - -## Enable auditing and logging - -Microsoft recommends enabling diagnostic logs in Virtual Machine Scale Sets and Key Vault. - -BigAnimal does not enable diagnostic logs for Virtual Machine Scale Sets and Key Vault, but it does enable diagnostic logs for Kubernetes services. Resources managed by BigAnimal are logged in Kubernetes service logs. If you must enable other logs for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). - -## Enable enhanced security features - -Microsoft Defender for Cloud now includes the capabiilities of Microsoft Defender for open-source relational databases. - -BigAnimal does not enable any of the following capabilities: -- Microsoft Defender for servers -- Microsoft Defender for Storage -- Microsoft Defender for Key Vault -- Microsoft Defender for Containers -- Microsoft Defender for Kubernetes Service clusters -- Microsoft Defender for Resources Manager -- Microsoft Defender for DNS - -If you have questions about enabling any of those capabilities for BigAnimal, contact [support@biganimal.com](mailto:support@biganimal.com). - -## Implement security best practices - -Microsoft Defender for Cloud may suggest the following best practice for a BigAnimal deployment: - -## Kubernetes clusters should disable automounting API credentials - -Microsoft recommmends disabling automounting API credentials to prevent a potentially compromised pod from running API commands against a Kubernetes cluster. - -To prevent this scenario, BigAnimal created service accounts and roles with least privileges for Kubernetes operators and operands. - diff --git a/product_docs/docs/biganimal/release/overview/03_security/index.mdx b/product_docs/docs/biganimal/release/overview/03_security/index.mdx index 1e220e949d1..81f4dec20ef 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/index.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/index.mdx @@ -15,9 +15,4 @@ BigAnimal runs in your own cloud account, isolates your data from other users, a - **Database logging and auditing:** Functionality to track and analyze database activities is enabled automatically. For PostgreSQL, the PostgreSQL Audit Extension (pgAudit) is enabled for you when deploying a Postgres cluster. For EDB Postgres Advanced Server, the EDB Audit extension (edbAudit) is enabled for you. - **pgAudit:** The classes of statements being logged for pgAudit are set globally on a cluster with `pgaudit.log = 'write,ddl'`. The following statements made on tables are logged by default when the cluster type is PostgreSQL: `INSERT`, `UPDATE`, `DELETE`, `TRUNCATE`, AND `COPY`. All `DDL` is logged. -- **Database cluster permissions** The edb_admin account created during the *create cluster* process includes the `CREATEDB` and `CREATEROLE` database roles. EDB recommends using the edb_admin account to create a new application user and new application database for further isolation. See [Managing Postgres access](../using_cluster/01_postgres_access) for more information. - -Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the security state of your Azure resources to identify potential vulnerabilities. When using BigAnimal, Microsoft Defender for Cloud makes certain recommendations. See the following sections to understand why Microsoft raises alerts and how you can further customize baseline policy definitions to match BigAnimal's specific requirements. - -- [Links to children pages] -- [Links to children pages] \ No newline at end of file +- **Database cluster permissions** The edb_admin account created during the *create cluster* process includes the `CREATEDB` and `CREATEROLE` database roles. EDB recommends using the edb_admin account to create a new application user and new application database for further isolation. See [Managing Postgres access](../using_cluster/01_postgres_access) for more information. \ No newline at end of file From 23d01aef9b15662950b5ee7cfe5a6a38bb184c63 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Wed, 23 Feb 2022 17:51:06 +0530 Subject: [PATCH 14/34] Polishing the content --- .../01_customizing_policy_ definitions.mdx | 236 +++++++++--------- 1 file changed, 118 insertions(+), 118 deletions(-) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx index 91b32f93fc4..665442b3573 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx @@ -2,14 +2,16 @@ title: "Customizing Azure policy definitions" --- -To prevent conflicts with external workloads, BigAnimal does not make policy customizations in your Azure subscription. However, you can manually customize baseline policies as per requirements specific to BigAnimal. +Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the configurations of your Azure resources to identify potential vulnerabilities. Microsoft Defender for Cloud uses Azure Policy to help you monitor, identify, and remediate non-compliant resources. -### Customize baseline policy definitions +Azure automatically assigns a default set of policies to each subscription belonging to your organization. You can further customize these default Azure policies based on how resources are configured in BigAnimal. See [Customizable policy definition parameters](#customizable-policy-definition-parameters) for a recommended list of policy definition parameters that you can customize. -Perform the following steps for each of your Azure subscriptions: +### Customize default policy definitions in Azure + +BigAnimal does not customize your Azure policies to prevent conflicts with external workloads. To customize Azure policies, you must manually perform the following steps in each of your Azure subscriptions: !!! Note - You need Microsoft.Authorizations/PolicyAssignments/write permissions to be able to update policy initiatives in Azure. + You require *Microsoft.Authorizations/PolicyAssignments/write* permissions to be able to update policy initiatives (sets of policies) in Azure. 1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service. @@ -18,168 +20,166 @@ Perform the following steps for each of your Azure subscriptions: 1. On the Compliance page, set the Scope by selecting the ellipsis and then selecting all subscriptions. Click the **Select** button at the bottom of the Scope page to add your selection. -1. You can see a list of all the policy initiatives (sets of polices) automatically assigned by Azure's onboarding process. The policy initiative for each subscription is labelled as *ASC Default (subscription: )* +1. You can see a list of all the policy initiatives (sets of policies) automatically assigned by Azure's onboarding process. The policy initiative for each subscription is labeled as *ASC Default (subscription: )* -1. Select a policy inititative in the list and click **Edit assignment**. +1. Select a policy initiative in the list and click **Edit assignment**. -1. On the Edit Initiative Assignment page click the **Parameters** tab. +1. On the Edit Initiative Assignment page, click the **Parameters** tab. 1. Clear the **Only show parameters that need input or review** check box. -1. Configure the parameters in your default ASC policy to only allow BigAnimal's specific requirements. Use the parameter values specified in [Configurations required by BigAnimal](#configurations-required-by-biganimal) to update the parameters. +1. Configure your default ASC policy parameters to only allow BigAnimal's specific configurations. Use the parameter values specified in [Customizable policy definition parameters](#customizable-policy-definition-parameters) to update the parameters. 1. Select the **Review + create** tab at the top of the wizard. 1. Review your selections, then select **Create** at the bottom of the page. -You're now ready to monitor and identify non-compliant resources to understand the compliance state of the resources in your subscription. +You're now ready to monitor, identify, and remediate non-compliant resources to improve the compliance state of the resources in your subscription. -### Configurations required by BigAnimal +### Customizable policy definition parameters -Use the values below each of the parameters while configuring the baseline policy of a subscription. +You can customize the following parameters in your baseline Azure policies. Use the values below each parameter while configuring the default ASC policy of a subscription. !!! Note JSON values are provided wherever applicable. -**Allowed service ports list in Kubernetes cluster**: +- **Allowed service ports list in Kubernetes cluster**: -```js -["5432", "9402", "443", "8080", "9090", "3000", "8443", "9443", "9100", "9201", "8088"] -``` + ```js + ["5432", "9402", "443", "8080", + "9090", "3000", "8443", "9443", "9100", "9201", "8088"] + ``` -**Allowed AppArmor profiles**: +- **Allowed AppArmor profiles**: -```js -["runtime/default"] -``` + ```js + ["runtime/default"] + ``` -**Allowed capabilities**: - -```js -["FOWNER"] -``` - - -**Max allowed memory bytes in Kubernetes cluster**: - -`6Gi` - - -**Max allowed CPU units in Kubernetes cluster**: - -`2` - - -**Allowed host paths for pod in Kubernetes cluster**: - -```js -{ - "paths": [ - { - "pathPrefix": "/var/log", - "readOnly": false - }, - { - "pathPrefix": "/var/lib/docker/containers", - "readOnly": true - }, - { - "pathPrefix": "/", - "readOnly": true - }, - { - "pathPrefix": "/sys", - "readOnly": true - }, - { - "pathPrefix": "/proc", - "readOnly": true - }, - { - "pathPrefix": "/var/run/docker.sock", - "readOnly": false - }, - { - "pathPrefix": "/run/containerd/containerd.sock", - "readOnly": false - }, - { - "pathPrefix": "/dev", - "readOnly": false - }, - { - "pathPrefix": "/boot", - "readOnly": true - }, - { - "pathPrefix": "/lib/modules", - "readOnly": false - }, - { - "pathPrefix": "/usr", - "readOnly": true - }, - { - "pathPrefix": "/etc", - "readOnly": true - } - ] -} -``` - -### Understanding recommendations from Microsoft Defender for Cloud - -Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the security state of your Azure resources to identify potential vulnerabilities. When using BigAnimal, you might see the following recommendations from Microsoft Defender for Cloud. +- **Allowed capabilities**: + + ```js + ["FOWNER"] + ``` + + +- **Max allowed memory bytes in Kubernetes cluster**: + + `6Gi` + + +- **Max allowed CPU units in Kubernetes cluster**: + + `2` + + +- **Allowed host paths for pod in Kubernetes cluster**: + + ```js + { + "paths": [ + { + "pathPrefix": "/var/log", + "readOnly": false + }, + { + "pathPrefix": "/var/lib/docker/containers", + "readOnly": true + }, + { + "pathPrefix": "/", + "readOnly": true + }, + { + "pathPrefix": "/sys", + "readOnly": true + }, + { + "pathPrefix": "/proc", + "readOnly": true + }, + { + "pathPrefix": "/var/run/docker.sock", + "readOnly": false + }, + { + "pathPrefix": "/run/containerd/containerd.sock", + "readOnly": false + }, + { + "pathPrefix": "/dev", + "readOnly": false + }, + { + "pathPrefix": "/boot", + "readOnly": true + }, + { + "pathPrefix": "/lib/modules", + "readOnly": false + }, + { + "pathPrefix": "/usr", + "readOnly": true + }, + { + "pathPrefix": "/etc", + "readOnly": true + } + ] + } + + ``` -**Usage of host networking and ports should be restricted** +### Other recommendations from Microsoft Defender for Cloud -BigAnimal runs containers that use the node network namespace to monitor network traffic statistics of Kubernetes cluster worker nodes. To prevent any traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. +You might still see recommendations from Microsoft Defender for Cloud even after customizing your policies and remediating non-compliant resources. See the following sections to understand why Microsoft raises the following alerts. -To monitor and identify non-compliant resources you can modify the *Allowed container ports list*, *Allowed service ports list in Kubernetes cluster* parameters as described in [Customizing baseline policy definitions](to-customize-baseline-policy-definitions) +- **Usage of host networking and ports should be restricted** -**Virtual networks should be protected by Azure Firewall** + BigAnimal runs containers that use the node network namespace to monitor network traffic statistics of Kubernetes cluster worker nodes. To prevent traffic sniffing and configuration changes to the worker node system, BigAnimal has removed all security capabilities for those containers. -BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound traffic. +- **Virtual networks should be protected by Azure Firewall** -If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). + BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound traffic. -**Privileged containers should be avoided** + If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). -BigAnimal must run some containers in privileged mode for control plane functionality, such as securing and monitoring the application. +- **Privileged containers should be avoided** -To monitor and identify non-compliant resources you can modify the *Allowed capabilities* parameter as described in [Customizing baseline policy definitions](customizing-baseline-policy-definitions). + BigAnimal must run some containers in the privileged mode for control plane functionality, such as securing and monitoring the application. -**Immutable (read-only) root filesystem should be enforced for containers** +- **Immutable (read-only) root filesystem should be enforced for containers** -Some BigAnimal containers must run with a read-only root filesystem for control plane functionality. This capability is necessary, for example, to use system calls to secure and monitor the BigAnimal application. + Some BigAnimal containers must run with a read-only root filesystem for control plane functionality. This capability is necessary, for example, to use system calls to secure and monitor the BigAnimal application. -**Running containers as root user should be avoided** +- **Running containers as root user should be avoided** -BigAnimal must run some containers as the root user to provide some aspects of control plane functionality, such as logging. BigAnimal tightly restricts use of the root user, and no containers running as root expose network connectivity. + BigAnimal must run some containers as the root user to provide some aspects of control plane functionality, such as logging. BigAnimal tightly restricts the use of the root user, and no containers running as root expose network connectivity. -**Containers sharing sensitive host namespaces should be avoided** +- **Containers sharing sensitive host namespaces should be avoided** -To monitor network traffic statistics for cluster worker nodes, BigAnimal must run some containers that can share the host process ID namespace. To prevent any traffic sniffing and worker node system configuration changes, BigAnimal has eliminated *all* security capabilities from those containers. + BigAnimal must run some containers that can share the host process ID namespace to monitor network traffic statistics for cluster worker nodes. To prevent traffic sniffing and configuration changes to the worker node system, BigAnimal has removed *all* security capabilities for those containers. -**Container with privilege escalation should be avoided** +- **Container with privilege escalation should be avoided** -To enable some monitoring capabilities for Kubernetes, BigAnimal must run some containers that may allow privilege escalation. + To enable some monitoring capabilities for Kubernetes, BigAnimal must run some containers that may allow privilege escalation. -**Kubernetes clusters should disable automounting API credentials** +- **Kubernetes clusters should disable automounting API credentials** -Microsoft recommmends disabling automounting API credentials to prevent a potentially compromised pod from running API commands against a Kubernetes cluster. + Microsoft recommends disabling automounting API credentials to prevent a potentially compromised pod from running API commands against a Kubernetes cluster. -To prevent this scenario, BigAnimal creates service accounts and roles with least privileges for Kubernetes operators and operands. + BigAnimal creates service accounts and roles with the least privileges for Kubernetes operators and operands to prevent this scenario. #### Enable auditing and logging -Microsoft recommends enabling diagnostic logs in Virtual Machine Scale Sets and Key Vault. +Microsoft recommends enabling diagnostic logs in Kubernetes services, Key Vault, and Virtual Machine Scale Sets. -BigAnimal does not enable diagnostic logs for Virtual Machine Scale Sets and Key Vault, but it does enable diagnostic logs for Kubernetes services. Resources managed by BigAnimal are logged in Kubernetes service logs. If you must enable other logs for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). +BigAnimal does not enable diagnostic logs for Kubernetes services and Key Vault, but it does enable diagnostic logs for Virtual Machine Scale Sets. Resources managed by BigAnimal are logged in Virtual Machine Scale Sets logs. If you must enable other logs for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). #### Enable enhanced security features From 63bc3f620384edd2da7947fa16cca2539b910a0a Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Mon, 28 Feb 2022 19:11:02 +0530 Subject: [PATCH 15/34] Updated content --- .../04_customizing_policy_ definitions.mdx} | 23 ++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) rename product_docs/docs/biganimal/release/{overview/03_security/01_customizing_policy_ definitions.mdx => administering_cluster/04_customizing_policy_ definitions.mdx} (87%) diff --git a/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx similarity index 87% rename from product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx rename to product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index 665442b3573..bc7068c8dea 100644 --- a/product_docs/docs/biganimal/release/overview/03_security/01_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -2,13 +2,14 @@ title: "Customizing Azure policy definitions" --- -Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the configurations of your Azure resources to identify potential vulnerabilities. Microsoft Defender for Cloud uses Azure Policy to help you monitor, identify, and remediate non-compliant resources. +Azure Policies help you monitor, identify, and remediate non-compliant resources. Azure automatically assigns a default set of policies to each subscription. If required by your organization, you can further customize these default Azure policies to match BigAnimal's resource configurations. -Azure automatically assigns a default set of policies to each subscription belonging to your organization. You can further customize these default Azure policies based on how resources are configured in BigAnimal. See [Customizable policy definition parameters](#customizable-policy-definition-parameters) for a recommended list of policy definition parameters that you can customize. +!!! Note + BigAnimal does not customize your Azure policies to prevent conflicts with external workloads. ### Customize default policy definitions in Azure -BigAnimal does not customize your Azure policies to prevent conflicts with external workloads. To customize Azure policies, you must manually perform the following steps in each of your Azure subscriptions: +Manually perform the following steps in each of your Azure subscriptions: !!! Note You require *Microsoft.Authorizations/PolicyAssignments/write* permissions to be able to update policy initiatives (sets of policies) in Azure. @@ -36,9 +37,11 @@ BigAnimal does not customize your Azure policies to prevent conflicts with exter You're now ready to monitor, identify, and remediate non-compliant resources to improve the compliance state of the resources in your subscription. -### Customizable policy definition parameters +#### Customizable policy definition parameters + +While customizing Azure policies, refer to the following list of recommended parameters and values that are based on BigAnimal's resource configurations. -You can customize the following parameters in your baseline Azure policies. Use the values below each parameter while configuring the default ASC policy of a subscription. +Use the values below each parameter while configuring the default ASC policy of a subscription. !!! Note @@ -137,7 +140,11 @@ You can customize the following parameters in your baseline Azure policies. Use ### Other recommendations from Microsoft Defender for Cloud -You might still see recommendations from Microsoft Defender for Cloud even after customizing your policies and remediating non-compliant resources. See the following sections to understand why Microsoft raises the following alerts. +Microsoft Defender for Cloud (which now includes Azure Secure Center and Azure Defender) analyzes the configurations of your Azure resources to identify potential vulnerabilities. + +You might still see recommendations from Microsoft Defender for Cloud even after customizing your policies and remediating non-compliant resources. See the following sections to understand why Microsoft raises the following recommendations. + +#### Restrict unauthorized network access - **Usage of host networking and ports should be restricted** @@ -149,6 +156,8 @@ You might still see recommendations from Microsoft Defender for Cloud even after If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). +#### Manage access and permissions + - **Privileged containers should be avoided** BigAnimal must run some containers in the privileged mode for control plane functionality, such as securing and monitoring the application. @@ -169,6 +178,8 @@ You might still see recommendations from Microsoft Defender for Cloud even after To enable some monitoring capabilities for Kubernetes, BigAnimal must run some containers that may allow privilege escalation. +#### Implement security best practices + - **Kubernetes clusters should disable automounting API credentials** Microsoft recommends disabling automounting API credentials to prevent a potentially compromised pod from running API commands against a Kubernetes cluster. From 28a7cb337079257772a7165f950d90f6593ca093 Mon Sep 17 00:00:00 2001 From: Moiz Nalwalla Date: Mon, 7 Mar 2022 18:03:47 +0530 Subject: [PATCH 16/34] Addressed comments from Ben --- .../04_customizing_policy_ definitions.mdx | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index bc7068c8dea..d10746432cb 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -9,7 +9,7 @@ Azure Policies help you monitor, identify, and remediate non-compliant resources ### Customize default policy definitions in Azure -Manually perform the following steps in each of your Azure subscriptions: +In each of your BigAnimal-enabled Azure subscriptions, manually perform the following steps: !!! Note You require *Microsoft.Authorizations/PolicyAssignments/write* permissions to be able to update policy initiatives (sets of policies) in Azure. @@ -50,6 +50,8 @@ Use the values below each parameter while configuring the default ASC policy of - **Allowed service ports list in Kubernetes cluster**: + Restrict services to listen only on ports used by BigAnimal, to secure access to the Kubernetes clusters. BigAnimal uses the following ports to send data requests to Kubernetes clusters: + ```js ["5432", "9402", "443", "8080", "9090", "3000", "8443", "9443", "9100", "9201", "8088"] @@ -58,6 +60,8 @@ Use the values below each parameter while configuring the default ASC policy of - **Allowed AppArmor profiles**: +To limit container actions, BigAnimal recommends you to use the default AppArmor security profile. + ```js ["runtime/default"] ``` @@ -65,6 +69,9 @@ Use the values below each parameter while configuring the default ASC policy of - **Allowed capabilities**: +Restrict the capabilities to reduce the attack surface of containers in a Kubernetes cluster. +BigAnimal runs containers with very limited capability. + ```js ["FOWNER"] ``` @@ -72,16 +79,22 @@ Use the values below each parameter while configuring the default ASC policy of - **Max allowed memory bytes in Kubernetes cluster**: +Enforce the following container memory resource limits to prevent resource exhaustion attacks in a Kubernetes cluster: + `6Gi` - **Max allowed CPU units in Kubernetes cluster**: +Enforce the following container CPU resource limits to prevent resource exhaustion attacks in a Kubernetes cluster: + `2` - **Allowed host paths for pod in Kubernetes cluster**: +Limit pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. BigAnimal recommends the following: + ```js { "paths": [ @@ -152,7 +165,7 @@ You might still see recommendations from Microsoft Defender for Cloud even after - **Virtual networks should be protected by Azure Firewall** - BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group whitelists to specify permissible inbound and outbound traffic. + BigAnimal does not enable the Azure Firewall. Instead, BigAnimal uses Azure Network Security Group allowlists to specify permissible inbound and outbound traffic. If your organization requires an Azure Firewall for compliance purposes, contact [support@biganimal.com](mailto:support@biganimal.com). @@ -160,7 +173,7 @@ You might still see recommendations from Microsoft Defender for Cloud even after - **Privileged containers should be avoided** - BigAnimal must run some containers in the privileged mode for control plane functionality, such as securing and monitoring the application. + BigAnimal must run some containers in the privileged mode for control plane functionality, such as securing and monitoring the application. The privileged containers never have inbound network access. - **Immutable (read-only) root filesystem should be enforced for containers** From 8d6e08d446836152c2a40424815877328aad60aa Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Mon, 14 Mar 2022 08:45:02 -0400 Subject: [PATCH 17/34] attempt on adjusting recommendation/requirement language --- .../04_customizing_policy_ definitions.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index d10746432cb..a828a4c094b 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -173,11 +173,11 @@ You might still see recommendations from Microsoft Defender for Cloud even after - **Privileged containers should be avoided** - BigAnimal must run some containers in the privileged mode for control plane functionality, such as securing and monitoring the application. The privileged containers never have inbound network access. + Running containers as root user should be avoided, but to achieve some management functionality like securing and monitoring the application, it is necessary for BigAnimal to run some containers in privileged mode. - **Immutable (read-only) root filesystem should be enforced for containers** - Some BigAnimal containers must run with a read-only root filesystem for control plane functionality. This capability is necessary, for example, to use system calls to secure and monitor the BigAnimal application. + Running containers with a read-only root filesystem should be avoided, but for BigAnimal to achieve some control plane functionality, it is necessary. For example, for BigAnimal to use system calls to secure and monitor the BigAnimal application it is necessary to run containers with a read-only root filesystem. - **Running containers as root user should be avoided** From 458923f7334a341eac8470a7cb8655703fb73e61 Mon Sep 17 00:00:00 2001 From: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> Date: Fri, 25 Mar 2022 06:09:31 -0400 Subject: [PATCH 18/34] Update product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx Co-authored-by: Benjamin Anderson <79652654+ba-edb@users.noreply.github.com> --- .../04_customizing_policy_ definitions.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index a828a4c094b..3bd48688aec 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -50,7 +50,7 @@ Use the values below each parameter while configuring the default ASC policy of - **Allowed service ports list in Kubernetes cluster**: - Restrict services to listen only on ports used by BigAnimal, to secure access to the Kubernetes clusters. BigAnimal uses the following ports to send data requests to Kubernetes clusters: +BigAnimal runs services on several ports in Kubernetes clusters in your cloud account in order to provide the BigAnimal services. The following ports must be allowed: ```js ["5432", "9402", "443", "8080", From deea8a29a2a510d431622850038182816a626945 Mon Sep 17 00:00:00 2001 From: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> Date: Fri, 25 Mar 2022 06:09:47 -0400 Subject: [PATCH 19/34] Update product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx Co-authored-by: Benjamin Anderson <79652654+ba-edb@users.noreply.github.com> --- .../04_customizing_policy_ definitions.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index 3bd48688aec..94a53fd676f 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -60,7 +60,7 @@ BigAnimal runs services on several ports in Kubernetes clusters in your cloud ac - **Allowed AppArmor profiles**: -To limit container actions, BigAnimal recommends you to use the default AppArmor security profile. +BigAnimal requires the `runtime/default` AppArmor security profile to properly function: ```js ["runtime/default"] From 4c654d706d6e23f46f433bd21ebc6a3339626171 Mon Sep 17 00:00:00 2001 From: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> Date: Fri, 25 Mar 2022 06:10:15 -0400 Subject: [PATCH 20/34] Update product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx Co-authored-by: Benjamin Anderson <79652654+ba-edb@users.noreply.github.com> --- .../04_customizing_policy_ definitions.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index 94a53fd676f..68892aa84b4 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -70,7 +70,7 @@ BigAnimal requires the `runtime/default` AppArmor security profile to properly f - **Allowed capabilities**: Restrict the capabilities to reduce the attack surface of containers in a Kubernetes cluster. -BigAnimal runs containers with very limited capability. +BigAnimal generally runs containers with very limited capability to limit the attack surface of Kubernetes clusters, but requires some capabilities to function: ```js ["FOWNER"] From 8bdb1d4013ce2fa8c00b37651d83b98f803397c6 Mon Sep 17 00:00:00 2001 From: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> Date: Fri, 25 Mar 2022 06:10:59 -0400 Subject: [PATCH 21/34] Update product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx Co-authored-by: Benjamin Anderson <79652654+ba-edb@users.noreply.github.com> --- .../04_customizing_policy_ definitions.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index 68892aa84b4..4f2233ac1c0 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -93,7 +93,7 @@ Enforce the following container CPU resource limits to prevent resource exhausti - **Allowed host paths for pod in Kubernetes cluster**: -Limit pod HostPath volume mounts to the allowed host paths in a Kubernetes Cluster. BigAnimal recommends the following: +BigAnimal requires the following `HostPath` mounts to function properly: ```js { From cbb452cf89b311521a39a60e19b46992a262db02 Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Sun, 3 Apr 2022 06:56:43 -0400 Subject: [PATCH 22/34] removed sections --- .../04_customizing_policy_ definitions.mdx | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index 4f2233ac1c0..82776c55e66 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -76,21 +76,6 @@ BigAnimal generally runs containers with very limited capability to limit the at ["FOWNER"] ``` - -- **Max allowed memory bytes in Kubernetes cluster**: - -Enforce the following container memory resource limits to prevent resource exhaustion attacks in a Kubernetes cluster: - - `6Gi` - - -- **Max allowed CPU units in Kubernetes cluster**: - -Enforce the following container CPU resource limits to prevent resource exhaustion attacks in a Kubernetes cluster: - - `2` - - - **Allowed host paths for pod in Kubernetes cluster**: BigAnimal requires the following `HostPath` mounts to function properly: From 0d23c11c00cf3948b6a3c76984b6823ad028c6f9 Mon Sep 17 00:00:00 2001 From: Betsy Gitelman <93718720+ebgitelman@users.noreply.github.com> Date: Thu, 7 Apr 2022 16:04:45 -0400 Subject: [PATCH 23/34] Edit of ODBC doc --- .../03_odbc_13.1.0.01_rel_notes.mdx | 2 +- .../05_odbc_13.0.0.01_rel_notes.mdx | 2 +- .../13/01_odbc_rel_notes/index.mdx | 6 +- .../13/02_requirements_overview.mdx | 4 +- .../01_installing_edb-odbc.mdx | 38 +- .../13/03_edb-odbc_overview/index.mdx | 16 +- .../13/04_creating_a_data_source.mdx | 14 +- .../13/05_edb-odbc_connection_properties.mdx | 361 ++++----- .../13/06_edb-odbc_driver_functionality.mdx | 707 +++++++++--------- .../13/07_scram_compatibility.mdx | 4 +- product_docs/docs/odbc_connector/13/index.mdx | 4 +- 11 files changed, 534 insertions(+), 624 deletions(-) diff --git a/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/03_odbc_13.1.0.01_rel_notes.mdx b/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/03_odbc_13.1.0.01_rel_notes.mdx index cf90dbd0d4d..229c53b5728 100644 --- a/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/03_odbc_13.1.0.01_rel_notes.mdx +++ b/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/03_odbc_13.1.0.01_rel_notes.mdx @@ -7,7 +7,7 @@ EDB ODBC Connector 13.01.0000.01 includes the following upstream merge: | Type | Description | | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Upstream Merge | Merged with the upstream community driver version 13.01.0000. See the community [Release notes](https://odbc.postgresql.org/docs/release.html) for details. | +| Upstream merge | Merged with the upstream community driver version 13.01.0000. See the community [Release notes](https://odbc.postgresql.org/docs/release.html) for details. | diff --git a/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/05_odbc_13.0.0.01_rel_notes.mdx b/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/05_odbc_13.0.0.01_rel_notes.mdx index e14e694f6f6..d4e6a91a005 100644 --- a/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/05_odbc_13.0.0.01_rel_notes.mdx +++ b/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/05_odbc_13.0.0.01_rel_notes.mdx @@ -6,4 +6,4 @@ EDB ODBC Connector 13.00.0000.01 includes the following upstream merge: | Type | Description | | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Upstream Merge | Merged with the upstream community driver version 13.00.0000. See the community [Release notes](https://odbc.postgresql.org/docs/release.html) for details. | +| Upstream merge | Merged with the upstream community driver version 13.00.0000. See the community [Release notes](https://odbc.postgresql.org/docs/release.html) for details. | diff --git a/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/index.mdx b/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/index.mdx index 6453eda4910..da3c3a84a9f 100644 --- a/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/index.mdx +++ b/product_docs/docs/odbc_connector/13/01_odbc_rel_notes/index.mdx @@ -1,12 +1,12 @@ --- -title: "Release Notes" +title: "Release notes" --- The ODBC JDBC connector documentation describes version 13 of the ODBC JDBC connector. -Release notes describe what is new in a release. When a minor or patch release introduces new functionality, indicators in the content identify which version introduced the new feature. +Release notes describe what's new in a release. When a minor or patch release introduces new functionality, indicators in the content identify the version that introduced the new feature. -| Version | Release Date | +| Version | Release date | | ----------------------------------------- | ------------ | | [13.01.0000.02](01_odbc_13.1.0.02_rel_notes) | 2021 Dec 12 | | [13.01.0000.01](03_odbc_13.1.0.01_rel_notes) | 2021 Sep 14 | diff --git a/product_docs/docs/odbc_connector/13/02_requirements_overview.mdx b/product_docs/docs/odbc_connector/13/02_requirements_overview.mdx index eb3ad23b2e0..01e04ee6105 100644 --- a/product_docs/docs/odbc_connector/13/02_requirements_overview.mdx +++ b/product_docs/docs/odbc_connector/13/02_requirements_overview.mdx @@ -1,11 +1,11 @@ --- -title: "Requirements Overview" +title: "Requirements overview" --- This table lists the latest ODBC Connector versions and their supported corresponding EDB Postgres Advanced Server (EPAS) versions. See [Product Compatibility](https://www.enterprisedb.com/platform-compatibility#epas) for details. -| JDBC Connector | EPAS 14 | EPAS 13 | EPAS 12 | EPAS 11 | EPAS 10 | +| ODBC Connector | EPAS 14 | EPAS 13 | EPAS 12 | EPAS 11 | EPAS 10 | | ----------------------------------------- | ------- | ------- | ------- | ------- | ------- | | [13.01.0.02](01_odbc_13.1.0.02_rel_notes) | Y | Y | Y | Y | Y | | [13.01.0.01](03_odbc_13.1.0.01_rel_notes) | N | Y | Y | Y | Y | diff --git a/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/01_installing_edb-odbc.mdx b/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/01_installing_edb-odbc.mdx index 3b6bcd7191d..85d6570cc7a 100644 --- a/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/01_installing_edb-odbc.mdx +++ b/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/01_installing_edb-odbc.mdx @@ -1,11 +1,11 @@ --- -title: "Installing EDB-ODBC" +title: "Installing the EDB ODBC Connector" --- The EDB ODBC Connector is distributed and installed with the EDB Postgres Advanced Server graphical or RPM installer. -## Installing the Connector with an RPM Package +## Installing the Connector with an RPM package You can install the ODBC Connector using an RPM package on the following platforms: @@ -44,7 +44,7 @@ After receiving your repository credentials you can: 2. Modify the file, providing your user name and password. 3. Install `edb-odbc`. -**Creating a Repository Configuration File** +**Creating a repository configuration file** To create the repository configuration file, assume superuser privileges, and invoke the following command: @@ -123,7 +123,7 @@ After receiving your repository credentials you can: 2. Modify the file, providing your user name and password. 3. Install the ODBC Connector. -**Creating a Repository Configuration File** +**Creating a repository configuration file** To create the repository configuration file, assume superuser privileges, and invoke the following command: @@ -191,7 +191,7 @@ After receiving your repository credentials you can: 2. Modify the file, providing your user name and password. 3. Install `edb-odbc`. -**Creating a Repository Configuration File** +**Creating a repository configuration file** To create the repository configuration file, assume superuser privileges, and invoke the following command: @@ -244,7 +244,7 @@ To log in as a superuser: sudo su - ``` -#### Setting up the Repository +#### Setting up the repository 1. To register with EDB to receive credentials for the EDB repository, visit: [Repository Access Request](https://www.enterprisedb.com/repository-access-request). @@ -284,7 +284,7 @@ sudo su - dnf -qy module disable postgresql ``` -#### Installing the Package +#### Installing the package ```shell dnf -y install edb-odbc @@ -317,7 +317,7 @@ After receiving your repository credentials you can: 2. Modify the file, providing your user name and password. 3. Install `edb-odbc`. -**Creating a Repository Configuration File** +**Creating a repository configuration file** To create the repository configuration file, assume superuser privileges, and invoke the following command: @@ -383,7 +383,7 @@ After receiving your repository credentials you can: 2. Modify the file, providing your user name and password. 3. Install `edb-odbc`. -**Creating a Repository Configuration File** +**Creating a repository configuration file** To create the repository configuration file, assume superuser privileges, and invoke the following command: @@ -421,7 +421,7 @@ When you install an RPM package that is signed by a source that is not recognize During the installation, yum may encounter a dependency that it cannot resolve. If it does, it will provide a list of the required dependencies that you must manually resolve. -### Updating an RPM Installation +### Updating an RPM installation If you have an existing EDB ODBC connector RPM installation, you can use yum or dnf to upgrade your repository configuration file and update to a more recent product version. To update the `edb.repo` file, assume superuser privileges and enter: @@ -447,7 +447,7 @@ yum or dnf will update the `edb.repo` file to enable access to the current EDB r `dnf upgrade edb-odbc-devel` -## Installing the Connector on an SLES Host +## Installing the Connector on an SLES host You can install the ODBC Connector on the following SLES platforms: @@ -497,7 +497,7 @@ sudo su - Before setting up the repository, you need to register with EDB. To receive credentials for the EDB repository, visit: [Repository Access Request](https://www.enterprisedb.com/repository-access-request). -#### Setting up the Repository +#### Setting up the repository Setting up the repository is a one time task. If you have already set up your repository, you do not need to perform these steps. @@ -522,7 +522,7 @@ SUSEConnect -p PackageHub/15.3/x86_64 zypper refresh ``` -#### Installing the Package +#### Installing the package ```shell zypper -n install edb-odbc @@ -544,7 +544,7 @@ sudo su - Before setting up the repository, you need to register with EDB. To receive credentials for the EDB repository, visit: [Repository Access Request](https://www.enterprisedb.com/repository-access-request). -#### Setting up the Repository +#### Setting up the repository Setting up the repository is a one time task. If you have already set up your repository, you do not need to perform these steps. @@ -570,7 +570,7 @@ SUSEConnect -p sle-sdk/12.5/ppc64le zypper refresh ``` -#### Installing the Package +#### Installing the package ```shell zypper -n install edb-odbc @@ -593,7 +593,7 @@ sudo su - Before setting up the repository, you need to register with EDB. To receive credentials for the EDB repository, visit: [Repository Access Request](https://www.enterprisedb.com/repository-access-request). -#### Setting up the Repository +#### Setting up the repository Setting up the repository is a one time task. If you have already set up your repository, you do not need to perform these steps. @@ -618,14 +618,14 @@ SUSEConnect -p PackageHub/15.3/ppc64le zypper refresh ``` -#### Installing the Package +#### Installing the package ```shell zypper -n install edb-odbc ``` -## Installing the Connector on a Debian or Ubuntu Host +## Installing the Connector on a Debian or Ubuntu host To install a DEB package on a Debian or Ubuntu host, you must have credentials that allow access to the EDB repository. To request credentials for the repository, visit the [EDB website](https://www.enterprisedb.com/repository-access-request/). @@ -684,7 +684,7 @@ The following steps will walk you through on using the EDB apt repository to ins apt-get install edb-odbc-dev ``` -## Using the Graphical Installer to Install the Connector +## Using the graphical installer to install the connector You can use the EDB Connectors Installation wizard to add the ODBC connector to your system; the wizard is available at the [EDB website](https://www.enterprisedb.com/software-downloads-postgres/). diff --git a/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/index.mdx b/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/index.mdx index 7418e439eea..13eeca4754b 100644 --- a/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/index.mdx +++ b/product_docs/docs/odbc_connector/13/03_edb-odbc_overview/index.mdx @@ -1,20 +1,20 @@ --- -title: "EDB-ODBC Overview" +title: "EDB ODBC Connector overview" --- -EDB ODBC is an interface that allows an ODBC compliant client application to connect to an Advanced Server database. The EDB-ODBC connector allows an application that was designed to work with other databases to run on Advanced Server; EDB ODBC provides a way for the client application to establish a connection, send queries and retrieve results from Advanced Server. +EDB ODBC Connector is an interface that allows an ODBC-compliant client application to connect to an EDB Postgres Advanced Server database. The EDB ODBC Connector allows an application that was designed to work with other databases to run on EDB Postgres Advanced Server. The ODBC Connector provides a way for the client application to establish a connection, send queries, and retrieve results from EDB Postgres Advanced Server. -While EDB ODBC provides a level of application portability, it should be noted that the portability is limited; EDB ODBC provides a connection, but does not guarantee command compatibility. Commands that are acceptable in another database, may not work in Advanced Server. +While ODBC Connector provides a level of application portability, the portability is limited. It provides a connection but doesn't guarantee command compatibility. Commands that are acceptable in another database might not work in EDB Postgres Advanced Server. The major components in a typical ODBC application are: -- The client application - written in a language that has a binding for ODBC -- The ODBC Administrator - handles named connections for Windows or Linux -- The database specific ODBC driver - EDB ODBC -- The ODBC compliant server - EDB Postgres Advanced Server +- The client application written in a language that has a binding for ODBC +- The ODBC Administrator, which handles named connections for Windows or Linux +- The database-specific ODBC driver (ODBC Connector) +- The ODBC-compliant server (EDB Postgres Advanced Server) -Client applications can be written in any language that has a binding for ODBC; C, MS-Access, and C++ are just a few. +You can write client applications in any language that has a binding for ODBC. C, MS-Access, and C++ are just a few.
diff --git a/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx b/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx index 48880285948..cb692745fbe 100644 --- a/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx +++ b/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx @@ -1,17 +1,17 @@ --- -title: "Creating a Data Source" +title: "Creating a data source" --- -When a client application tries to establish a connection with a server, it typically provides a data source name (also known as a "DSN"). The driver manager looks through the ODBC configuration database for a data source whose name matches the DSN provided by the application. +When a client application tries to establish a connection with a server, it typically provides a data source name (DSN). The driver manager looks through the ODBC configuration database for a data source whose name matches the DSN provided by the application. -On a Linux or Unix host, data sources are defined in a file; that file is usually named /etc/odbc.ini, but the name (and location) may vary. Use the following command to find out where unixODBC is searching for data source definitions: +On a Linux or Unix host, data sources are defined in a file usually named `/etc/odbc.ini`. The name and location can vary. Use the following command to find out where unixODBC is searching for data source definitions: `$ odbc_config --odbcini --odbcinstini` On a Windows host, data sources are typically defined in the Windows registry. -You can also store a data source definition (called a "File DSN") in a plain-text file of your choice. A typical data source definition for the EDB-ODBC driver looks like this: +You can also store a data source definition, called a File DSN, in a plain-text file. A typical data source definition for the EDB-ODBC driver looks like this: ```text $ cat /etc/odbc.ini @@ -27,8 +27,6 @@ Password = manager Port = 5444 ``` -The first line in the data source is the data source name. The name is a unique identifier, enclosed in square brackets. The data source name is followed by a series of `'keyword=value'` pairs that identify individual connection properties that make up the data source. +The first line in the data source is the data source name. The name is a unique identifier, enclosed in square brackets. The data source name is followed by a series of `keyword=value` pairs that identify individual connection properties that make up the data source. -The ODBC administrator utility creates named data sources for ODBC connections. In most cases, an ODBC administrator utility is distributed with the operating system (if you’re using Windows or unixODBC, the tool is called the `ODBC Data Source Administrator`). If your operating system doesn’t include an ODBC administrator, third-party options are available online. - -Sections `Adding a Data Source Definition in Windows` and `Adding a Data Source Definition in Linux` walk you through adding a data source in Windows and Linux using the graphical tools available for each operating system. During the process of defining a data source, you’ll be asked to specify a set of connection properties. Section `EDB-ODBC Connection Properties` contains information about `optional` data source connection properties; you can specify connection properties with graphical tools or edit the `odbc.ini` file with a text editor. +The ODBC Administrator utility creates named data sources for ODBC connections. In most cases, an ODBC Administrator utility is distributed with the operating system. If you’re using Windows or unixODBC, the tool is called the ODBC Data Source Administrator. If your operating system doesn’t include an ODBC Administrator, third-party options are available online. diff --git a/product_docs/docs/odbc_connector/13/05_edb-odbc_connection_properties.mdx b/product_docs/docs/odbc_connector/13/05_edb-odbc_connection_properties.mdx index cd8dab228a2..ceae6fa7093 100644 --- a/product_docs/docs/odbc_connector/13/05_edb-odbc_connection_properties.mdx +++ b/product_docs/docs/odbc_connector/13/05_edb-odbc_connection_properties.mdx @@ -1,15 +1,15 @@ --- -title: "EDB-ODBC Connection Properties" +title: "EDB-ODBC connection properties" --- -The following table describes the connection properties that you can specify through the dialogs in the graphical connection manager tools, or in the `odbc.ini` file that defines a named data source. The columns identify the connection property (as it appears in the ODBC Administrator dialogs), the corresponding keyword (as it appears in the `odbc.ini` file), the default value of the property, and a description of the connection property. +The following table describes the connection properties that you can specify through the dialog boxes in the graphical connection manager tools or in the `odbc.ini` file that defines a named data source. The columns identify the connection property (as it appears in the ODBC Administrator dialogs), the corresponding keyword (as it appears in the `odbc.ini` file), the default value of the property, and a description of the connection property. | Property | Keyword name | Default value | Description | | ----------------------------------------- | ----------------------------------------------------- | ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Database | Database | None | The name of the database to which you are connecting. | +| Database | Database | None | The name of the database to which you're connecting. | | Driver | Driver | EDB-ODBC | The name of the ODBC driver. | -| Server | Servername | Localhost | The name or IP address of the server that you are connecting to. | +| Server | Servername | Localhost | The name or IP address of the server that you're connecting to. | | dbms_name | dbms_name | EnterpriseDB | Database system. Either EnterpriseDB or PostgreSQL. | | Description | Description | | Descriptive name of the data source. | | User Name | Username | | The name of the user that this data source uses to connect to the server. | @@ -17,281 +17,214 @@ The following table describes the connection properties that you can specify thr | CPTimeout | CPTimeout | 0 | Number of seconds before a connection times out (in a connection pooling environment). | | Port | Port | 5444 | The TCP port that the postmaster is listening on. | | Protocol | Protocol | 7.4 | If specified, forces the driver to use the given protocol version. | -| Level of Rollback on Errors | Use the Protocol option to specify rollback behavior. | Transaction Level | Specifies how the driver handles errors:

0 - Don't rollback

1 - Rollback the transaction

2 - Rollback the statement | +| Level of Rollback on Errors | Use the `Protocol` option to specify rollback behavior. | Transaction Level | Specifies how the driver handles errors:

0 - Don't roll back

1 - Roll back the transaction

2 - Roll back the statement | | Usage Count | UsageCount | 1 | The number of installations using this driver. | | Read Only | ReadOnly | No | Specifies that the connection is READONLY. | -| Show System Tables | ShowSystemTables | No | If enabled, the driver reports system tables in the result set of the SQLTables() function. | -| OID Options: Show Column | ShowOidColumn | No | If enabled, the SQLColumns() function reports the OID column. | -| OID Options: Fake Index | FakeOidIndex | No | If enabled, the SQLStatistics() function reports that a unique index exists on each OID column. | +| Show System Tables | ShowSystemTables | No | If enabled, the driver reports system tables in the result set of the `SQLTables()` function. | +| OID Options: Show Column | ShowOidColumn | No | If enabled, the `SQLColumns()` function reports the OID column. | +| OID Options: Fake Index | FakeOidIndex | No | If enabled, the `SQLStatistics()` function reports that a unique index exists on each OID column. | | Keyset Query Optimization | Ksqo | On | If enabled, enforces server-side support for keyset queries (generated by the MS Jet database engine). | -| Recognize Unique Indexes | UniqueIndex | On | If enabled, the SQLStatistics() function will report unique indexes. If not enabled, the SQLStatistics() function reports that indexes allow duplicate values. | -| Use Declare/Fetch | UseDeclareFetch | Off | If enabled, the driver will use server-side cursors. To enable UseDeclareFetch, specify a value of 1; to disable UseDeclareFetch, specify a value of 0. | +| Recognize Unique Indexes | UniqueIndex | On | If enabled, the `SQLStatistics()` function reports unique indexes. If not enabled, the `SQLStatistics()` function reports that indexes allow duplicate values. | +| Use Declare/Fetch | UseDeclareFetch | Off | If enabled, the driver uses server-side cursors. To enable `UseDeclareFetch`, specify a value of `1`. To disable `UseDeclareFetch`, specify a value of `0`. | | CommLog | CommLog | Off | If enabled, records all client/server traffic in a log file. | -| Parse Statements | Parse | Off | If enabled, the driver parses simple SELECT statements when you call the SQLNumResultCols(), SQLDescribeCol() or SQLColAttributes() functions. | -| Cancel as FreeStmt | CancelAsFreeStmt | Off | If enabled, the SQLCancel() function will call SQLFreeStmt(SQL_Close) on your behalf. | -| MyLog | Debug | Off | If enabled, the driver records its work in a log file. On Windows, the file name is C:m[ylog](<>)<process-id>; and on Linux the file name is /tmp/[mylog](<>)<username><process-id>.log. | -| Unknown Sizes | UnknownSizes | Maximum | Determines how the SQLDescribeCol() and SQLColAttributes() functions compute the size of a column. Specify 0 to force the driver to report the maximum size allowed for the type; specify 1 to force the driver to report an unknown length or 2 to force the driver to search the result set to find the longest value. Do not specify 2 if you have enabled UseDeclareFetch. | -| Text as LongVarchar | TextAsLongVarChar | 8190 | If enabled, the driver treats TEXT columns as if they are of type SQL_LONGVARCHAR. If disabled, the driver treats TEXT columns as SQL_VARCHAR values. | -| Unknown as Long Varchar | LongVarChar | False | If enabled, the driver treats values of unknown type as SQL_LONGVARCHAR values. If unchecked, the driver will treat values of unknown type as SQL_VARCHAR values. By default, values of unknown type are treated as Y values. | -| Bools as Char | BoolsAsChar | On | If enabled, the driver treats BOOL columns as SQL_CHAR values. If disabled, BOOL columns are treated as SQL_BIT values. | -| Max Varchar | MaxVarcharSize | 255 | If enabled, the driver treats VARCHAR and BPCHAR values longer than MaxVarCharSize as SQL_LONGVARCHAR values | -| Max Long Varchar Size | MaxLongVarcharSize | 8190 | If TextAsLongVarChar is on, the driver reports TEXT values are MaxLongVarcharSize bytes long.

If UnknownAsLongVarChar is on, columns of unknown type are MaxLongVarcharSize bytes long; otherwise, they are reported to be MaxVarcharSize bytes in length. | -| Cache Size | Fetch | 100 | Determines the number of rows fetched by the driver when UseDeclareFetch is enabled. | -| SysTable Prefixes | ExtraSysTablePrefixes | [dd](<>); | Use the SysTablePrefixes field to specify a semi-colon delimited list of prefixes that indicate that a table is a system table. By default, the list contains [dd](<>);. | -| Cumulative Row Count for Insert | MapSqlParcNoBatch | Off/0 | If enabled, the SQLRowCount() function will return a single, cumulative row count for the entire array of parameter settings for an INSERT statement. If disabled, an individual row count will be returned for each parameter setting. By default, this option is disabled. | -| LF<-> CR/LF conversion | LFConversion | System Dependent | The LF<->CR/LF conversion option instructs the driver to convert line-feed characters to carriage-return/line-feed pairs when fetching character values from the server and convert carriage-return/line-feed pairs back to line-feed characters when sending character values to the server. By default, this option is enabled. | -| Updatable Cursors | UpdatableCursors | Off | Permits positioned UPDATE and DELETE operations using the SQLSetPos() or SQLBulkOperations() functions. | -| Bytea as Long VarBinary | ByteaAsLongVarBinary | Off | If enabled, the driver treats BYTEA values as if they are of type SQL_LONGVARBINARY. If disabled, BYTEA values are treated as SQL_VARBINARY values. | -| Bytea as LO | ByteaAsLO | False | If enabled, the driver treats BYTEA values as if they are large objects. | -| Row versioning | RowVersioning | Off | The Row Versioning option specifies if the driver should include the xmin column when reporting the columns in a table. The xmin value is the ID of the transaction that created the row. You must use row versioning if you plan to create cursors where SQL_CONCURRENCY = SQL_CONCUR_ROWVER. | -| Disallow Premature | DisallowPremature | No/0 | Determines driver behavior if you try to retrieve information about a query without executing the query. If Yes, the driver declares a cursor for the query and fetches the meta-data from the cursor. If No, the driver executes the command as soon as you request any meta-data. | -| True is -1 | TrueIsMinus1 | Off/0 | TrueIsMinus1 tells the driver to return BOOL values of TRUE as -1. If this option is not enabled, the driver will return BOOL values of TRUE as 1. The driver always returns BOOL values of FALSE as 0. | -| Server side prepare | UseServerSidePrepare | No/0 | If enabled, the driver uses the PREPARE and EXECUTE commands to implement the Prepare/Execute model. | -| Use GSSAPI for GSS request | GssAuthUseGSS | False/0 | If set to True/1, the driver will send a GSSAPI authentication request to the server. Windows only. | -| Int8 As | BI | 0 | The value of BI determines how the driver treats BIGINT values:

If -5 as a SQL_BIGINT,

If 2 as a SQL_NUMERIC,

If 8 as a SQL_DOUBLE,

If 4 as a SQL_INTEGER,

If 12 as a SQL_VARCHAR,

If 0 (on an MS Jet client), as a SQL_NUMERIC,

If 0 on any other client, as a SQL_BIGINT. | -| Extra options

Connect Settings | AB

ConnSettings | 0x0 | 0x1 - Forces the output of short-length formatted connection strings. Specify this option if you are using the MFC CDatabase class.

0x2 - Allows MS Access to recognize PostgreSQL's serial type as AutoNumber type.

0x4 - Return ANSI character types for the inquiries from applications. Specify this option for applications that have difficulty handling Unicode data.

0x8 - If set, NULL dates are reported as empty strings and empty strings are interpreted as NULL dates on input.

0x10 - Determines if SQLGetInfo returns information about all tables, or only accessible tables. If set, only information is returned for accessible tables.

0x20 - If set, each SQL command is processed in a separate network round-trip, otherwise, SQL commands are grouped into as few round-trips as possible to reduce network latency. Contains a semicolon-delimited list of SQL commands that are executed when the driver connects to the server. | +| Parse Statements | Parse | Off | If enabled, the driver parses simple `SELECT` statements when you call the `SQLNumResultCols()`, `SQLDescribeCol()`, or `SQLColAttributes()` functions. | +| Cancel as FreeStmt | CancelAsFreeStmt | Off | If enabled, the `SQLCancel()` function calls `SQLFreeStmt(SQL_Close)` on your behalf. | +| MyLog | Debug | Off | If enabled, the driver records its work in a log file. On Windows, the file name is `C:m[ylog](<>)`. On Linux the file name is `/tmp/[mylog](<>).log`. | +| Unknown Sizes | UnknownSizes | Maximum | Determines how the `SQLDescribeCol()` and `SQLColAttributes()` functions compute the size of a column. Specify `0` to force the driver to report the maximum size allowed for the type. Specify `1` to force the driver to report an unknown length or `2` to force the driver to search the result set to find the longest value. Don't specify `2` if you enabled `UseDeclareFetch`. | +| Text as LongVarchar | TextAsLongVarChar | 8190 | If enabled, the driver treats TEXT columns as if they are of type `SQL_LONGVARCHAR`. If disabled, the driver treats TEXT columns as `SQL_VARCHAR` values. | +| Unknown as Long Varchar | LongVarChar | False | If enabled, the driver treats values of unknown type as `SQL_LONGVARCHAR` values. If disabled, the driver treats values of unknown type as `SQL_VARCHAR` values. By default, values of unknown type are treated as `Y` values. | +| Bools as Char | BoolsAsChar | On | If enabled, the driver treats BOOL columns as `SQL_CHAR` values. If disabled, BOOL columns are treated as `SQL_BIT` values. | +| Max Varchar | MaxVarcharSize | 255 | If enabled, the driver treats `VARCHAR` and `BPCHAR` values longer than `MaxVarCharSize` as `SQL_LONGVARCHAR` values | +| Max Long Varchar Size | MaxLongVarcharSize | 8190 | If `TextAsLongVarChar` is on, the driver reports TEXT values are `MaxLongVarcharSize` bytes long.

If `UnknownAsLongVarChar` is on, columns of unknown type are `MaxLongVarcharSize` bytes long. Otherwise, they are reported to be `MaxVarcharSize` bytes in length. | +| Cache Size | Fetch | 100 | Determines the number of rows fetched by the driver when `UseDeclareFetch` is enabled. | +| SysTable Prefixes | ExtraSysTablePrefixes | [dd](<>); | Use the `SysTablePrefixes` field to specify a semicolon-delimited list of prefixes that indicate that a table is a system table. By default, the list contains `[dd](<>);`. | +| Cumulative Row Count for Insert | MapSqlParcNoBatch | Off/0 | If enabled, the `SQLRowCount()` function returns a single, cumulative row count for the entire array of parameter settings for an `INSERT` statement. If disabled, an individual row count is returned for each parameter setting. By default, this option is disabled. | +| LF<-> CR/LF conversion | LFConversion | System Dependent | The LF<->CR/LF conversion option instructs the driver to convert line-feed characters to carriage-return/line-feed pairs when fetching character values from the server and convert them back to line-feed characters when sending character values to the server. By default, this option is enabled. | +| Updatable Cursors | UpdatableCursors | Off | Permits positioned `UPDATE` and `DELETE` operations using the `SQLSetPos()` or `SQLBulkOperations()` functions. | +| Bytea as Long VarBinary | ByteaAsLongVarBinary | Off | If enabled, the driver treats BYTEA values as if they're of type `SQL_LONGVARBINARY`. If disabled, BYTEA values are treated as `SQL_VARBINARY` values. | +| Bytea as LO | ByteaAsLO | False | If enabled, the driver treats BYTEA values as if they're large objects. | +| Row versioning | RowVersioning | Off | The `Row Versioning` option specifies if the driver includes the `xmin` column when reporting the columns in a table. The `xmin` value is the ID of the transaction that created the row. You must use row versioning if you plan to create cursors where `SQL_CONCURRENCY = SQL_CONCUR_ROWVER`. | +| Disallow Premature | DisallowPremature | No/0 | Determines driver behavior if you try to retrieve information about a query without executing the query. If `Yes`, the driver declares a cursor for the query and fetches the metadata from the cursor. If `No`, the driver executes the command as soon as you request any metadata. | +| True is -1 | TrueIsMinus1 | Off/0 | `TrueIsMinus1` tells the driver to return BOOL values of TRUE as `-1`. If this option isn't enabled, the driver returns BOOL values of TRUE as `1`. The driver always returns BOOL values of FALSE as `0`. | +| Server side prepare | UseServerSidePrepare | No/0 | If enabled, the driver uses the `PREPARE` and `EXECUTE` commands to implement the Prepare/Execute model. | +| Use GSSAPI for GSS request | GssAuthUseGSS | False/0 | If set to `True/1`, the driver sends a GSSAPI authentication request to the server. Windows only. | +| Int8 As | BI | 0 | The value of `BI` determines how the driver treats `BIGINT` values:

If -5 as a `SQL_BIGINT`,

If 2 as a `SQL_NUMERIC`,

If 8 as a `SQL_DOUBLE`,

If 4 as a `SQL_INTEGER`,

If 12 as a `SQL_VARCHAR`,

If 0 (on an MS Jet client), as a `SQL_NUMERIC`,

If 0 on any other client, as a `SQL_BIGINT`. | +| Extra options

Connect Settings | AB

ConnSettings | 0x0 | 0x1 - Forces the output of short-length formatted connection strings. Specify this option if you're using the MFC CDatabase class.

0x2 - Allows MS Access to recognize PostgreSQL's serial type as AutoNumber type.

0x4 - Return ANSI character types for the inquiries from applications. Specify this option for applications that have difficulty handling Unicode data.

0x8 - If set, NULL dates are reported as empty strings and empty strings are interpreted as NULL dates on input.

0x10 - Determines if `SQLGetInfo` returns information about all tables or only accessible tables. If set, information is returned only for accessible tables.

0x20 - If set, each SQL command is processed in a separate network round trip. otherwise, SQL commands are grouped into as few round trips as possible to reduce network latency. Contains a semicolon-delimited list of SQL commands that are executed when the driver connects to the server. | | | Socket | 4096 | Specifies the buffer size that the driver uses to connect to the client. | | | Lie | Off | If enabled, the driver claims to support unsupported ODBC features. | -| Lowercase Identifier | LowerCaseIdentifier | Off | If enabled, the driver translates identifiers to lowercase. | +| Lowercase Identifier | LowerCaseIdentifier | Off | If enabled, the driver translates identifiers to lower case. | | Disable Genetic Optimizer | Optimizer | Yes/1 | Disables the genetic query optimizer. | -| Allow Keyset | UpdatableCursors | Yes/1 | Allow Keyset driven cursors | -| SSL mode | SSLMode | Disabled | If libpq (and its dependencies) are installed in the same directory as the EDB-ODBC driver, enabling SSL Mode allows you to use SSL and other utilities. | +| Allow Keyset | UpdatableCursors | Yes/1 | Allow Keyset-driven cursors | +| SSL mode | SSLMode | Disabled | If libpq (and its dependencies) are installed in the same directory as the EDB-ODBC driver, enabling SSL mode allows you to use SSL and other utilities. | | Force Abbreviated Connection String | CX | No/0 | Enables the option to force abbreviation of connection string. | -| Fake MSS | FakeOidIndex | No/0 | Impersonates MS SQL Server enabling MS Access to recognize PostgreSQL’s serial type as AutoNumber type. | -| BDE Environment | BDE | No/0 | Enabling this option tunes EDB-ODBC to cater to Borland Database Engine compliant output (related to Unicode). | -| XA_Opt | INI_XAOPT | Yes/1 | If enabled, calls to SQL_TABLES only include user-accessible tables. | +| Fake MSS | FakeOidIndex | No/0 | Impersonates MS SQL Server, enabling MS Access to recognize PostgreSQL’s serial type as AutoNumber type. | +| BDE Environment | BDE | No/0 | Enabling this option tunes EDB-ODBC to cater to Borland Database Engine-compliant output (related to Unicode). | +| XA_Opt | INI_XAOPT | Yes/1 | If enabled, calls to `SQL_TABLES` include only user-accessible tables. | -## Adding a Data Source Definition in Windows +## Adding a data source definition in Windows -The Windows ODBC `Data Source Administrator` is a graphical interface that creates named data sources. You can open the `ODBC Data Source Administrator` by navigating to the `Control Panel`, opening the `Administrative Tools` menu, and double-clicking the appropriate `ODBC Data Sources` icon (`32- or 64- bit`). +The Windows ODBC Data Source Administrator is a graphical interface that creates named data sources. To open the ODBC Data Source Administrator, in the Control Panel, open the **Administrative Tools** menu and double-click the appropriate ODBC Data Sources icon (32-bit or 64-bit). -![The Windows Data Source Administrator](images/windows_data_source_administrator.png) +Select **Add** to open the Create New Data Source dialog box. Select **EnterpriseDB (ANSI)** or **EnterpriseDB (UNICODE)** from the list of drivers and select **Finish**. -The Windows Data Source Administrator +Use the fields on the EnterpriseDB ODBC Driver dialog box to define the named data source: -Click the `Add` button to open the `Create New Data Source` dialog. Choose `EnterpriseDB (ANSI)` or `EnterpriseDB (UNICODE)` from the list of drivers and click `Finish`. +- Enter the database name in the **Database** field. +- Enter the host name or IP address of EDB Postgres Advanced Server in the **Server** field. +- Enter the name of a user in the **User Name** field. +- Enter a descriptive name for the named data source in the **Description** field. +- If libpq is installed in the same directory as the EDB-ODBC driver, the list next to the **SSL Mode** label is active, allowing you to use SSL and other EDB Postgres Advanced Server utilities. +- Accept the default port number (5444), or enter an alternative number in the **Port** field. +- Enter the password of the user in the **Password** field. -![The Create New Data Source dialog](images/create_new_data_source.png) +Select **Datasource** (located in the Options box) to open the Advanced Options dialog box and specify connection properties. -The Create New Data Source dialog +Select **Global** to open a dialog where you can specify logging options for the EDB-ODBC driver (not the data source, but the driver). -The EnterpriseDB ODBC Driver dialog opens. +- Select **Disable Genetic Optimizer** to disable the genetic query optimizer. By default, the query optimizer is on. +- Select **KSQO (Keyset Query Optimization)** to enable server-side support for keyset queries. By default, **Keyset Query Optimization** is on. +- Select **Recognize Unique Indexes** to force the `SQLStatistics()` function to report unique indexes. If the option is not selected, the `SQLStatistics()` function reports that all indexes allow duplicate values. By default, **Recognize Unique Indexes** is on. +- Select **Use Declare/Fetch** to specify for the driver to use server-side cursors whenever your application executes a `SELECT` command. By default, **Use Declare/Fetch** is off. +- Select **CommLog (C:\psqlodbc_xxxx.log)** to record all client/server traffic in a log file. By default, logging is off. +- Select **Parse Statements** to specify for the driver (rather than the server) to attempt to parse simple `SELECT` statements when you call the `SQLNumResultCols()`, `SQLDescribeCol()`, or `SQLColAttributes()` function. By default, this option is off. +- Select **Cancel as FreeStmt (Exp)** to specify for the `SQLCancel()` function to call `SQLFreeStmt(SQLClose)` on your behalf. By default, this option is off. +- Select **MyLog (C:\mylog_xxxx.log)** to record a detailed record of driver activity in a log file. The log file is named `c:\mylog\_\ *process-id*.log`. By default, logging is off. -![Define the data source](images/define_the_data_source.png) +The radio buttons in the **Unknown Sizes** box specify how the `SQLDescribeCol()` and `SQLColAttributes()` functions compute the size of a column of unknown type. -Define the data source +- Select **Maximum** to specify for the driver to report the maximum size allowed for a `VARCHAR` or `LONGVARCHAR` (dependent on the **Unknowns as LongVarChar** setting). If **Unknowns as LongVarChar** is enabled, the driver returns the maximum size of a `LONGVARCHAR` (specified in the **Max LongVarChar** field in the **Miscellaneous** box). If **Unknowns as LongVarChar** is cleared, the driver returns the size specified in the **Max VarChar** field in the **Miscellaneous** box. +- Select **Don’t know** to specify for the driver to report a length of **unknown**. +- Select **Longest** to specify for the driver to search the result set and report the longest value found. Don't specify **Longest** if **UseDeclareFetch** is enabled.) -Use the fields on the dialog to define the named data source: +The properties in the **Data Type Options** box determine how the driver treats columns of specific types: -- Enter the Database name in the `Database` field. -- Enter the host name or IP address of Advanced Server in the `Server` field. -- Enter the name of a user in the `User Name` field. -- Enter a descriptive name for the named data source in the `Description` field. -- If libpq is installed in the same directory as the EDB-ODBC driver, the drop-down listbox next to the `SSL Mode` label will be active, allowing you to use SSL and other Advanced Server utilities. -- Accept the default port number (5444), or enter an alternative number in the `Port` field. -- Enter the password of the user in the `Password` field. +- Select **Text as LongVarChar** to treat TEXT values as if they are of type `SQL_LONGVARCHAR`. If cleared, the driver treats TEXT values as `SQL_VARCHAR` values. By default, TEXT values are treated as `SQL_LONGVARCHAR` values. +- Select **Unknowns as LongVarChar** to specify for the driver to treat values of unknown type as `SQL_LONGVARCHAR` values. If cleared, the driver treats values of unknown type as `SQL_VARCHAR` values. By default, values of unknown type are treated as `SQL_VARCHAR` values. +- Select **Bools as Char** to specify for the driver to treat BOOL values as `SQL_CHAR` values. If cleared, BOOL values are treated as `SQL_BIT` values. By default, BOOL values are treated as `SQL_CHAR` values. -Use the `Datasource` button (located in the `Options` box) to open the `Advanced Options` dialog and specify connection properties. +You can specify values for some of the properties associated with the named data source in the fields in the **Miscellaneous** box: -The `Global` button opens a dialog on which you can specify logging options for the EDB-ODBC driver (not the data source, but the driver itself). +- Indicate the maximum length allowed for a `VARCHAR` value in the **Max VarChar** field. By default, this value is set to `255`. +- Enter the maximum length allowed for a `LONGVARCHAR` value in the **Max LongVarChar** field. By default, this value is set to `8190`. +- Specify the number of rows fetched by the driver (when `UseDeclareFetch` is enabled) in the **Cache Size** field. The default value is `100`. +- Use the **SysTablePrefixes** field to specify a semicolon-delimited list of prefixes that indicate that a table is a system table. By default, the list contains `dd_;`. -![Page 1 of the Advanced Options dialog](images/advanced_options_1.png) +You can reset the values on this dialog box to their default settings by selecting **Defaults**. -Page 1 of the Advanced Options dialog +Select **Apply** button to apply any changes to the data source properties. Select **OK** to apply any changes and exit. -- Check the box next to `Disable Genetic Optimizer` to disable the genetic query optimizer. By default, the query optimizer is `on`. -- Check the box next to `KSQO (Keyset Query Optimization)` to enable server-side support for keyset queries. By default, `Keyset Query Optimization` is `on`. -- Check the box next to `Recognize Unique Indexes` to force the `SQLStatistics()` function to report unique indexes; if the option is not checked, the `SQLStatistics()` function will report that all indexes allow duplicate values. By default, `Recognize Unique Indexes` is `on`. -- Check the box next to `Use Declare/Fetch` to specify that the driver should use server-side cursors whenever your application executes a `SELECT` command. By default, `Use Declare/Fetch` is `off`. -- Check the box next to `CommLog (C:\psqlodbc_xxxx.log)` to record all client/server traffic in a log file. By default, logging is `off`. -- Check the box next to `Parse Statements` to specify that the driver (rather than the server) should attempt to parse simple `SELECT` statements when you call the `SQLNumResultCols()`, `SQLDescribeCol()`, or `SQLColAttributes()` function. By default, this option is `off`. -- Check the box next to `Cancel as FreeStmt (Exp)` to specify that the `SQLCancel()` function should call `SQLFreeStmt(SQLClose)` on your behalf. By default, this option is `off`. -- Check the box next to `MyLog (C:\mylog_xxxx.log)` to record a detailed record of driver activity in a log file. The log file is named `c:\mylog\_\ *process-id*.log`. By default, logging is `off`. +Select **Page 2** (in the upper-left corner of the Advanced Options dialog box) to access a second set of advanced options. -The radio buttons in the Unknown Sizes box specify how the `SQLDescribeCol()` and `SQLColAttributes()` functions compute the size of a column of unknown type (see Section `Supported Data Types` for a list of known data types). +- Select **Read Only** to prevent the driver from executing the following commands: `INSERT`, `UPDATE`, `DELETE`, `CREATE`, `ALTER`, `DROP`, `GRANT`, `REVOKE` or `LOCK`. Invoking the **Read Only** option also prevents any calls that use ODBC’s procedure call escape syntax (`call=procedure-name?`). By default, this option is off. +- Select **Show System Tables** to include system tables in the result set of the `SQLTables()` function. If the option is enabled, the driver includes any table whose name starts with `pg\_` or any of the prefixes listed in the **SysTablePrefixes** field of Page 1 of the Advanced Options dialog box. By default, this option is off. +- Select **Show sys/dbo Tables [Access]** to access objects in the `sys` schema and `dbo` schema through the ODBC data source. By default, this option is on. +- Select **Cumulative Row Count for Insert** to cause a single, cumulative row count to be returned for the entire array of parameter settings for an `INSERT` statement when a call to the `SQLRowCount()` method is performed. If this option is cleared, then an individual row count is available for each parameter setting in the array and thus a call to `SQLRowCount()` returns the count for the last inserted row. +- Select **LF<->CR/LF** conversion to instruct the driver to convert line-feed characters to carriage-return/line-feed pairs when fetching character values from the server and convert them back to line-feed characters when sending character values to the server. By default, this option is on. +- Select **Updatable Cursors** to specify for the driver to permit positioned `UPDATE` and `DELETE` operations with the `SQLSetPos()` or `SQLBulkOperations()` functions. By default, this option is on. +- Select **bytea as LO** to specify for the driver to treat `BYTEA` values as if they're `SQL_LONGVARBINARY` values. If cleared, EDB-ODBC treats `BYTEA` values as if they are `SQL_VARBINARY` values. By default, `BYTEA` values are treated as `SQL_VARBINARY` values. +- Select **Row Versioning** to include the `xmin` column when reporting the columns in a table. The `xmin` column is the ID of the transaction that created the row. You must use row versioning if you plan to create cursors where `SQL_CONCURRENCY = SQL_CONCUR_ROWVER`. By default, this option is off. +- Select **Disallow Premature** to specify for the driver to retrieve metadata about a query (the number of columns in a result set or the column types) without actually executing the query. If this option is cleared, the driver executes the query when you request metadata about the query. By default, this option is off. +- Select **True is -1** to tell the driver to return BOOL values of `True` as a `-1`. If this option is cleared, the driver returns BOOL values of `True` as `1`. The driver always returns BOOL values of `False` as `0`. +- Select **Server side prepare** to tell the driver to use the `PREPARE` and `EXECUTE` commands to implement the `Prepare/Execute` model. By default, this option is on. +- Select **use gssapi for GSS request** to instruct the driver to send a GSSAPI connection request to the server. +- Enter the database system (either `EnterpriseDB` or `PostgreSQL`) in the **dbms_name** field. The value entered here is returned in the `SQL_DBMS_NAME` argument when the `SQLGetInfo()` function is called. The default is `EnterpriseDB`. -- Choose the button next to `Maximum` to specify that the driver report the maximum size allowed for a `VARCHAR` or `LONGVARCHAR` (dependent on the `Unknowns as LongVarChar` setting). If `Unknowns as LongVarChar` is enabled, the driver returns the maximum size of a `LONGVARCHAR` (specified in the `Max LongVarChar` field in the `Miscellaneous` box). If `Unknowns as LongVarChar` is not enabled, the driver returns the size specified in the `Max VarChar` field (in the `Miscellaneous` box). -- Choose the button next to `Don’t know` to specify that the driver report a length of "unknown". -- Choose the button next to `Longest` to specify that the driver search the result set and report the longest value found. (Note: you should not specify `Longest` if `UseDeclareFetch` is enabled.) +Use the options in the **Int8 As** box to specify how the driver returns `BIGINT` values to the client. Select **default** to specify the default type of **NUMERIC** if the client is MS Jet. Select **BIGINT** if the client is any other ODBC client. You can optionally specify for the driver to return `BIGINT` values as a `bigint (SQL_BIGINT)`, `numeric (SQL_NUMERIC)`, `varchar (SQL_VARCHAR)`, `double (SQL_DOUBLE)`, or `int4 (SQL_INTEGER)`. -The properties in the `Data Type Options` box determine how the driver treats columns of specific types: - -- Check the box next to `Text as LongVarChar` to treat `TEXT` values as if they are of type `SQL_LONGVARCHAR`. If the box is not checked, the driver will treat `TEXT` values as `SQL_VARCHAR` values. By default, `TEXT` values are treated as `SQL_LONGVARCHAR` values. -- Check the box next to `Unknowns as LongVarChar` to specify that the driver treat values of unknown type as `SQL_LONGVARCHAR` values. If unchecked, the driver will treat values of unknown type as `SQL_VARCHAR` values. By default, values of unknown type are treated as `SQL_VARCHAR` values. -- Check the box next to `Bools as Char` to specify that the driver treat `BOOL` values as `SQL_CHAR` values. If unchecked, `BOOL` values are treated as `SQL_BIT` values. By default, `BOOL` values are treated as `SQL_CHAR` values. - -You can specify values for some of the properties associated with the named data source in the fields in the `Miscellaneous` box: - -- Indicate the maximum length allowed for a `VARCHAR` value in the Max `VarChar` field. By default, this value is set to `255`. -- Enter the maximum length allowed for a `LONGVARCHAR` value in the Max `LongVarChar` field. By default, this value is set to `8190`. -- Specify the number of rows fetched by the driver (when `UseDeclareFetch` is enabled) in the `Cache Size` field. The default value is `100`. -- Use the `SysTablePrefixes` field to specify a semi-colon delimited list of prefixes that indicate that a table is a system table. By default, the list contains `dd_`;. - -You can reset the values on this dialog to their default settings by choosing the `Defaults` button. - -Click the `Apply` button to apply any changes to the data source properties, or the `Cancel` button to exit the dialog without applying any changes. Choose the `OK` button to apply any changes to the dialog and exit. - -Select the `Page 2` button (in the upper-left hand corner of the `Advanced Options` dialog) to access a second set of advanced options. - -![Page 2 of the Advanced Options dialog](images/odbc_advanced_options_2.png) - -Page 2 of the Advanced Options dialog - -- Check the box next to `Read Only` to prevent the driver from executing the following commands: `INSERT`, `UPDATE`, `DELETE`, `CREATE`, `ALTER`, `DROP`, `GRANT`, `REVOKE` or `LOCK`. Invoking the `Read Only` option also prevents any calls that use ODBC’s procedure call escape syntax (`call=procedure-name?`). By default, this option is `off`. -- Check the box next to `Show System Tables` to include system tables in the result set of the `SQLTables()` function. If the option is enabled, the driver will include any table whose name starts with `pg\_` or any of the prefixes listed in the `SysTablePrefixes` field of `Page 1` of the `Advanced Options` dialog. By default, this option is `off`. -- Check the box next to `Show sys/dbo Tables [Access]` to access objects in the `sys` schema and `dbo` schema through the ODBC data source. By default, this option is enabled (checked). -- Check the box next to `Cumulative Row Count for Insert` to cause a single, cumulative row count to be returned for the entire array of parameter settings for an `INSERT` statement when a call to the `SQLRowCount()` method is performed. If this option is not enabled (the box is not checked), then an individual row count is available for each parameter setting in the array, and thus, a call to `SQLRowCount()` returns the count for the last inserted row. -- Check the box next to `LF<->CR/LF` conversion to instruct the driver to convert line-feed characters to carriage-return/line-feed pairs when fetching character values from the server and convert carriage-return/line-feed pairs back to line-feed characters when sending character values to the server. By default, this option is enabled. -- Check the box next to `Updatable Cursors` to specify that the driver should permit positioned `UPDATE` and `DELETE` operations with the `SQLSetPos()` or `SQLBulkOperations()` functions. By default, this option is enabled. -- Check the box next to `bytea as LO` to specify that the driver should treat `BYTEA` values as if they are `SQL_LONGVARBINARY` values. If the box is not checked, EDB-ODBC will treat `BYTEA` values as if they are `SQL_VARBINARY` values. By default, `BYTEA` values are treated as `SQL_VARBINARY` values. -- Check the box next to `Row Versioning` to include the `xmin` column when reporting the columns in a table. The `xmin` column is the ID of the transaction that created the row. You must use row versioning if you plan to create cursors where `SQL_CONCURRENCY = SQL_CONCUR_ROWVER`. By default, `Row Versioning` is `off`. -- Check the box next to `Disallow Premature` to specify that the driver should retrieve meta-data about a query (i.e., the number of columns in a result set, or the column types) without actually executing the query. If this option is not specified, the driver executes the query when you request meta-data about the query. By default, `Disallow Premature` is off. -- Check the box next to `True is -1` to tell the driver to return `BOOL` values of `True` as a `-1`. If this option is not enabled, the driver will return `BOOL` values of `True` as `1`. The driver always returns `BOOL` values of `False` as `0`. -- Check the box next to `Server side prepare` to tell the driver to use the `PREPARE` and `EXECUTE` commands to implement the `Prepare/Execute` model. By default, this box is checked. -- Check the box next to `use gssapi for GSS request` to instruct the driver to send a GSSAPI connection request to the server. -- Enter the database system (either `EnterpriseDB` or `PostgreSQL`) in the `dbms_name` field. The value entered here is returned in the `SQL_DBMS_NAME` argument when the `SQLGetInfo()` function is called. The default is `EnterpriseDB`. - -Use the radio buttons in the `Int8` As box to specify how the driver should return `BIGINT` values to the client. Select the radio button next to `default` to specify the default type of `NUMERIC` if the client is MS Jet, `BIGINT` if the client is any other ODBC client. You can optionally specify that the driver return `BIGINT` values as a `bigint (SQL_BIGINT)`, `numeric (SQL_NUMERIC)`, `varchar (SQL_VARCHAR)`, `double (SQL_DOUBLE)`, or `int4 (SQL_INTEGER)`. - -The default value of the `Extra Opts` field is `0x0`. `Extra Opts` may be: +The default value of the **Extra Opts** field is `0x0`. For **Extra Opts**, you can specify the options shown in the table. | Option | Specifies | | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 0x1 | Forces the output of short-length formatted connection string. Select this option when you are using the MFC CDatabase class. | +| 0x1 | Forces the output of short-length formatted connection string. Select this option when you're using the MFC CDatabase class. | | 0x2 | Allows MS Access to recognize PostgreSQL's serial type as AutoNumber type. | -| 0x4 | Return ANSI character types for the inquiries from applications. Select this option for applications that have difficulty handling Unicode data. | -| 0x8 | If set, NULL dates are reported as empty strings and empty strings are interpreted as NULL dates on input. | -| 0x10 | Determines if SQLGetInfo returns information about all tables, or only accessible tables. If set, only information is returned for accessible tables. | -| 0x20 | If set, each SQL command is processed in a separate network round-trip, otherwise, SQL commands are grouped into as few round-trips as possible to reduce network latency. | +| 0x4 | Returns ANSI character types for the inquiries from applications. Select this option for applications that have difficulty handling Unicode data. | +| 0x8 | If set, NULL dates are reported as empty strings, and empty strings are interpreted as NULL dates on input. | +| 0x10 | Determines if `SQLGetInfo` returns information about all tables or only accessible tables. If set, information is returned only for accessible tables. | +| 0x20 | If set, each SQL command is processed in a separate network round trip. Otherwise, SQL commands are grouped into as few round trips as possible to reduce network latency. | -The `Protocol` box contains radio buttons that tell the driver to interact with the server using a specific front-end/back-end protocol version. By default, the `Protocol` selected is `7.4+`; you can optionally select from versions `6.4+`, `6.3` or `6.2`. +The **Protocol** box contains options that tell the driver to interact with the server using a specific front-end/back-end protocol version. By default, the protocol selected is **7.4+**. You can optionally select from versions **6.4+**, **6.3**, or **6.2**. -The `Level of Rollback on errors` box contains radio buttons that specify how the driver handles error handling: +The **Level of Rollback on Errors** box contains options that specify how the driver handles error handling. | Option | Specifies | | ----------- | -------------------------------------------------------------------------------------------------------------------------- | -| Transaction | If the driver encounters an error, it will rollback the current transaction. | -| Statement | If the driver encounters an error, it will rollback the current statement. | -| Nop | If the driver encounters an error, you must manually rollback the current transaction before the application can continue. | +| Transaction | If the driver encounters an error, it rolls back the current transaction. | +| Statement | If the driver encounters an error, it rolls back the current statement. | +| Nop | If the driver encounters an error, you must manually roll back the current transaction before the application can continue. | -The `OID Options` box contains options that control the way the driver exposes the OID column contained in some tables: +The **OID Options** box contains options that control the way the driver exposes the OID column contained in some tables: -- Check the box next to `Show Column` to include the `OID` column in the result set of the `SQLColumns()` function. If this box is not checked, the `OID` column is hidden from `SQLColumns()`. -- Check the box next to `Fake Columns` to specify that the `SQLStatistics()` function should report that a unique index exists on each `OID` column. +- Select **Show Column** to include the `OID` column in the result set of the `SQLColumns()` function. If cleared, the `OID` column is hidden from `SQLColumns()`. +- Select **Fake Columns** to specify for the `SQLStatistics()` function to report that a unique index exists on each `OID` column. -Use the `Connect Settings` field to specify a list of parameter assignments that the driver will use when opening this connection. Any configuration parameter that you can modify with a `SET` statement can be included in the semi-colon delimited list. For example: +Use the **Connect Settings** field to specify a list of parameter assignments for the driver to use when opening this connection. Any configuration parameter that you can modify with a `SET` statement can be included in the semicolon-delimited list. For example: `set search_path to company1,public;` -When you’ve defined the connection properties for the named data source, click the `Apply` button to apply the options; you can optionally exit without saving any options by choosing `Cancel`. Select the `OK` button to save the options and exit. - -Choose the `Global` button (on the `EnterpriseDB ODBC Driver` dialog) to open the `Global Settings` dialog. The options on this dialog control logging options for the EDB-ODBC driver. Use this dialog to enforce logging when the driver is used without a named data source, or for logging driver operations that occur before the connection string is parsed. - -![The Global Settings dialog](images/global_settings.png) +After you define the connection properties for the named data source, select **Apply** to apply the options. Select **OK** to save the options and exit. -The Global Settings dialog +Select **Global** (on the EnterpriseDB ODBC Driver dialog box) to open the Global Settings dialog box. The options on this dialog box control logging options for the EDB-ODBC driver. Use this dialog box to enforce logging when the driver is used without a named data source or for logging driver operations that occur before the connection string is parsed. -- Check the box next to the `CommLog` field to record all client/server traffic in a log file. The logfile is named `C:\psqlodbc_process-id` where `process-id` is the name of the process in use. -- Check the box next to the `Mylog` field to keep a logfile of the driver’s activity. The logfile is named `c:\mylog_process-id` where `process-id` is the name of the process in use. -- Specify a location for the logfiles in the `Folder for logging` field. +- Select **CommLog** to record all client/server traffic in a log file. The log file is named `C:\psqlodbc_`, where `` is the name of the process in use. +- Select **Mylog** to keep a log file of the driver’s activity. The log file is named `c:\mylog_`, where `` is the name of the process in use. +- Specify a location for the log files in the **Folder for logging** field. +After you entered the connection information for the named data source, select **Test** to verify that the driver manager can connect to the defined data source. -When you’ve entered the connection information for the named data source, click the `Test` button to verify that the driver manager can connect to the defined data source. +Select **OK** to exit the Connection Test dialog box. If the connection is successful, select **Save** to save the named data source. If there are problems establishing a connection, adjust the parameters and test again. -![The Connection is successful](images/connection_is_successful.png) +## Adding a data source definition in Linux -The Connection is successful - -Click the OK button to exit `Connection Test` dialog. If the connection is successful, click the `Save` button to save the named data source. If there are problems establishing a connection, adjust the parameters and test again. - -## Adding a Data Source Definition in Linux - -The Linux `ODBC Administrator` is a graphical tool that is distributed with unixODBC; you can use the `ODBC Administrator` to manage ODBC drivers and named resources. To add the ODBC Administrator to your system, open a terminal window, assume superuser privileges, and enter: +The Linux ODBC Administrator is a graphical tool distributed with unixODBC. You can use the ODBC Administrator to manage ODBC drivers and named resources. To add the ODBC Administrator to your system, open a terminal window, assume superuser privileges, and enter: `yum install unixODBC` -followed by: - `yum install unixODBC-kde` -To invoke the `ODBC Administrator`, open a terminal window and enter ODBCConfig. - -![The unixODBC Data Source Administrator](images/unixodbc_data_source_administrator.png) - -The unixODBC Data Source Administrator - -When you install the Advanced Server `Connectors` component, the EDB-ODBC driver is added to the list of drivers in the ODBC Administrator. Click `Advanced`, and then select the `Drivers` tab to verify that the `enterprisedb` driver appears in the list. - -![The Drivers tab shows the installed EDB-ODBC driver](images/installed_edb-odbc_driver.png) - -The Drivers tab shows the installed EDB-ODBC driver - -If the EDB-ODBC driver does not appear in the list of drivers, you can add it using the `ODBC Administrator`. To add a driver definition, select the `Drivers` tab, and click `Add`. The `Driver Properties (new)` window opens, as shown below: - -![The Driver Properties window](images/driver_properties_window.png) - -The Driver Properties window - -Complete the `Driver Properties` window to register the EDB-ODBC driver with the driver manager: - -- Add a unique name for the driver to the `Name` field. - -- Add a driver description to the `Description` field. - -- Add the path to the location of the EDB-ODBC driver in the `Driver` field. By default, the complete path to the driver is: - - `/usr/edb/odbc/lib/edb-odbc.so` - -- Add the path to the location of the EDB-ODBC driver setup file in the `Setup` field. By default, the complete path to the driver setup file is: - - `/usr/edb/odbc/lib/libodbcedbS.so` - -When you’ve described the driver properties for the EDB-ODBC driver, click `OK`. The ODBC Data Source Administrator window now includes the EDB-ODBC driver in the list of available ODBC drivers. - -![The Drivers tab shows the new driver definition](images/new_driver_definition.png) +To invoke the ODBC Administrator, open a terminal window and enter `ODBCConfig`. -The Drivers tab shows the new driver definition +When you install the EDB Postgres Advanced Server Connectors component, the EDB-ODBC driver is added to the list of drivers in the ODBC Administrator. Select **Advanced**, and then select the **Drivers** tab to verify that the `enterprisedb` driver appears in the list. -With the EDB-ODBC driver available to the driver manager, you can add a data source. Click the `Data Source` Names option in the left panel, and then choose the appropriate DSN tab for the type of data source name you would like to add: +If the EDB-ODBC driver doesn't appear in the list of drivers, you can add it using the ODBC Administrator. To add a driver definition, select the **Drivers** tab, and select **Add**. -- Choose the `User` tab to add a named data source that is available only to the current user (the data source will be stored in `/user/.odbc.ini`). -- Choose the `System` tab add a named data source that is available to all users. All system data sources are stored in a single file (usually `/etc/odbc.ini`). -- Choose the `File` tab to add a named data source that is available to all users, but that is stored in a file of your choosing. +In the Driver Properties window, register the EDB-ODBC driver with the driver manager: -Select the appropriate tab and click `Add`. The `Create a New Data Source…` window opens, as shown below: +- Add a unique name for the driver to the **Name** field. -![Select a driver for the named data source](images/select_driver_named_date_source.png) +- Add a driver description to the **Description** field. -Select a driver for the named data source +- Add the path to the location of the EDB-ODBC driver in the **Driver** field. By default, the complete path to the driver is `/usr/edb/odbc/lib/edb-odbc.so`. -Select the EDB-ODBC driver from the list, and click `OK` to open the `Data Source Properties` window. +- Add the path to the location of the EDB-ODBC driver setup file in the **Setup** field. By default, the complete path to the driver setup file is `/usr/edb/odbc/lib/libodbcedbS.so`. -Complete the `Data Source Properties (new)` window, specifying the connection properties for the EDB-ODBC driver. +After you enter the driver properties for the EDB-ODBC driver, select **OK**. The ODBC Data Source Administrator window now includes the EDB-ODBC driver in the list of available ODBC drivers. -![The Data Source Properties window](images/data_source_properties_window.png) +With the EDB-ODBC driver available to the driver manager, you can add a data source. Select the **Data Source Names** option in the left panel, and then select the appropriate DSN tab for the type of data source name you want to add: -The Data Source Properties window +- Select the **User** tab to add a named data source that's available only to the current user. The data source is stored in `/user/.odbc.ini`. +- Select the **System** tab to add a named data source that's available to all users. All system data sources are stored in a single file, usually `/etc/odbc.ini`. +- Select the **File** tab to add a named data source that's available to all users but that's stored in a file of your choosing. -- Enter the data source name in the `Name` field. -- Enter a description of the named data source in the `Description` field. -- The unixODBC driver includes a trace utility that records the sequence of calls made an ODBC application to a log file. Specify `Yes` in the `Trace` field to turn the trace utility on. Note that using the trace utility can slow down an application. -- Use the `TraceFile` field to specify a file to receive information returned by the `Trace` utility. -- Enter the name of the Advanced Server database in the `Database` field. -- Enter the host name or IP address of Advanced Server in the `Servername` field. -- Enter the name of a user in the `Username` field. -- Enter the password for the user in the `Password` field. -- Enter a port number (or accept the default value of `5444`) in the `Port` field. -- Use the `Protocol` field to specify a front-end/back-end protocol version; the default value is `7.4`. You can optionally select from protocol versions `7.4`, `6.4`, `6.3` or `6.2`. -- Use the `ReadOnly` field to specify `Yes` to prevent the driver from executing the following commands: `INSERT`, `UPDATE`, `DELETE`, `CREATE`, `ALTER`, `DROP`, `GRANT`, `REVOKE` or `LOCK`. Enabling the `Read Only` option also prevents any calls that use the ODBC procedure call escape syntax (`call=procedure-name?`). By default, `ReadOnly` is set to `No`. -- Use the `RowVersioning` field to specify `Yes` if the driver should include the `xmin` column when reporting the columns in a table. The `xmin` column is the ID of the transaction that created the row. You must use row versioning if you plan to create cursors where `SQL_CONCURRENCY = SQL_CONCUR_ROWVER`. By default, `Row Versioning` is set to `No`. -- Use the `ShowSystemTables` field to specify `Yes` if the driver should include system tables in the result set of the `SQLTables()` function. By default, this field is set to `No`. -- Use the `ShowOidColumn` field to specify `Yes` if the driver should include the `OID` column in the result set of the `SQLColumns()` function. If `ShowOidColumn` is set to `No`, the `OID` column is hidden from `SQLColumns()`. By default, this option is set to `No`. -- Use the `FakeOidIndex` field to specify Yes if the `SQLStatistics()` function should report that a unique index exists on each `OID` column. This is useful when your application needs a unique identifier and your table doesn’t include one. The default value is `No`. -- Use the `ConnSettings` field to specify a list of parameter assignments that the driver will use when opening this connection. +Select the appropriate tab and select **Add**. The Create a New Data Source window opens. -When you’ve defined the connection properties, click `OK`. +Select the EDB-ODBC driver from the list, and select **OK** to open the Data Source Properties window. -The new data source is added to the list of data source names: +Complete the **Data Source Properties (new)** window, specifying the connection properties for the EDB-ODBC driver. -![The new data source is included on the Data Source Names list](images/data_source_names.png) +- Enter the data source name in the **Name** field. +- Enter a description of the named data source in the **Description** field. +- The unixODBC driver includes a trace utility that records the sequence of calls made from an ODBC application to a log file. Specify **Yes** in the **Trace** field to turn the trace utility on. Using the trace utility can slow down an application. +- Use the **TraceFile** field to specify a file to receive information returned by the `Trace` utility. +- Enter the name of the EDB Postgres Advanced Server database in the **Database** field. +- Enter the host name or IP address ofn EDB Postgres Advanced Server in the **Servername** field. +- Enter the name of a user in the **Username** field. +- Enter the password for the user in the **Password** field. +- Enter a port number (or accept the default value of `5444`) in the **Port** field. +- Use the **Protocol** field to specify a front-end/back-end protocol version. The default value is **7.4**. You can optionally select from protocol versions **7.4**, **6.4**, **6.3**, or **6.2**. +- Use the **ReadOnly** field to specify **Yes** to prevent the driver from executing the following commands: `INSERT`, `UPDATE`, `DELETE`, `CREATE`, `ALTER`, `DROP`, `GRANT`, `REVOKE` or `LOCK`. Enabling the **Read Only** option also prevents any calls that use the ODBC procedure call escape syntax (`call=procedure-name?`). By default, **ReadOnly** is set to **No**. +- Use the **RowVersioning** field to specify **Yes** if you want the driver to include the `xmin` column when reporting the columns in a table. The `xmin` column is the ID of the transaction that created the row. You must use row versioning if you plan to create cursors where `SQL_CONCURRENCY = SQL_CONCUR_ROWVER`. By default, **Row Versioning** is set to **No**. +- Use the **ShowSystemTables** field to specify **Yes** if you want the driver to include system tables in the result set of the `SQLTables()` function. By default, this field is set to **No**. +- Use the **ShowOidColumn** field to specify **Yes** if you want the driver to include the `OID` column in the result set of the `SQLColumns()` function. If **ShowOidColumn** is set to **No**, the `OID` column is hidden from `SQLColumns()`. By default, this option is set to **No**. +- Use the **FakeOidIndex** field to specify **Yes** if you want the `SQLStatistics()` function to report that a unique index exists on each `OID` column. This is useful when your application needs a unique identifier and your table doesn’t include one. The default value is **No**. +- Use the **ConnSettings** field to specify a list of parameter assignments for the driver to use when opening this connection. -The new data source is included on the Data Source Names list +After you define the connection properties, select **OK**. The new data source is added to the list of data source names. diff --git a/product_docs/docs/odbc_connector/13/06_edb-odbc_driver_functionality.mdx b/product_docs/docs/odbc_connector/13/06_edb-odbc_driver_functionality.mdx index 03589735b92..cb475bb96fa 100644 --- a/product_docs/docs/odbc_connector/13/06_edb-odbc_driver_functionality.mdx +++ b/product_docs/docs/odbc_connector/13/06_edb-odbc_driver_functionality.mdx @@ -1,16 +1,16 @@ --- -title: "EDB-ODBC Driver Functionality" +title: "EDB-ODBC driver functionality" --- You can use ODBC functions to query ODBC for specific information about the various attributes of the connection between EDB-ODBC and the server. -- `SQLGetInfo()` returns information about the EDB-ODBC driver and Advanced Server. +- `SQLGetInfo()` returns information about the EDB-ODBC driver and EDB Postgres Advanced Server. - `SQLGetEnvAttr()` returns information about ODBC environment attributes. - `SQLGetConnectAttr()` returns information about attributes specific to an individual connection. - `SQLGetStmtAttr()` returns information about the attributes specific to an individual statement. -You can also use ODBC functions to set various attributes of the objects that you use to interface with ODBC: +You can also use ODBC functions to set attributes of the objects that you use to interface with ODBC: - Use the `SQLSetConnectAttr()` function to set connection attributes. - Use the `SQLSetEnvAttr()` function to set environment attributes. @@ -18,7 +18,7 @@ You can also use ODBC functions to set various attributes of the objects that yo ## SQLGetInfo() -The ODBC `SQLGetInfo()` function returns information about the EDB-ODBC driver and Advanced Server. You must have an open connection to call `SQLGetInfo()`, unless you specify `SQL_ODBC_VER` as the `info_type`. The signature for `SQLGetInfo()` is: +The ODBC `SQLGetInfo()` function returns information about the EDB-ODBC driver and EDB Postgres Advanced Server. You must have an open connection to call `SQLGetInfo()`, unless you specify `SQL_ODBC_VER` as the `info_type`. The signature for `SQLGetInfo()` is: ```c++ SQLRETURN SQLGetInfo @@ -31,235 +31,235 @@ SQLRETURN SQLGetInfo ); ``` -- `conn_handle` The connection handle. +- `conn_handle` — The connection handle. -- `info_type` The type of information SQLGetInfo() is retrieving. +- `info_type` — The type of information SQLGetInfo() is retrieving. -- `info_pointer` A pointer to a memory buffer that will hold the retrieved value. +- `info_pointer` — A pointer to a memory buffer to hold the retrieved value. - If the `info_type` argument is `SQL_DRIVER_HDESC` or `SQL_DRIVER_HSTMT`, the `info_pointer` argument is both `Input` and `Output`. + If the `info_type` argument is `SQL_DRIVER_HDESC` or `SQL_DRIVER_HSTMT`, the `info_pointer` argument is both `Input` and `Output`. -- `buffer_len` is the length of the allocated memory buffer pointed to by `info_pointer`. If `info_pointer` is `NULL`, `buffer_len` is ignored. If the returned value is a fixed size, `buffer_len` is ignored. `buffer_len` is only used if the requested value is returned in the form of a character string. +- `buffer_len` — The length of the allocated memory buffer pointed to by `info_pointer`. If `info_pointer` is `NULL`, `buffer_len` is ignored. If the returned value is a fixed size, `buffer_len` is ignored. `buffer_len` is used only if the requested value is returned in the form of a character string. -- `string_length_pointer` is a pointer to an `SQLSMALLINT` value. `SQLGetInfo()` writes the size of the requested value in this integer. +- `string_length_pointer` — A pointer to an `SQLSMALLINT` value. `SQLGetInfo()` writes the size of the requested value in this integer. -A typical usage is to call `SQLGetInfo()` with a `NULL info_pointer` to obtain the length of the requested value, allocate the required number of bytes, and then call `SQLGetInfo()` again (providing the address of the newly allocated buffer) to obtain the actual value. The first call retrieves the number of bytes required to hold the value; the second call retrieves the value. +A typical usage is to call `SQLGetInfo()` with a `NULL info_pointer` to obtain the length of the requested value, allocate the required number of bytes, and then call `SQLGetInfo()` again (providing the address of the newly allocated buffer) to obtain the actual value. The first call retrieves the number of bytes required to hold the value. The second call retrieves the value. -If the size of the returned value exceeds `buffer_len`, the information is truncated and `NULL` terminated. If the returned value is a fixed size, `string_length` is ignored (and the size of the requested value is not provided by `SQLGetInfo()`). +If the size of the returned value exceeds `buffer_len`, the information is truncated and `NULL` terminated. If the returned value is a fixed size, `string_length` is ignored, and the size of the requested value isn't provided by `SQLGetInfo()`. `SQLGetInfo()` writes information in one of the following formats: -- a `SQLUINTEGER` bitmask -- a `SQLUINTEGER` flag -- a `SQLUINTEGER` binary value -- a `SQLUSMALLINT` value -- a `NULL` terminated character string +- `SQLUINTEGER` bitmask +- `SQLUINTEGER` flag +- `SQLUINTEGER` binary value +- `SQLUSMALLINT` value +- `NULL`-terminated character string `SQLGetInfo()` returns `SQL_SUCCESS`, `SQL_SUCCESS_WITH_INFO`, `SQL_ERROR`, or `SQL_INVALID_HANDLE`. -The following table lists the information returned by EDB-ODBC about the Advanced Server connection: +The following table lists the information returned by EDB-ODBC about the EDB Postgres Advanced Server connection. -| **SQL info_type Argument and Description** | **EDB_ODBC/Advanced Server Returns:** | +| SQL info_type argument and description** | EDB_ODBC/EDB Postgres Advanced Server returns | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SQL_ACCESSIBLE_PROCEDURES: Indicates if procedures returned by SQLProcedures()can be executed by the application. | Returns N. Some procedures executed by the SQLProcedures() function may be executed by the application. | -| SQL_ACCESSIBLE_TABLES: Indicates if the user has SELECT privileges on all table names returned by SQLTables(). | Returns N. The user may not have select privileges on one or more tables returned by the SQLTables() function. | -| SQL_ACTIVE_CONNECTIONS prev. SQL_MAX_DRIVER_CONNECTIONS: Indicates the maximum number of connections EDB-ODBC can support. | Returns 0. There is no specified limit to the number of connections allowed. | -| SQL_ACTIVE_ENVIRONMENTS: The number of active environments EDB-ODBC can support. | Returns 0. There is no specified limit to the number of environments allowed. | -| SQL_ACTIVE_STATEMENTS prev. SQL_MAX_CONCURRENT_ACTIVITIES: Indicates the maximum number of active statements EDB-ODBC can support. | Returns 0. There is no specified limit to the number of active statements allowed. | -| SQL_AGGREGATE_FUNCTION: Identifies the aggregate functions supported by the server and driver. | Returns SQL_AF_ALL | -| SQL_ALTER_DOMAIN: Identifies the ALTER DOMAIN clauses supported by the server. | Returns 0. ALTER DOMAIN clauses are not supported. | -| SQL_ALTER_TABLE: Identifies the ALTER TABLE clauses supported by the server. | Returns SQL_AT_ADD_COLUMN, SQL_AT_DROP_TABLE_CONSTRAINT_CASCADE, SQL_AT_DROP_TABLE_CONSTRAINT, SQL_AT_CONSTRAINT_INITIALLY_DEFERRED, SQL_AT_CONSTRAINT_INITIALLY_IMMEDIATE, SQL_AT_CONSTRAINT_DEFERRABLE | -| SQL_ASYNC_MODE: Level of Asynchronous Mode Supported by EDB-ODBC. | Returns SQL_AM_NONE. Asynchronous mode is not supported. | -| SQL_BATCH_ROW_COUNT: Indicates how the driver returns row counts. | Returns SQL_BRC_EXPLICIT. Row Counts are available when executed by calling SQLExecute or SQLExecDirect. | -| SQL_BATCH_SUPPORT: Indicates support for batch statement execution. | Returns: SQL_BS_SELECT_EXPLICIT, SQL_BS_ROW_COUNT_EXPLICIT. The driver supports explicit batches with result set and row count generating statements. | -| SQL_BOOKMARK_PERSISTENCE: Indicates level of support for bookmarks. | Returns: SQL_BP_DELETE, SQL_BP_TRANSACTION, SQL_BP_UPDATE, SQL_BP_SCROLL. | -| SQL_CATALOG_LOCATION Now SQL_QUALIFIER_LOCATION: Indicates the position of the catalog in a qualified table name. | Returns SQL_CL_START. The catalog portion of a qualified table name is at the beginning of the name. | -| SQL_CATALOG_NAME Now SQL_QUALIFIER_NAME: Indicates support for catalog names. | Returns Y. The server supports catalog names. | +| SQL_ACCESSIBLE_PROCEDURES: Indicates if procedures returned by `SQLProcedures()` can be executed by the application. | Returns `N`. Some procedures executed by the `SQLProcedures()` function might be executed by the application. | +| SQL_ACCESSIBLE_TABLES: Indicates if the user has SELECT privileges on all table names returned by `SQLTables()`. | Returns `N`. The user might not have select privileges on one or more tables returned by the `SQLTables()` function. | +| SQL_ACTIVE_CONNECTIONS prev. SQL_MAX_DRIVER_CONNECTIONS: Indicates the maximum number of connections EDB-ODBC can support. | Returns `0`. There's no specified limit to the number of connections allowed. | +| SQL_ACTIVE_ENVIRONMENTS: The number of active environments EDB-ODBC can support. | Returns `0`. There's no specified limit to the number of environments allowed. | +| SQL_ACTIVE_STATEMENTS prev. SQL_MAX_CONCURRENT_ACTIVITIES: Indicates the maximum number of active statements EDB-ODBC can support. | Returns `0`. There's no specified limit to the number of active statements allowed. | +| SQL_AGGREGATE_FUNCTION: Identifies the aggregate functions supported by the server and driver. | Returns `SQL_AF_ALL`. | +| SQL_ALTER_DOMAIN: Identifies the `ALTER DOMAIN` clauses supported by the server. | Returns `0`. `ALTER DOMAIN` clauses aren't supported. | +| SQL_ALTER_TABLE: Identifies the `ALTER TABLE` clauses supported by the server. | Returns `SQL_AT_ADD_COLUMN`, `SQL_AT_DROP_TABLE_CONSTRAINT_CASCADE`, `SQL_AT_DROP_TABLE_CONSTRAINT`, `SQL_AT_CONSTRAINT_INITIALLY_DEFERRED`, `SQL_AT_CONSTRAINT_INITIALLY_IMMEDIATE`, `SQL_AT_CONSTRAINT_DEFERRABLE` | +| SQL_ASYNC_MODE: Level of asynchronous mode supported by EDB-ODBC. | Returns `SQL_AM_NONE`. Asynchronous mode isn't supported. | +| SQL_BATCH_ROW_COUNT: Indicates how the driver returns row counts. | Returns `SQL_BRC_EXPLICIT`. Row counts are available when executed by calling `SQLExecute` or `SQLExecDirect`. | +| SQL_BATCH_SUPPORT: Indicates support for batch statement execution. | Returns `SQL_BS_SELECT_EXPLICIT`, `SQL_BS_ROW_COUNT_EXPLICIT`. The driver supports explicit batches with result set and row count generating statements. | +| SQL_BOOKMARK_PERSISTENCE: Indicates level of support for bookmarks. | Returns `SQL_BP_DELETE`, `SQL_BP_TRANSACTION`, `SQL_BP_UPDATE`, `SQL_BP_SCROLL`. | +| SQL_CATALOG_LOCATION Now SQL_QUALIFIER_LOCATION: Indicates the position of the catalog in a qualified table name. | Returns `SQL_CL_START`. The catalog portion of a qualified table name is at the beginning of the name. | +| SQL_CATALOG_NAME Now SQL_QUALIFIER_NAME: Indicates support for catalog names. | Returns `Y`. The server supports catalog names. | | SQL_CATALOG_NAME_SEPARATOR Now SQL_QUALIFIER_NAME_SEPARATOR: Character separating the catalog name from the adjacent name element. | Returns '.' The server expects a '.' character between the qualifier and the table name. | | SQL_CATALOG_TERM Now SQL_QUALIFIER_TERM: The term used to describe a catalog. | Returns catalog. | -| SQL_CATALOG_USAGE Now SQL_QUALIFIER_USAGE: Indicates the SQL statements that may refer to catalogs. | Returns SQL_CU_DML_STATEMENTS. Catalog names can be used in SELECT, INSERT, UPDATE, DELETE, SELECT FOR UPDATE and positioned UPDATE and DELETE statements. | -| SQL_COLLATION_SEQ: Returns the name of the Collation Sequence. | Returns an empty string. The name of the default collation is unknown. | -| SQL_COLUMN_ALIAS: Indicates server support for column aliases. | Returns Y. The server supports column aliases. | -| SQL_CONCAT_NULL_BEHAVIOR: Indicates how the server handles concatenation of NULL values. | Returns SQL_CB_NON_NULL. Concatenation of a NULL value and a non NULL value will result in a NULL value. | -| SQL_CONVERT_BIGINT: Indicates conversion support from the BIGINT type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_BINARY: Indicates conversion support from the BINARY type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_BIT: Indicates conversion support from the BIT type using the CONVERT function. | Returns: SQL_CVT_INTEGER, SQL_CVT_BIT. | -| SQL_CONVERT_CHAR: Indicates conversion support from the CHAR type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_DATE: Indicates conversion support from the DATE type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_DECIMAL: Indicates conversion support from the DECIMAL type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_DOUBLE: Indicates conversion support from the DOUBLE type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_FLOAT: Indicates conversion support from the FLOAT type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_FUNCTIONS: Lists the scalar conversion functions supported by the server and driver using the CONVERT function. | Returns: SQL_FN_CVT_CONVERT. | -| SQL_CONVERT_INTEGER: Lists the conversion support from the INTEGER type using the CONVERT function. | Returns: SQL_CVT_INTEGER, SQL_CVT_BIT. | -| SQL_CONVERT_INTERVAL_DAY_TIME: Indicates conversion support from the INTERVAL_DAY_TIME type using the CONVERT function. | This info_type is not currently supported. | -| SQL_CONVERT_INTERVAL_YEAR_MONTH: Indicates conversion support from the INTERVAL_YEAR_MONTH type using the CONVERT function. | This info_type is not currently supported. | -| SQL_CONVERT_LONGVARBINARY: Indicates conversion support for the LONG_VARBINARY type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_LONGVARCHAR: Indicates conversion support for the LONGVARCHAR type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_NUMERIC: Indicates conversion support for the NUMERIC type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_REAL: Indicates conversion support for the REAL type using the CONVERT function | Returns 0. The server does not support conversion. | -| SQL_CONVERT_SMALLINT: Indicates conversion support for the SMALLINT type using the CONVERT function. | Returns: SQL_CVT_INTEGER, SQL_CVT_BIT. | -| SQL_CONVERT_TIME: Indicates conversion support for TIME type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CVT_TIMESTAMP: Indicates conversion support for TIMESTAMP type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_TINYINT: Indicates conversion support for the TINYINT type using the CONVERT function. | Returns: SQL_CVT_INTEGER, SQL_CVT_BIT. | -| SQL_CONVERT_VARBINARY: Indicates conversion support for the VARBINARY type using the CONVERT function. | Returns 0. The server does not support conversion. | -| SQL_CONVERT_VARCHAR: Indicates conversion support for VARCHAR type using the CONVERT function. | Returns: SQL_CVT_INTEGER, SQL_CVT_BIT. | -| SQL_CONVERT_WCHAR: Indicates conversion support for the WCHAR type using the CONVERT function. | This info_type is valid only when using the Unicode driver. Returns 0. The server does not support conversion. | -| SQL_CONVERT_WLONGVARCHAR: Indicates conversion support for the WLONGVARCHAR type using the CONVERT function. | This info_type is valid only when using the Unicode driver. Returns 0. The server does not support conversion. | -| SQL_CONVERT_WVARCHAR: Indicates conversion support for the WVARCHAR type using the CONVERT function. | This info_type is valid only when using the Unicode driver. Returns 0. The server does not support conversion. | -| SQL_CORRELATION_NAME: Indicates server support for correlation names. | Returns SQL_CN_ANY. Correlation names are supported and can be any valid name. | -| SQL_CREATE_ASSERTION: Indicates support for the CREATE ASSERTION statement. | Returns 0. The CREATE ASSERTION statement is not supported. | -| SQL_CREATE_CHARACTER_SET: Indicates support for CREATE CHARACTER statement. | Returns 0. The CREATE CHARACTER statement is not supported. | -| SQL_CREATE_COLLATION: Indicates support for the CREATE COLLATION. | Returns 0. The CREATE COLLATION statement is not supported. | -| SQL_CREATE_DOMAIN: Indicates support for the CREATE DOMAIN statement. | Returns 0. The CREATE DOMAIN statement is not supported. | -| SQL_CREATE_SCHEMA: Indicates support for the CREATE SCHEMA statement. | Returns: SQL_CS_CREATE_SCHEMA, SQL_CS_AUTHORIZATION. | -| SQL_CREATE_TABLE: Indicates support for the CREATE TABLE statement. | Returns: SQL_CT_CREATE_TABLE, SQL_CT_GLOBAL_TEMPORARY, SQL_CT_CONSTRAINT_INITIALLY_DEFERRED, SQL_CT_CONSTRAINT_INITIALLY_IMMEDIATE, SQL_CT_CONSTRAINT_DEFERRABLE, SQL_CT_COLUMN_CONSTRAINT, SQL_CT_COLUMN_DEFAULT, SQL_CT_TABLE_CONSTRAINT, SQL_CT_CONSTRAINT_NAME_DEFINITION | -| SQL_CREATE_TRANSLATION: Indicates support for the CREATE TRANSLATION statement. | Returns 0. The CREATE TRANSLATION statement is not supported. | -| SQL_CREATE_VIEW: Indicates support for the CREATE VIEW statement. | Returns SQL_CV_CREATE_VIEW. | -| SQL_CURSOR_COMMIT_BEHAVIOR: Indicates how a COMMIT operation affects the cursor. | Returns SQL_CB_PRESERVE. Cursors are unchanged, and can continue to fetch data. | -| SQL_CURSOR_ROLLBACK_BEHAVIOR: Indicates the server behavior after a ROLLBACK operation. | Returns SQL_CB_PRESERVE. Cursors are unchanged, and can continue to fetch data. | -| SQL_CURSOR_SENSITIVITY:Indicates how the server synchronizes changes to a result set. | This info_type is not currently supported. | +| SQL_CATALOG_USAGE Now SQL_QUALIFIER_USAGE: Indicates the SQL statements that can refer to catalogs. | Returns `SQL_CU_DML_STATEMENTS`. Catalog names can be used in `SELECT`, `INSERT`, `UPDATE`, `DELETE`, `SELECT FOR UPDATE` and positioned `UPDATE` and `DELETE` statements. | +| SQL_COLLATION_SEQ: Returns the name of the collation sequence. | Returns an empty string. The name of the default collation is unknown. | +| SQL_COLUMN_ALIAS: Indicates server support for column aliases. | Returns `Y`. The server supports column aliases. | +| SQL_CONCAT_NULL_BEHAVIOR: Indicates how the server handles concatenation of NULL values. | Returns `SQL_CB_NON_NULL`. Concatenating a NULL value and a non-NULL value results in a NULL value. | +| SQL_CONVERT_BIGINT: Indicates conversion support from the `BIGINT` type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_BINARY: Indicates conversion support from the BINARY type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_BIT: Indicates conversion support from the BIT type using the `CONVERT` function. | Returns `SQL_CVT_INTEGER`, `SQL_CVT_BIT`. | +| SQL_CONVERT_CHAR: Indicates conversion support from the CHAR type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_DATE: Indicates conversion support from the DATE type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_DECIMAL: Indicates conversion support from the DECIMAL type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_DOUBLE: Indicates conversion support from the DOUBLE type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_FLOAT: Indicates conversion support from the FLOAT type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_FUNCTIONS: Lists the scalar conversion functions supported by the server and driver using the `CONVERT` function. | Returns `SQL_FN_CVT_CONVERT`. | +| SQL_CONVERT_INTEGER: Lists the conversion support from the INTEGER type using the `CONVERT` function. | Returns `SQL_CVT_INTEGER`, `SQL_CVT_BIT`. | +| SQL_CONVERT_INTERVAL_DAY_TIME: Indicates conversion support from the INTERVAL_DAY_TIME type using the `CONVERT` function. | This info_type isn't currently supported. | +| SQL_CONVERT_INTERVAL_YEAR_MONTH: Indicates conversion support from the INTERVAL_YEAR_MONTH type using the `CONVERT` function. | This info_type isn't currently supported. | +| SQL_CONVERT_LONGVARBINARY: Indicates conversion support for the LONG_VARBINARY type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_LONGVARCHAR: Indicates conversion support for the LONGVARCHAR type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_NUMERIC: Indicates conversion support for the NUMERIC type using the `CONVERT` function. | Returns 0. The server doesn't support conversion. | +| SQL_CONVERT_REAL: Indicates conversion support for the REAL type using the `CONVERT` function | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_SMALLINT: Indicates conversion support for the SMALLINT type using the `CONVERT` function. | Returns `SQL_CVT_INTEGER`, `SQL_CVT_BIT`. | +| SQL_CONVERT_TIME: Indicates conversion support for TIME type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CVT_TIMESTAMP: Indicates conversion support for TIMESTAMP type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_TINYINT: Indicates conversion support for the TINYINT type using the `CONVERT` function. | Returns `SQL_CVT_INTEGER`, `SQL_CVT_BIT`. | +| SQL_CONVERT_VARBINARY: Indicates conversion support for the VARBINARY type using the `CONVERT` function. | Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_VARCHAR: Indicates conversion support for VARCHAR type using the `CONVERT` function. | Returns `SQL_CVT_INTEGER`, `SQL_CVT_BIT`. | +| SQL_CONVERT_WCHAR: Indicates conversion support for the WCHAR type using the `CONVERT` function. | This info_type is valid only when using the Unicode driver. Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_WLONGVARCHAR: Indicates conversion support for the WLONGVARCHAR type using the `CONVERT` function. | This info_type is valid only when using the Unicode driver. Returns `0`. The server doesn't support conversion. | +| SQL_CONVERT_WVARCHAR: Indicates conversion support for the WVARCHAR type using the `CONVERT` function. | This info_type is valid only when using the Unicode driver. Returns`0`. The server doesn't support conversion. | +| SQL_CORRELATION_NAME: Indicates server support for correlation names. | Returns `SQL_CN_ANY`. Correlation names are supported and can be any valid name. | +| SQL_CREATE_ASSERTION: Indicates support for the `CREATE ASSERTION` statement. | Returns `0`. The `CREATE ASSERTION` statement isn't supported. | +| SQL_CREATE_CHARACTER_SET: Indicates support for the `CREATE CHARACTER` statement. | Returns `0`. The `CREATE CHARACTER` statement isn't supported. | +| SQL_CREATE_COLLATION: Indicates support for the `CREATE COLLATION` statement. | Returns `0`. The `CREATE COLLATION` statement isn't supported. | +| SQL_CREATE_DOMAIN: Indicates support for the `CREATE DOMAIN` statement. | Returns `0`. The `CREATE DOMAIN` statement isn't supported. | +| SQL_CREATE_SCHEMA: Indicates support for the `CREATE SCHEMA` statement. | Returns `SQL_CS_CREATE_SCHEMA`, `SQL_CS_AUTHORIZATION`. | +| SQL_CREATE_TABLE: Indicates support for the `CREATE TABLE` statement. | Returns `SQL_CT_CREATE_TABLE`, `SQL_CT_GLOBAL_TEMPORARY`, `SQL_CT_CONSTRAINT_INITIALLY_DEFERRED`, `SQL_CT_CONSTRAINT_INITIALLY_IMMEDIATE`, `SQL_CT_CONSTRAINT_DEFERRABLE`, `SQL_CT_COLUMN_CONSTRAINT`, `SQL_CT_COLUMN_DEFAULT`, `SQL_CT_TABLE_CONSTRAINT`, `SQL_CT_CONSTRAINT_NAME_DEFINITION` | +| SQL_CREATE_TRANSLATION: Indicates support for the `CREATE TRANSLATION` statement. | Returns `0`. The `CREATE TRANSLATION` statement isn't supported. | +| SQL_CREATE_VIEW: Indicates support for the `CREATE VIEW` statement. | Returns `SQL_CV_CREATE_VIEW`. | +| SQL_CURSOR_COMMIT_BEHAVIOR: Indicates how a `COMMIT` operation affects the cursor. | Returns `SQL_CB_PRESERVE`. Cursors are unchanged and can continue to fetch data. | +| SQL_CURSOR_ROLLBACK_BEHAVIOR: Indicates the server behavior after a `ROLLBACK` operation. | Returns `SQL_CB_PRESERVE`. Cursors are unchanged and can continue to fetch data. | +| SQL_CURSOR_SENSITIVITY: Indicates how the server synchronizes changes to a result set. | This info_type isn't currently supported. | | SQL_DATA_SOURCE_NAME: Returns the server name used during connection. | The value returned is determined by the connection properties. | | SQL_DATA_SOURCE_READ_ONLY: Indicates if the connection is in READ ONLY mode. | The value returned is determined by the connection properties. | | SQL_DATABASE_NAME: Returns the name of the database. | The value returned is determined by the connection properties. | | SQL_DATETIME_LITERALS: Indicates the DATETIME LITERALS supported by the server. | This info_type is not supported. | -| SQL_DBMS_NAME: Returns the name of the DBMS system. | Returns the value given by the dbms_name parameter from the odbc.ini file on Linux or the dbms_name field of page 2 of the Advanced Options dialog box when defining a data source in Windows. The default is EnterpriseDB. | +| SQL_DBMS_NAME: Returns the name of the DBMS system. | Returns the value given by the `dbms_name` parameter from the `odbc.ini` file on Linux or the `dbms_name` field of page 2 of the Advanced Options dialog box when defining a data source in Windows. The default is `EnterpriseDB`. | | SQL_DBMS_VER: Returns the server version. | Determined by the server. | -| SQL_DDL_INDEX: Indicates support for creating and dropping indexes. | Returns: SQL_DI_CREATE_INDEX, SQL_DI_DROP_INDEX. | -| SQL_DEFAULT_TXN_ISOLATION: Indicates support for transaction isolation by the server. | Returns TXN_READ_COMMITTED. Non-repeatable or phantom reads are possible; Dirty reads are not. | -| SQL_DESCRIBE_PARAMETER: Indicates support for the DESCRIBE INPUT statement. | Returns N. The DESCRIBE INPUT statement is not supported. | -| SQL_DM_VER: The version of the Driver Manager. | Determined by driver manager. | -| SQL_DRIVER_HDBC: The Driver's connection handle. | Returns an SQLULEN value that contains the driver’s connection handle. | -| SQL_DRIVER_HDESC: The Driver descriptor handle. | Returns an SQLULEN value that contains driver’s descriptor handle. | -| SQL_DRIVER_HENV: The Driver's environment handle. | Returns an SQLULEN value that contains the driver’s environment handle. | -| SQL_DRIVER_HLIB: The Driver handle. | Returns an SQLULEN value that contains the library handle (returned to the ODBC driver manager when the manager loaded the driver). | -| SQL_DRIVER_HSTMT: The Driver's statement handle. | Returns an SQLULEN value that contains the driver’s statement handle. | -| SQL_DRIVER_NAME: The name of the driver. | Returns EDB-ODBC.DLL | -| SQL_DRIVER_ODBC_VER: Identifies the ODBC version that the driver supports. | Returns 03.50 | -| SQL_DRIVER_VER: Identifies the driver version. | Returns 9.0.0.6 | -| SQL_DROP_ASSERTION: Lists the DROP ASSERTION clauses supported by the server. | Returns 0 | -| SQL_DROP_CHARACTER_SET: Lists the DROP CHARACTER clauses supported by the server. | Returns 0 | -| SQL_DROP_COLLATION: Lists the DROP COLLATION clauses supported by the server. | Returns 0 | -| SQL_DROP_DOMAIN: Lists the DROP DOMAIN clauses supported by the server. | Returns 0 | -| SQL_DROP_SCHEMA: Lists the DROP SCHEMA clauses supported by the server. | Returns: SQL_DS_DROP_SCHEMA, SQL_DS_RESTRICT, SQL_DS_CASCADE. | -| SQL_DROP_TABLE: Lists the DROP TABLE clauses supported by the server. | Returns: SQL_DT_DROP_TABLE, SQL_DS_RESTRICT, SQL_DS_CASCADE. | -| SQL_DROP_TRANSLATION: Lists the DROP TRANSLATION clauses supported by the server. | Returns 0. | -| SQL_DROP_VIEW: Lists the DROP VIEW clauses supported by the server. | Returns: SQL_DV_DROP_VIEW, SQL_DS_RESTRICT, SQL_DS_CASCADE. | -| SQL_DYNAMIC_CURSOR_ATTRIBUTES1: Describes the first set of dynamic cursor attributes supported by the driver. | Returns 0 | -| SQL_DYNAMIC_CURSOR_ATTRIBUTES2: Describes the second set of dynamic cursor attributes supported by the driver. | Returns 0 | -| SQL_EXPRESSIONS_IN_ORDERBY: Indicates server support for ORDER BY. | Returns Y. | -| SQL_FETCH_DIRECTION: Indicates FETCH order options (deprecated in ODBC 3.0). | Returns: SQL_FD_FETCH_NEXT, SQL_FD_FETCH_FIRS, SQL_FD_FETCH_LAST, SQL_FD_FETCH_PRIOR, SQL_FD_FETCH_ABSOLUTE, SQL_FD_FETCH_RELATIVE, SQL_FD_FETCH_BOOKMARK. | -| SQL_FILE_USAGE: Indicates how a single-tier driver treats files on the server. | Returns SQL_FILE_NOT_SUPPORTED. The driver is not a single-tier file. | -| SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES1: Describes the forward-only cursor attributes supported by the driver. | Returns SQL_CA1_NEXT. | -| SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES2: Describes extended attributes for the forward-only cursor designated by SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES1. | Returns: SQL_CA2_READ_ONLY_CONCURRENCY, SQL_CA2_CRC_EXACT. | -| SQL_GETDATA_EXTENSIONS: Lists supported extensions to SQLGetData. | Returns: SQL_GD_ANY_COLUMN, SQL_GD_ANY_ORDER, SQL_GD_BLOCK, SQL_GD_BOUND. | -| SQL_GROUP_BY: Indicates the relationship between a GROUP BY clause and columns in the SELECT list. | Returns SQL_GB_GROUP_BY_EQUALS_SELECT. | -| SQL_IDENTIFIER_CASE: Indicates case-sensitivity and case-storage of SQL identifiers. | Returns SQL_IC_LOWER. | -| SQL_INDEX_KEYWORDS: Indicates support for the CREATE INDEX statement. | Returns SQL_IK_NONE. | -| SQL_INFO_SCHEMA_VIEWS: Lists the views supported in the INFORMATION_SCHEMA. | Returns 0. | -| SQL_INTEGRITY Prev. SQL_ODBC_SQL_OPT_IEF: Indicates server support for referential integrity syntax checking. | Returns N. | -| SQL_INSERT_STATEMENT: Indicates level of support for the INSERT statement. | Returns: SQL_IS_INSERT_LITERALS, SQL_IS_INSERT_SEARCHED, SQL_IS_SELECT_INTO. | -| SQL_KEYSET_CURSOR_ATTRIBUTES1: Describes the first set of keyset cursor attributes supported by the driver. | Returns: SQL_CA1_NEXT, SQL_CA1_ABSOLUTE, SQL_CA1_RELATIVE, SQL_CA1_BOOKMARK, SQL_CA1_LOCK_NO_CHANGE, SQL_CA1_POS_POSITION, SQL_CA1_POS_UPDATE, SQL_CA1_POS_DELETE, SQL_CA1_POS_REFRESH, SQL_CA1_BULK_ADD, SQL_CA1_BULK_UPDATE_BY_BOOKMARK, SQL_CA1_BULK_DELETE_BY_BOOKMARK, SQL_CA1_BULK_FETCH_BY_BOOKMARK. | -| SQL_KEYSET_CURSOR_ATTRIBUTES2: Describes the second set of keyset cursor attributes supported by the driver. | Returns: SQL_CA2_READ_ONLY_CONCURRENCY, SQL_CA2_OPT_ROWVER_CONCURRENCY, SQL_CA2_SENSITIVITY_ADDITIONS, SQL_CA2_SENSITIVITY_DELETIONS, SQL_CA2_SENSITIVITY_UPDATES, SQL_CA2_CRC_EXACT. | -| SQL_KEYWORDS: Identifies the server specific reserved keywords. | Returns “”. There are no server specific reserved keywords. | -| SQL_LIKE_ESCAPE_CLAUSE: Indicates support for an escape character in LIKE predicates. | Returns N. Advanced Server does not support escape characters in LIKE predicates. | -| SQL_LOCK_TYPES: Lists supported lock types (deprecated in ODBC 3.0). | Returns SQL_LCK_NO_CHANGE. | +| SQL_DDL_INDEX: Indicates support for creating and dropping indexes. | Returns `SQL_DI_CREATE_INDEX`, `SQL_DI_DROP_INDEX`. | +| SQL_DEFAULT_TXN_ISOLATION: Indicates support for transaction isolation by the server. | Returns `TXN_READ_COMMITTED`. Nonrepeatable or phantom reads are possible. Dirty reads aren't. | +| SQL_DESCRIBE_PARAMETER: Indicates support for the `DESCRIBE INPUT` statement. | Returns `N`. The `DESCRIBE INPUT` statement isn't supported. | +| SQL_DM_VER: The version of the driver manager. | Determined by driver manager. | +| SQL_DRIVER_HDBC: The driver's connection handle. | Returns an `SQLULEN` value that contains the driver’s connection handle. | +| SQL_DRIVER_HDESC: The driver descriptor handle. | Returns an `SQLULEN` value that contains driver’s descriptor handle. | +| SQL_DRIVER_HENV: The driver's environment handle. | Returns an `SQLULEN` value that contains the driver’s environment handle. | +| SQL_DRIVER_HLIB: The driver handle. | Returns an `SQLULEN` value that contains the library handle (returned to the ODBC driver manager when the manager loaded the driver). | +| SQL_DRIVER_HSTMT: The driver's statement handle. | Returns an `SQLULEN` value that contains the driver’s statement handle. | +| SQL_DRIVER_NAME: The name of the driver. | Returns `EDB-ODBC.DLL` | +| SQL_DRIVER_ODBC_VER: Identifies the ODBC version that the driver supports. | Returns `03.50` | +| SQL_DRIVER_VER: Identifies the driver version. | Returns `9.0.0.6` | +| SQL_DROP_ASSERTION: Lists the `DROP ASSERTION` clauses supported by the server. | Returns `0`. | +| SQL_DROP_CHARACTER_SET: Lists the `DROP CHARACTER` clauses supported by the server. | Returns `0`. | +| SQL_DROP_COLLATION: Lists the `DROP COLLATION` clauses supported by the server. | Returns `0`. | +| SQL_DROP_DOMAIN: Lists the `DROP DOMAIN` clauses supported by the server. | Returns `0`. | +| SQL_DROP_SCHEMA: Lists the `DROP SCHEMA` clauses supported by the server. | Returns `SQL_DS_DROP_SCHEMA`, `SQL_DS_RESTRICT`, `SQL_DS_CASCADE`. | +| SQL_DROP_TABLE: Lists the `DROP TABLE` clauses supported by the server. | Returns `SQL_DT_DROP_TABLE`, `SQL_DS_RESTRICT`, `SQL_DS_CASCADE`. | +| SQL_DROP_TRANSLATION: Lists the `DROP TRANSLATION` clauses supported by the server. | Returns `0`. | +| SQL_DROP_VIEW: Lists the `DROP VIEW` clauses supported by the server. | Returns `SQL_DV_DROP_VIEW`, `SQL_DS_RESTRICT`, `SQL_DS_CASCADE`. | +| SQL_DYNAMIC_CURSOR_ATTRIBUTES1: Describes the first set of dynamic cursor attributes supported by the driver. | Returns `0`. | +| SQL_DYNAMIC_CURSOR_ATTRIBUTES2: Describes the second set of dynamic cursor attributes supported by the driver. | Returns `0`. | +| SQL_EXPRESSIONS_IN_ORDERBY: Indicates server support for `ORDER BY`. | Returns `Y`. | +| SQL_FETCH_DIRECTION: Indicates FETCH order options (deprecated in ODBC 3.0). | Returns `SQL_FD_FETCH_NEXT`, `SQL_FD_FETCH_FIRS`, `SQL_FD_FETCH_LAST`, `SQL_FD_FETCH_PRIOR`, `SQL_FD_FETCH_ABSOLUTE`, `SQL_FD_FETCH_RELATIVE`, `SQL_FD_FETCH_BOOKMARK`. | +| SQL_FILE_USAGE: Indicates how a single-tier driver treats files on the server. | Returns `SQL_FILE_NOT_SUPPORTED`. The driver isn't a single-tier file. | +| SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES1: Describes the forward-only cursor attributes supported by the driver. | Returns `SQL_CA1_NEXT`. | +| SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES2: Describes extended attributes for the forward-only cursor designated by `SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES1`. | Returns `SQL_CA2_READ_ONLY_CONCURRENCY`, `SQL_CA2_CRC_EXACT`. | +| SQL_GETDATA_EXTENSIONS: Lists supported extensions to `SQLGetData`. | Returns `SQL_GD_ANY_COLUMN`, `SQL_GD_ANY_ORDER`, `SQL_GD_BLOCK`, `SQL_GD_BOUND`. | +| SQL_GROUP_BY: Indicates the relationship between a `GROUP BY` clause and columns in the `SELECT` list. | Returns `SQL_GB_GROUP_BY_EQUALS_SELECT`. | +| SQL_IDENTIFIER_CASE: Indicates case sensitivity and case storage of SQL identifiers. | Returns `SQL_IC_LOWER`. | +| SQL_INDEX_KEYWORDS: Indicates support for the `CREATE INDEX` statement. | Returns `SQL_IK_NONE`. | +| SQL_INFO_SCHEMA_VIEWS: Lists the views supported in the `INFORMATION_SCHEMA`. | Returns `0`. | +| SQL_INTEGRITY Prev. SQL_ODBC_SQL_OPT_IEF: Indicates server support for referential integrity syntax checking. | Returns `N`. | +| SQL_INSERT_STATEMENT: Indicates level of support for the `INSERT` statement. | Returns `SQL_IS_INSERT_LITERALS`, `SQL_IS_INSERT_SEARCHED`, `SQL_IS_SELECT_INTO`. | +| SQL_KEYSET_CURSOR_ATTRIBUTES1: Describes the first set of keyset cursor attributes supported by the driver. | Returns `SQL_CA1_NEXT`, `SQL_CA1_ABSOLUTE`, `SQL_CA1_RELATIVE`, `SQL_CA1_BOOKMARK`, `SQL_CA1_LOCK_NO_CHANGE`, `SQL_CA1_POS_POSITION`, `SQL_CA1_POS_UPDATE`, `SQL_CA1_POS_DELETE`, `SQL_CA1_POS_REFRESH`, `SQL_CA1_BULK_ADD`, `SQL_CA1_BULK_UPDATE_BY_BOOKMARK`, `SQL_CA1_BULK_DELETE_BY_BOOKMARK`, `SQL_CA1_BULK_FETCH_BY_BOOKMARK`. | +| SQL_KEYSET_CURSOR_ATTRIBUTES2: Describes the second set of keyset cursor attributes supported by the driver. | Returns `SQL_CA2_READ_ONLY_CONCURRENCY`, `SQL_CA2_OPT_ROWVER_CONCURRENCY`, `SQL_CA2_SENSITIVITY_ADDITIONS`, `SQL_CA2_SENSITIVITY_DELETIONS`, `SQL_CA2_SENSITIVITY_UPDATES`, `SQL_CA2_CRC_EXACT`. | +| SQL_KEYWORDS: Identifies the server-specific reserved keywords. | Returns “”. There are no server-specific reserved keywords. | +| SQL_LIKE_ESCAPE_CLAUSE: Indicates support for an escape character in `LIKE` predicates. | Returns `N`. EDB Postgres Advanced Server doesn't support escape characters in `LIKE` predicates. | +| SQL_LOCK_TYPES: Lists supported lock types (deprecated in ODBC 3.0). | Returns `SQL_LCK_NO_CHANGE`. | | SQL_MAX_ASYNC_CONCURRENT_STATEMENTS: The number of active concurrent statements that the driver can support. | This info_type is currently unsupported. | -| SQL_MAX_BINARY_LITERAL_LEN: The maximum length of a binary literal. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_CATALOG_NAME_LEN: The maximum length of a catalog name on the server. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_QUALIFIER_NAME_LEN: The maximum length of a qualifier. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_CHAR_LITERAL_LEN: The maximum number of characters in a character string. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_COLUMN_NAME_LEN: The maximum length of a column name. | Returns 64. Column names cannot exceed 64 characters in length. | -| SQL_MAX_COLUMNS_IN_GROUP_BY: The maximum number of columns allowed in a GROUP BY clause. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_COLUMNS_IN_INDEX: The maximum number of columns allowed in an index. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_COLUMNS_IN_ORDER_BY: The maximum number of columns allowed in an ORDER BY clause. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_COLUMNS_IN_SELECT: The maximum number of columns allowed in a SELECT list. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_COLUMNS_IN_TABLE: The maximum number of columns allowed in a table. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_CONCURRENT_ACTIVITIES prev. SQL_MAX_ACTIVE_STATEMENTS: The maximum number of active SQL statements that the driver can support. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_CURSOR_NAME_LEN: The maximum length of a cursor name. | Returns 32. A cursor name cannot exceed 32 characters in length. | -| SQL_MAX_DRIVER_CONNECTIONS prev. SQL_ACTIVE_CONNECTIONS: The maximum number of active connections the driver can support. | Returns 0. There is no specified limit to the number of connections supported. | -| SQL_MAX_IDENTIFIER_LEN: The maximum identifier length allowed by the server. | Returns 64. Identifiers cannot exceed 64 characters in length. | -| SQL_MAX_INDEX_SIZE: The maximum number of bytes allowed in the (combined) fields of an index. | Returns 0. The maximum size is unspecified. | -| SQL_MAX_OWNER_NAME_LEN Now SQL_MAX_SCHEMA_NAME_LEN: The maximum length of an owner name allowed by the server. | Returns 64. The maximum length of an owner name is 64 characters. | -| SQL_MAX_PROCEDURE_NAME_LEN: The maximum length of a procedure name allowed by the server. | Returns 0. The maximum length is unspecified. | -| SQL_MAX_QUALIFIER_NAME_LEN Now SQL_MAX_CATALOG_NAME_LEN: The maximum length of a qualifier name allowed by the server. | Returns 0. The maximum length of a qualifier is unspecified. | -| SQL_MAX_ROW_SIZE: The maximum length of a row. | Returns 0. The maximum row length is unspecified. | -| SQL_MAX_ROW_SIZE_INCLUDES_LONG: Indicates whether the SQL_MAX_ROW_SIZE includes the length of any LONGVARCHAR or LONGVARBINARY columns in the row. | Returns Y. SQL_MAX_ROW_SIZE includes the length of any LONGVARCHAR or LONGVARBINARY columns in the row. | -| SQL_MAX_SCHEMA_NAME_LEN: The maximum length of a schema name allowed by the server. | Returns 64. The maximum length of a schema name is 64 characters. | -| SQL_MAX_STATEMENT_LEN: The maximum length of a SQL statement. | Returns 0. Maximum statement length is limited by available memory. | -| SQL_MAX_TABLE_NAME_LEN: The maximum length of a table name allowed by the server. | Returns 64. The maximum length of a table name is 64 characters. | -| SQL_MAX_TABLES_IN_SELECT: The maximum number of tables allowed in the FROM clause of a SELECT statement. | Returns 0. The maximum number of tables allowed is unspecified. | -| SQL_MAX_USER_NAME_LEN: The maximum length of the user name allowed by the server. | Returns 0. The maximum length of a user name is unspecified. | -| SQL_MULT_RESULT_SETS: Indicates server support for multiple result sets. | Returns Y. Advanced Server supports multiple result sets. | -| SQL_MULTIPLE_ACTIVE_TXN: Indicates if the server supports multiple active transactions. | Returns Y. Advanced Server supports multiple active transactions. | -| SQL_NEED_LONG_DATA_LEN: Indicates if the server needs the length of a LONG data value before receiving the value. | Returns N. Advanced Server does not need the length of a LONG data value before receiving the value. | -| SQL_NON_NULLABLE_COLUMNS: Indicates if the server supports NOT NULL values in columns. | Returns SQL_NNC_NON_NULL. Advanced Server does support NOT NULL values in columns. | -| SQL_NULL_COLLATION: Indicates where NULL values are located in a result set. | Returns SQL_NC_HIGH. The location of NULL values in a data set is determined by the ASC and DESC keywords; NULL values are sorted to the high end of the data set. | -| SQL_NUMERIC_FUNCTIONS: Lists the numeric functions supported by the driver and the server. | Returns: SQL_FN_NUM_ABS, SQL_FN_NUM_ATAN, SQL_FN_NUM_CEILING, SQL_FN_NUM_COS, SQL_FN_NUM_EXP, SQL_FN_NUM_FLOOR, SQL_FN_NUM_LOG, SQL_FN_NUM_MOD, SQL_FN_NUM_SIGN, SQL_FN_NUM_SIN, SQL_FN_NUM_SQRT, SQL_FN_NUM_TAN, SQL_FN_NUM_RAND, SQL_FN_NUM_POWER, SQL_FN_NUM_ROUND. | -| SQL_ODBC_API_CONFORMANCE: Indicates the ODBC 3.0 compliance level | Returns SQL_OAC_LEVEL1. The driver conforms to ODBC Level 1 interface. | -| SQL_ODBC_INTERFACE_CONFORMANCE: Indicates the ODBC interface that the driver adheres to. | Returns SQL_OIC_CORE. | -| SQL_ODBC_SAG_CLI_CONFORMANCE: Indicates the SQL Access Group compliance level that the driver adheres to. | Returns SQL_OSCC_NOT_COMPLIANT. The driver is not SAG CLI compliant. | -| SQL_ODBC_SQL_CONFORMANCE: Indicates the SQL grammar level that the driver conforms to. | Returns SQL_OSC_CORE. The driver conforms to the core grammar level. | -| SQL_ODBC_SQL_OPT_IEF Now SQL_INTEGRITY: Indicates server support for referential integrity syntax checking. | Returns N. The server does not support referential integrity syntax checking. | -| SQL_ODBC_VER: The ODBC version supported by the driver manager | Returns 03.52.0000. | -| SQL_OJ_CAPABILITIES: Identifies the outer joins that are supported by the server. | Returns: SQL_OJ_LEFT, SQL_OJ_RIGHT, SQL_OJ_FULL, SQL_OJ_NESTED, SQL_OJ_NOT_ORDERED, SQL_OJ_INNER, SQL_OJ_ALL_COMPARISON_OPS. | -| SQL_OUTER_JOINS: Indicates support for outer joins and the outer join escape sequence. | Returns Y. Outer joins are supported. | +| SQL_MAX_BINARY_LITERAL_LEN: The maximum length of a binary literal. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_CATALOG_NAME_LEN: The maximum length of a catalog name on the server. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_QUALIFIER_NAME_LEN: The maximum length of a qualifier. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_CHAR_LITERAL_LEN: The maximum number of characters in a character string. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_COLUMN_NAME_LEN: The maximum length of a column name. | Returns `64`. Column names can't exceed 64 characters in length. | +| SQL_MAX_COLUMNS_IN_GROUP_BY: The maximum number of columns allowed in a `GROUP BY` clause. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_COLUMNS_IN_INDEX: The maximum number of columns allowed in an index. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_COLUMNS_IN_ORDER_BY: The maximum number of columns allowed in an `ORDER BY` clause. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_COLUMNS_IN_SELECT: The maximum number of columns allowed in a `SELECT` list. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_COLUMNS_IN_TABLE: The maximum number of columns allowed in a table. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_CONCURRENT_ACTIVITIES prev. SQL_MAX_ACTIVE_STATEMENTS: The maximum number of active SQL statements that the driver can support. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_CURSOR_NAME_LEN: The maximum length of a cursor name. | Returns 32. A cursor name can't exceed 32 characters in length. | +| SQL_MAX_DRIVER_CONNECTIONS prev. SQL_ACTIVE_CONNECTIONS: The maximum number of active connections the driver can support. | Returns `0`. There is no specified limit to the number of connections supported. | +| SQL_MAX_IDENTIFIER_LEN: The maximum identifier length allowed by the server. | Returns `64`. Identifiers can't exceed 64 characters in length. | +| SQL_MAX_INDEX_SIZE: The maximum number of bytes allowed in the (combined) fields of an index. | Returns `0`. The maximum size is unspecified. | +| SQL_MAX_OWNER_NAME_LEN Now SQL_MAX_SCHEMA_NAME_LEN: The maximum length of an owner name allowed by the server. | Returns `64`. The maximum length of an owner name is 64 characters. | +| SQL_MAX_PROCEDURE_NAME_LEN: The maximum length of a procedure name allowed by the server. | Returns `0`. The maximum length is unspecified. | +| SQL_MAX_QUALIFIER_NAME_LEN Now SQL_MAX_CATALOG_NAME_LEN: The maximum length of a qualifier name allowed by the server. | Returns `0`. The maximum length of a qualifier is unspecified. | +| SQL_MAX_ROW_SIZE: The maximum length of a row. | Returns `0`. The maximum row length is unspecified. | +| SQL_MAX_ROW_SIZE_INCLUDES_LONG: Indicates whether the `SQL_MAX_ROW_SIZE` includes the length of any `LONGVARCHAR` or `LONGVARBINARY` columns in the row. | Returns `Y`. `SQL_MAX_ROW_SIZE` includes the length of any `LONGVARCHAR` or `LONGVARBINARY` columns in the row. | +| SQL_MAX_SCHEMA_NAME_LEN: The maximum length of a schema name allowed by the server. | Returns `64`. The maximum length of a schema name is 64 characters. | +| SQL_MAX_STATEMENT_LEN: The maximum length of a SQL statement. | Returns `0`. Maximum statement length is limited by available memory. | +| SQL_MAX_TABLE_NAME_LEN: The maximum length of a table name allowed by the server. | Returns `64`. The maximum length of a table name is 64 characters. | +| SQL_MAX_TABLES_IN_SELECT: The maximum number of tables allowed in the `FROM` clause of a `SELECT` statement. | Returns `0`. The maximum number of tables allowed is unspecified. | +| SQL_MAX_USER_NAME_LEN: The maximum length of the user name allowed by the server. | Returns `0`. The maximum length of a user name is unspecified. | +| SQL_MULT_RESULT_SETS: Indicates server support for multiple result sets. | Returns `Y`. EDB Postgres Advanced Server supports multiple result sets. | +| SQL_MULTIPLE_ACTIVE_TXN: Indicates if the server supports multiple active transactions. | Returns `Y`. EDB Postgres Advanced Server supports multiple active transactions. | +| SQL_NEED_LONG_DATA_LEN: Indicates if the server needs the length of a `LONG` data value before receiving the value. | Returns `N`. EDB Postgres Advanced Server doesn't need the length of a `LONG` data value before receiving the value. | +| SQL_NON_NULLABLE_COLUMNS: Indicates if the server supports NOT NULL values in columns. | Returns `SQL_NNC_NON_NULL`. EDB Postgres Advanced Server does support NOT NULL values in columns. | +| SQL_NULL_COLLATION: Indicates where NULL values are located in a result set. | Returns `SQL_NC_HIGH`. The location of NULL values in a data set is determined by the `ASC` and `DESC` keywords. NULL values are sorted to the high end of the data set. | +| SQL_NUMERIC_FUNCTIONS: Lists the numeric functions supported by the driver and the server. | Returns `SQL_FN_NUM_ABS`, `SQL_FN_NUM_ATAN`, `SQL_FN_NUM_CEILING`, `SQL_FN_NUM_COS`, `SQL_FN_NUM_EXP`, `SQL_FN_NUM_FLOOR`, `SQL_FN_NUM_LOG`, `SQL_FN_NUM_MOD`, `SQL_FN_NUM_SIGN`, `SQL_FN_NUM_SIN`, `SQL_FN_NUM_SQRT`, `SQL_FN_NUM_TAN`, `SQL_FN_NUM_RAND`, `SQL_FN_NUM_POWER`, `SQL_FN_NUM_ROUND`. | +| SQL_ODBC_API_CONFORMANCE: Indicates the ODBC 3.0 compliance level. | Returns `SQL_OAC_LEVEL1`. The driver conforms to ODBC Level 1 interface. | +| SQL_ODBC_INTERFACE_CONFORMANCE: Indicates the ODBC interface that the driver adheres to. | Returns `SQL_OIC_CORE`. | +| SQL_ODBC_SAG_CLI_CONFORMANCE: Indicates the SQL Access Group compliance level that the driver adheres to. | Returns `SQL_OSCC_NOT_COMPLIANT`. The driver isn't SAG CLI compliant. | +| SQL_ODBC_SQL_CONFORMANCE: Indicates the SQL grammar level that the driver conforms to. | Returns `SQL_OSC_CORE`. The driver conforms to the core grammar level. | +| SQL_ODBC_SQL_OPT_IEF Now SQL_INTEGRITY: Indicates server support for referential integrity syntax checking. | Returns `N`. The server doesn't support referential integrity syntax checking. | +| SQL_ODBC_VER: The ODBC version supported by the driver manager | Returns `03.52.0000`. | +| SQL_OJ_CAPABILITIES: Identifies the outer joins that are supported by the server. | Returns `SQL_OJ_LEFT`, `SQL_OJ_RIGHT`, `SQL_OJ_FULL`, `SQL_OJ_NESTED`, `SQL_OJ_NOT_ORDERED`, `SQL_OJ_INNER`, `SQL_OJ_ALL_COMPARISON_OPS`. | +| SQL_OUTER_JOINS: Indicates support for outer joins and the outer join escape sequence. | Returns `Y`. Outer joins are supported. | | SQL_OWNER_TERM prev. SQL_SCHEMA_TERM: The term used to describe a schema. | Returns schema. | -| SQL_ORDER_BY_COLUMNS_IN_SELECT: Indicates if the columns in an ORDER BY clause must be included in the SELECT list. | Returns N. Columns in an ORDER BY clause do not have to be in the SELECT list. | -| SQL_OWNER_USAGE prev. SQL_SCHEMA_USAGE: Returns a string that indicates which statements support schema qualifiers. | Returns: SQL_OU_DML_STATEMENTS, SQL_OU_TABLE_DEFINITION, SQL_OU_INDEX_DEFINITION, SQL_OU_PRIVILEGE_DEFINITION. | -| SQL_PARAM_ARRAY_ROW_COUNTS: Indicates if the server will return a single row count or separate row counts for each element in an array when executing a parameterized statement with at least one parameter bound to the array. | Returns SQL_PARC_BATCH, if separate row counts are available for each element in an array. SQL_PARC_NO_BATCH if a single, cumulative row count is available for the entire array. | -| SQL_PARAM_ARRAY_SELECTS: Indicates if the server will return one result set or a separate result set for each element in an array (or if the driver does not allow this feature) when executing a parameterized statement with at least one parameter bound to the array. | Returns SQL_PAS_BATCH. One data set is available for each element in an array. | -| SQL_POS_OPERATION: Lists the options supported by SQLSetPos(). | Returns: SQL_POS_POSITION, SQL_POS_REFRESH, SQL_POS_UPDATE, SQL_POS_DELETE, SQL_POS_ADD. | -| SQL_POSITIONED_STATEMENTS: Lists the supported positioned SQL statements. | Returns: SQL_PS_POSITIONED_DELETE, SQL_PS_POSITIONED_UPDATE, SQL_PS_SELECT_FOR_UPDATE. | +| SQL_ORDER_BY_COLUMNS_IN_SELECT: Indicates if the columns in an `ORDER BY` clause must be included in the `SELECT` list. | Returns `N`. Columns in an `ORDER BY` clause don't have to be in the `SELECT` list. | +| SQL_OWNER_USAGE prev. SQL_SCHEMA_USAGE: Returns a string that indicates which statements support schema qualifiers. | Returns `SQL_OU_DML_STATEMENTS`, `SQL_OU_TABLE_DEFINITION`, `SQL_OU_INDEX_DEFINITION`, `SQL_OU_PRIVILEGE_DEFINITION`. | +| SQL_PARAM_ARRAY_ROW_COUNTS: Indicates if the server returns a single row count or separate row counts for each element in an array when executing a parameterized statement with at least one parameter bound to the array. | Returns `SQL_PARC_BATCH` if separate row counts are available for each element in an array. Returns `SQL_PARC_NO_BATCH` if a single, cumulative row count is available for the entire array. | +| SQL_PARAM_ARRAY_SELECTS: Indicates if the server returns one result set or a separate result set for each element in an array (or if the driver doesn't allow this feature) when executing a parameterized statement with at least one parameter bound to the array. | Returns `SQL_PAS_BATCH`. One data set is available for each element in an array. | +| SQL_POS_OPERATION: Lists the options supported by `SQLSetPos()`. | Returns `SQL_POS_POSITION`, `SQL_POS_REFRESH`, `SQL_POS_UPDATE`, `SQL_POS_DELETE`, `SQL_POS_ADD`. | +| SQL_POSITIONED_STATEMENTS: Lists the supported positioned SQL statements. | Returns `SQL_PS_POSITIONED_DELETE`, `SQL_PS_POSITIONED_UPDATE`, `SQL_PS_SELECT_FOR_UPDATE`. | | SQL_PROCEDURE_TERM: The term used to describe a procedure. | Returns procedure. | -| SQL_PROCEDURES: Indicates if the server and the driver support SQL procedures and procedure invocation syntax. | Returns Y. The server and driver support procedures and procedure invocation syntax. | -| SQL_QUALIFIER_LOCATION prev. SQL_CATALOG_LOCATION: Indicates the position of the schema name in a qualified table name. | Returns SQL_CL_START. The catalog portion of a qualified table name is at the beginning of the name. | -| SQL_QUALIFIER_NAME prev. SQL_CATALOG_NAME: Indicates server support for catalog names. | Returns Y. The server supports catalog names. | +| SQL_PROCEDURES: Indicates if the server and the driver support SQL procedures and procedure invocation syntax. | Returns `Y`. The server and driver support procedures and procedure invocation syntax. | +| SQL_QUALIFIER_LOCATION prev. SQL_CATALOG_LOCATION: Indicates the position of the schema name in a qualified table name. | Returns `SQL_CL_START`. The catalog portion of a qualified table name is at the beginning of the name. | +| SQL_QUALIFIER_NAME prev. SQL_CATALOG_NAME: Indicates server support for catalog names. | Returns `Y`. The server supports catalog names. | | SQL_QUALIFIER_NAME_SEPARATOR prev. SQL_CATALOG_NAME_SEPARATOR: Character separating the qualifier name from the adjacent name element. | Returns '.'. The server expects a '.' character between the qualifier and the table name. | | SQL_QUALIFIER_TERM prev. SQL_CATALOG_TERM: The term used to describe a qualifier. | Returns catalog. | -| SQL_QUALIFIER_USAGE prev. SQL_CATALOG_USAGE: Indicates the SQL statements that may refer to qualifiers. | Returns SQL_CU_DML_STATEMENTS. Catalog names can be used in SELECT, INSERT, UPDATE, DELETE, SELECT FOR UPDATE and positioned UPDATE and DELETE statements. | -| SQL_QUALIFIER_USAGE Now SQL_CATALOG_USAGE: Identifies DML statements that support qualifier names. | Returns SQL_CU_DML_STATEMENTS. Qualifiers can be used in all DML statements (SELECT, INSERT, UPDATE, DELETE, SELECT FOR UPDATE). | -| SQL_QUOTED_IDENTIFIER_CASE: Indicates case sensitivity of quoted identifiers. | Returns SQL_IC_SENSITIVE. Quoted identifiers are case sensitive. | -| SQL_QUALIFIER_NAME_SEPARATOR Now SQL CATALOG_NAME_SEPARATOR: The character that separates the name qualifier from the name element. | Returns . The '.' character is used as a separator in qualified names. | +| SQL_QUALIFIER_USAGE prev. SQL_CATALOG_USAGE: Indicates the SQL statements that might refer to qualifiers. | Returns `SQL_CU_DML_STATEMENTS`. Catalog names can be used in `SELECT`, `INSERT`, `UPDATE`, `DELETE`, `SELECT FOR UPDATE`, and positioned `UPDATE` and `DELETE` statements. | +| SQL_QUALIFIER_USAGE Now SQL_CATALOG_USAGE: Identifies DML statements that support qualifier names. | Returns `SQL_CU_DML_STATEMENTS`. Qualifiers can be used in all DML statements (`SELECT`, `INSERT`, `UPDATE`, `DELETE`, `SELECT FOR UPDATE`). | +| SQL_QUOTED_IDENTIFIER_CASE: Indicates case sensitivity of quoted identifiers. | Returns `SQL_IC_SENSITIVE`. Quoted identifiers are case sensitive. | +| SQL CATALOG_NAME_SEPARATOR prev. SQL_QUALIFIER_NAME_SEPARATOR: The character that separates the name qualifier from the name element. | Returns '.'. The '.' character is used as a separator in qualified names. | | SQL_QUALIFIER_TERM: The term used to describe a qualifier. | Returns catalog | -| SQL_QUALIFIER_LOCATION: The position of the qualifier in a qualified table name. | Returns SQL_CL_START. The qualifier precedes the table name in a qualified table name. | -| SQL_ROW_UPDATES: Indicates if keyset-driven or mixed cursors maintain row versions or values. | Returns Y. Cursors maintain values for all fetched rows and can detect updates to the row values. | -| SQL_SCHEMA_TERM: The term used to describe a schema. | Returns schema | -| SQL_SCHEMA_USAGE: Indicates the SQL statements that may refer to schemas. | Returns: SQL_OU_DML_STATEMENTS, SQL_OU_TABLE_DEFINITION, SQL_OU_INDEX_DEFINITION, SQL_OU_PRIVILEGE_DEFINITION. | -| SQL_SCROLL_CONCURRENCY: Indicates the cursor concurrency control options supported by the server. | Returns: SQL_SCCO_READ_ONLY, SQL_SCCO_OPT_ROWVER. | -| SQL_SCROLL_OPTIONS: Indicates the cursor scroll options supported by the server. | Returns: SQL_SO_FORWARD_ONLY, SQL_SO_KEYSET_DRIVEN, SQL_SO_STATIC. | -| SQL_SEARCH_PATTERN_ESCAPE: The escape character that allows use of the wildcard characters % and \_ in search patterns. | Returns . The '' character is used as an escape character for the '%' and '\_' characters in search patterns. | +| SQL_QUALIFIER_LOCATION: The position of the qualifier in a qualified table name. | Returns `SQL_CL_START`. The qualifier precedes the table name in a qualified table name. | +| SQL_ROW_UPDATES: Indicates if keyset-driven or mixed cursors maintain row versions or values. | Returns `Y`. Cursors maintain values for all fetched rows and can detect updates to the row values. | +| SQL_SCHEMA_TERM: The term used to describe a schema. | Returns schema. | +| SQL_SCHEMA_USAGE: Indicates the SQL statements that might refer to schemas. | Returns `SQL_OU_DML_STATEMENTS`, `SQL_OU_TABLE_DEFINITION`, `SQL_OU_INDEX_DEFINITION`, `SQL_OU_PRIVILEGE_DEFINITION`. | +| SQL_SCROLL_CONCURRENCY: Indicates the cursor concurrency control options supported by the server. | Returns `SQL_SCCO_READ_ONLY`, `SQL_SCCO_OPT_ROWVER`. | +| SQL_SCROLL_OPTIONS: Indicates the cursor scroll options supported by the server. | Returns `SQL_SO_FORWARD_ONLY`, `SQL_SO_KEYSET_DRIVEN`, `SQL_SO_STATIC`. | +| SQL_SEARCH_PATTERN_ESCAPE: The escape character that allows use of the wildcard characters % and \_ in search patterns. | Returns ''. The '' character is used as an escape character for the '%' and '\_' characters in search patterns. | | SQL_SERVER_NAME: Indicates the name of the host. | The returned value is determined by connection properties. | | SQL_SPECIAL_CHARACTERS: Indicates any special characters allowed in identifier names. | Returns \_. The underscore character is allowed in identifier names. | -| SQL_SQL_CONFORMANCE: Indicates the level of SQL-92 compliance. | Returns SQL_SC_SQL92_ENTRY. The driver is SQL92 Entry level compliant. | -| SQL_SQL92_DATETIME_FUNCTIONS: Lists the datetime functions supported by the server. | Returns: SQL_SDF_CURRENT_DATE, SQL_SDF_CURRENT_TIME, SQL_SDF_CURRENT_TIMESTAMP. | -| SQL_SQL92_FOREIGN_KEY_DELETE_RULE: Indicates the server-enforced rules for using a foreign key in a DELETE statement. | Returns: SQL_SFKD_CASCADE, SQL_SFKD_NO_ACTION, SQL_SFKD_SET_DEFAULT, SQL_SFKD_SET_NULL. | -| SQL_SQL92_FOREIGN_KEY_UPDATE_RULE: Indicates the server-enforced rules for using a foreign key in an UPDATE statement. | Returns: SQL_SFKU_CASCADE, SQL_SFKU_NO_ACTION, SQL_SFKU_SET_DEFAULT, SQL_SFKU_SET_NULL. | -| SQL_SQL92_GRANT: Indicates the supported GRANT statement clauses. | Returns: SQL_SG_DELETE_TABLE, SQL_SG_INSERT_TABLE, SQL_SG_REFERENCES_TABLE, SQL_SG_SELECT_TABLE, SQL_SG_UPDATE_TABLE. | -| SQL_SQL92_NUMERIC_VALUE_FUNCTIONS: Lists the scalar numeric functions supported by the server and driver. | Returns: SQL_SNVF_BIT_LENGTH, SQL_SNVF_CHAR_LENGTH, SQL_SNVF_CHARACTER_LENGTH, SQL_SNVF_EXTRACT, SQL_SNVF_OCTET_LENGTH, SQL_SNVF_POSITION. | -| SQL_SQL92_PREDICATES, Identifies the predicates of a SELECT statement supported by the server. | Returns: SQL_SP_EXISTS, SQL_SP_ISNOTNULL, SQL_SP_ISNULL, SQL_SP_OVERLAPS, SQL_SP_LIKE, SQL_SP_IN, SQL_SP_BETWEEN, SQL_SP_COMPARISON, SQL_SP_QUANTIFIED_COMPARISON. | -| SQL_SQL92_RELATIONAL_JOIN_OPERATORS: Identifies the relational join operators supported by the server. | Returns: SQL_SRJO_CROSS_JOIN, SQL_SRJO_EXCEPT_JOIN, SQL_SRJO_FULL_OUTER_JOIN, SQL_SRJO_INNER_JOIN, SQL_SRJO_INTERSECT_JOIN, SQL_SRJO_LEFT_OUTER_JOIN, SQL_SRJO_NATURAL_JOIN, SQL_SRJO_RIGHT_OUTER_JOIN, SQL_SRJO_UNION_JOIN. | -| SQL_SQL92_REVOKE: Identifies the clauses in a REVOKE statement that are supported by the server. | Returns: SQL_SR_DELETE_TABLE, SQL_SR_INSERT_TABLE, SQL_SR_REFERENCES_TABLE, SQL_SR_SELECT_TABLE, SQL_SR_UPDATE_TABLE. | -| SQL_SQL92_ROW_VALUE_CONSTRUCTOR: Indicates the row value constructor expressions in a SELECT statement that are supported by the server. | Returns: SQL_SRVC_VALUE_EXPRESSION, SQL_SRVC_NULL. | -| SQL_SQL92_STRING_FUNCTIONS: Lists the string scalar functions supported by the server and driver. | Returns: SQL_SSF_CONVERT, SQL_SSF_LOWER, SQL_SSF_UPPER, SQL_SSF_SUBSTRING, SQL_SSF_TRANSLATE, SQL_SSF_TRIM_BOTH, SQL_SSF_TRIM_LEADING, SQL_SSF_TRIM_TRAILING. | -| SQL_SQL92_VALUE_EXPRESSIONS: Indicates the value expressions supported by the server. | Returns: SQL_SVE_CASE, SQL_SVE_CAST, SQL_SVE_COALESCE, SQL_SVE_NULLIF. | +| SQL_SQL_CONFORMANCE: Indicates the level of SQL-92 compliance. | Returns `SQL_SC_SQL92_ENTRY`. The driver is SQL92 entry-level compliant. | +| SQL_SQL92_DATETIME_FUNCTIONS: Lists the datetime functions supported by the server. | Returns `SQL_SDF_CURRENT_DATE`, `SQL_SDF_CURRENT_TIME`, `SQL_SDF_CURRENT_TIMESTAMP`. | +| SQL_SQL92_FOREIGN_KEY_DELETE_RULE: Indicates the server-enforced rules for using a foreign key in a `DELETE` statement. | Returns `SQL_SFKD_CASCADE`, `SQL_SFKD_NO_ACTION`, `SQL_SFKD_SET_DEFAULT`, `SQL_SFKD_SET_NULL`. | +| SQL_SQL92_FOREIGN_KEY_UPDATE_RULE: Indicates the server-enforced rules for using a foreign key in an `UPDATE` statement. | Returns `SQL_SFKU_CASCADE`, `SQL_SFKU_NO_ACTION`, `SQL_SFKU_SET_DEFAULT`, `SQL_SFKU_SET_NULL`. | +| SQL_SQL92_GRANT: Indicates the supported `GRANT` statement clauses. | Returns `SQL_SG_DELETE_TABLE`, `SQL_SG_INSERT_TABLE`, `SQL_SG_REFERENCES_TABLE`, `SQL_SG_SELECT_TABLE`, `SQL_SG_UPDATE_TABLE`. | +| SQL_SQL92_NUMERIC_VALUE_FUNCTIONS: Lists the scalar numeric functions supported by the server and driver. | Returns `SQL_SNVF_BIT_LENGTH`, `SQL_SNVF_CHAR_LENGTH`, `SQL_SNVF_CHARACTER_LENGTH`, `SQL_SNVF_EXTRACT`, `SQL_SNVF_OCTET_LENGTH`, `SQL_SNVF_POSITION`. | +| SQL_SQL92_PREDICATES, Identifies the predicates of a `SELECT` statement supported by the server. | Returns `SQL_SP_EXISTS`, `SQL_SP_ISNOTNULL`, `SQL_SP_ISNULL`, `SQL_SP_OVERLAPS`, `SQL_SP_LIKE`, `SQL_SP_IN`, `SQL_SP_BETWEEN`, `SQL_SP_COMPARISON`, `SQL_SP_QUANTIFIED_COMPARISON`. | +| SQL_SQL92_RELATIONAL_JOIN_OPERATORS: Identifies the relational join operators supported by the server. | Returns `SQL_SRJO_CROSS_JOIN`, `SQL_SRJO_EXCEPT_JOIN`, `SQL_SRJO_FULL_OUTER_JOIN`, `SQL_SRJO_INNER_JOIN`, `SQL_SRJO_INTERSECT_JOIN`, `SQL_SRJO_LEFT_OUTER_JOIN`, `SQL_SRJO_NATURAL_JOIN`, `SQL_SRJO_RIGHT_OUTER_JOIN`, `SQL_SRJO_UNION_JOIN`. | +| SQL_SQL92_REVOKE: Identifies the clauses in a `REVOKE` statement that are supported by the server. | Returns `SQL_SR_DELETE_TABLE`, `SQL_SR_INSERT_TABLE`, `SQL_SR_REFERENCES_TABLE`, `SQL_SR_SELECT_TABLE`, `SQL_SR_UPDATE_TABLE`. | +| SQL_SQL92_ROW_VALUE_CONSTRUCTOR: Indicates the row value constructor expressions in a `SELECT` statement that are supported by the server. | Returns `SQL_SRVC_VALUE_EXPRESSION`, `SQL_SRVC_NULL`. | +| SQL_SQL92_STRING_FUNCTIONS: Lists the string scalar functions supported by the server and driver. | Returns `SQL_SSF_CONVERT`, `SQL_SSF_LOWER`, `SQL_SSF_UPPER`, `SQL_SSF_SUBSTRING`, `SQL_SSF_TRANSLATE`, `SQL_SSF_TRIM_BOTH`, `SQL_SSF_TRIM_LEADING`, `SQL_SSF_TRIM_TRAILING`. | +| SQL_SQL92_VALUE_EXPRESSIONS: Indicates the value expressions supported by the server. | Returns `SQL_SVE_CASE`, `SQL_SVE_CAST`, `SQL_SVE_COALESCE`, `SQL_SVE_NULLIF`. | | SQL_STANDARD_CLI_CONFORMANCE: Indicates the CLI standard the driver conforms to. | This info_type is currently unsupported. | -| SQL_STATIC_CURSOR_ATTRIBUTES1: Describes the first set of static cursor attributes supported by the driver. | Returns: SQL_CA1_NEXT, SQL_CA1_ABSOLUTE, SQL_CA1_RELATIVE, SQL_CA1_BOOKMARK, SQL_CA1_LOCK_NO_CHANGE, SQL_CA1_POS_POSITION, SQL_CA1_POS_UPDATE, SQL_CA1_POS_DELETE, SQL_CA1_POS_REFRESH, SQL_CA1_BULK_ADD, SQL_CA1_BULK_UPDATE_BY_BOOKMARK, SQL_CA1_BULK_DELETE_BY_BOOKMARK, SQL_CA1_BULK_FETCH_BY_BOOKMARK. | -| SQL_STATIC_CURSOR_ATTRIBUTES2: Describes the second set of static cursor attributes supported by the driver. | Returns: SQL_CA2_READ_ONLY_CONCURRENCY, SQL_CA2_OPT_ROWVER_CONCURRENCY, SQL_CA2_SENSITIVITY_ADDITIONS, SQL_CA2_SENSITIVITY_DELETIONS, SQL_CA2_SENSITIVITY_UPDATES, SQL_CA2_CRC_EXACT. | -| SQL_STATIC_SENSITIVITY: Indicates whether changes made to a static cursor by SQLSetPos() or UPDATE or DELETE statements are detected by the application. | Returns: SQL_SS_ADDITIONS, SQL_SS_DELETIONS, SQL_SS_UPDATES. | -| SQL_STRING_FUNCTIONS: Lists the scalar string functions supported by the server and driver. | Returns: SQL_FN_STR_CONCAT, SQL_FN_STR_LTRIM, SQL_FN_STR_LENGTH, SQL_FN_STR_LOCATE, SQL_FN_STR_LCASE, SQL_FN_STR_RTRIM, SQL_FN_STR_SUBSTRING, SQL_FN_STR_UCASE. | -| SQL_SUBQUERIES: Identifies the subquery predicates to a SELECT statement supported by the server. | Returns: SQL_SQ_COMPARISON, SQL_SQ_EXISTS, SQL_SQ_IN, SQL_SQ_QUANTIFIED. | -| SQL_SYSTEM_FUNCTIONS: Lists the scalar system functions supported by the server and driver. | Returns 0. | +| SQL_STATIC_CURSOR_ATTRIBUTES1: Describes the first set of static cursor attributes supported by the driver. | Returns `SQL_CA1_NEXT`, `SQL_CA1_ABSOLUTE`, `SQL_CA1_RELATIVE`, `SQL_CA1_BOOKMARK`, `SQL_CA1_LOCK_NO_CHANGE`, `SQL_CA1_POS_POSITION`, `SQL_CA1_POS_UPDATE`, `SQL_CA1_POS_DELETE`, `SQL_CA1_POS_REFRESH`, `SQL_CA1_BULK_ADD`, `SQL_CA1_BULK_UPDATE_BY_BOOKMARK`, `SQL_CA1_BULK_DELETE_BY_BOOKMARK`, `SQL_CA1_BULK_FETCH_BY_BOOKMARK`. | +| SQL_STATIC_CURSOR_ATTRIBUTES2: Describes the second set of static cursor attributes supported by the driver. | Returns `SQL_CA2_READ_ONLY_CONCURRENCY`, `SQL_CA2_OPT_ROWVER_CONCURRENCY`, `SQL_CA2_SENSITIVITY_ADDITIONS`, `SQL_CA2_SENSITIVITY_DELETIONS`, `SQL_CA2_SENSITIVITY_UPDATES`, `SQL_CA2_CRC_EXACT`. | +| SQL_STATIC_SENSITIVITY: Indicates whether changes made to a static cursor by `SQLSetPos()` or `UPDATE` or `DELETE` statements are detected by the application. | Returns `SQL_SS_ADDITIONS`, `SQL_SS_DELETIONS`, `SQL_SS_UPDATES`. | +| SQL_STRING_FUNCTIONS: Lists the scalar string functions supported by the server and driver. | Returns `SQL_FN_STR_CONCAT`, `SQL_FN_STR_LTRIM`, `SQL_FN_STR_LENGTH`, `SQL_FN_STR_LOCATE`, `SQL_FN_STR_LCASE`, `SQL_FN_STR_RTRIM`, `SQL_FN_STR_SUBSTRING`, `SQL_FN_STR_UCASE`. | +| SQL_SUBQUERIES: Identifies the subquery predicates to a `SELECT` statement supported by the server. | Returns `SQL_SQ_COMPARISON`, `SQL_SQ_EXISTS`, `SQL_SQ_IN`, `SQL_SQ_QUANTIFIED`. | +| SQL_SYSTEM_FUNCTIONS: Lists the scalar system functions supported by the server and driver. | Returns `0`. | | SQL_TABLE_TERM: The term used to describe a table. | Returns table. | -| SQL_TIMEDATE_ADD_INTERVALS: Indicates the timestamp intervals supported by the server for the TIMESTAMPADD scalar function. | Returns 0. | -| SQL_TIMEDATE_DIFF_INTERVALS: Indicates the timestamp intervals supported by the server for the TIMESTAMPDIFF scalar function. | Returns 0 | -| SQL_TIMEDATE_FUNCTIONS: Indicates the date and time functions supported by the server. | Returns: SQL_FN_TD_NOW, SQL_FN_TD_CURDATE, SQL_FN_TD_CURTIME. | -| SQL_TXN_CAPABLE: Identifies the transaction support offered by the server and driver. | Returns SQL_TC_ALL. Transactions can contain both DML and DDL statements. | -| SQL_TXN_ISOLATION_OPTION: Indicates the transaction isolation level supported by the server. | Returns: SQL_TXN_READ_COMMITTED, SQL_TXN_SERIALIZABLE. | -| SQL_UNION: Indicates server support for the UNION clause. | Returns: SQL_U_UNION, SQL_U_UNION_ALL. | -| SQL_USER_NAME: Identifies the name of the user connected to a database; may be different than the login name. | This value is determined by the connection properties. | +| SQL_TIMEDATE_ADD_INTERVALS: Indicates the timestamp intervals supported by the server for the `TIMESTAMPADD` scalar function. | Returns `0`. | +| SQL_TIMEDATE_DIFF_INTERVALS: Indicates the timestamp intervals supported by the server for the `TIMESTAMPDIFF` scalar function. | Returns `0`. | +| SQL_TIMEDATE_FUNCTIONS: Indicates the date and time functions supported by the server. | Returns `SQL_FN_TD_NOW`, `SQL_FN_TD_CURDATE`, `SQL_FN_TD_CURTIME`. | +| SQL_TXN_CAPABLE: Identifies the transaction support offered by the server and driver. | Returns `SQL_TC_ALL`. Transactions can contain both DML and DDL statements. | +| SQL_TXN_ISOLATION_OPTION: Indicates the transaction isolation level supported by the server. | Returns `SQL_TXN_READ_COMMITTED`, `SQL_TXN_SERIALIZABLE`. | +| SQL_UNION: Indicates server support for the `UNION` clause. | Returns `SQL_U_UNION`, `SQL_U_UNION_ALL`. | +| SQL_USER_NAME: Identifies the name of the user connected to a database. Can be different than the login name. | This value is determined by the connection properties. | | SQL_XOPEN_CLI_YEAR: The publication year of the X/Open specification that the driver manager complies with. | This info_type is currently unsupported. | -## Connection Attributes +## Connection attributes You can use the ODBC `SQLGetConnectAttr()` and `SQLSetConnectAttr()` functions to retrieve or set the value of a connection attribute. @@ -278,49 +278,49 @@ SQLRETURN SQLGetConnectAttr ); ``` -- `conn_handle` The connection handle. +- `conn_handle` — The connection handle. -- `attribute` identifies the attribute whose value you wish to retrieve. +- `attribute` — Identifies the attribute whose value you want to retrieve. -- `value_pointer` A pointer to the location in memory that will receive the `attribute` value. +- `value_pointer` — A pointer to the location in memory to receive the `attribute` value. -- `buffer_length` If `attribute` is defined by ODBC and `value_pointer` points to a character string or binary buffer, `buffer_length` is the length of `value_pointer`. If `value_pointer` points to a fixed-size value (such as an integer), `buffer_length` is ignored. +- `buffer_length` — If `attribute` is defined by ODBC and `value_pointer` points to a character string or binary buffer, `buffer_length` is the length of `value_pointer`. If `value_pointer` points to a fixed-size value (such as an integer), `buffer_length` is ignored. If EDB-ODBC defines the attribute, `SQLGetConnectAttr()` sets the `buffer_length` parameter. `buffer_length` can be: | Value type | Meaning | | ---------------------- | ----------------------------------------- | | Character string | The length of the character string | - | Binary buffer | The result of SQL_LEN_BINARY_ATTR(length) | - | Fixed length data type | SQL_IS_INTEGER or SQL_IS_UINTEGER | - | Any other type | SQL_IS_POINTER | + | Binary buffer | The result of `SQL_LEN_BINARY_ATTR(length)` | + | Fixed length data type | `SQL_IS_INTEGER` or `SQL_IS_UINTEGER` | + | Any other type | `SQL_IS_POINTER` | -- `string_length_pointer` A pointer to a `SQLINTEGER` that receives the number of bytes available to return in `value_pointer`. If `value_pointer` is `NULL`, `string_length_pointer` is not returned. +- `string_length_pointer` — A pointer to a `SQLINTEGER` that receives the number of bytes available to return in `value_pointer`. If `value_pointer` is NULL, `string_length_pointer` isn't returned. -This function returns `SQL_SUCCESS`, `SQL_SUCCESS_WITH_INFO`, `SQL_NO_DATA`, `SQL_ERROR` or `SQL_INVALID_HANDLE`. +This function returns `SQL_SUCCESS`, `SQL_SUCCESS_WITH_INFO`, `SQL_NO_DATA`, `SQL_ERROR`, or `SQL_INVALID_HANDLE`. The following table lists the connection attributes supported by EDB-ODBC. | Attribute | Supported? | Notes | | ---------------------------- | ---------- | ----------------------------------------------------- | -| SQL_ATTR_ACCESS_MODE | NO | SQL_MODE_READ_WRITE | -| SQL_ATTR_ASYNC_ENABLE | NO | SQL_ASYNC_ENABLE_OFF | -| SQL_ATTR_AUTO_IPD | NO | | -| SQL_ATTR_AUTOCOMMIT | YES | SQL_AUTOCOMMIT, SQL_AUTOCOMMIT_ON, SQL_AUTOCOMMIT_OFF | -| SQL_ATTR_CONNECTION_TIMEOUT | NO | | -| SQL_ATTR_CURRENT_CATALOG | NO | | -| SQL_ATTR_DISCONNECT_BEHAVIOR | NO | | -| SQL_ATTR_ENLIST_IN_DTC | YES | For win32 and with conditional compilation | -| SQL_ATTR_ENLIST_IN_XA | NO | | -| SQL_ATTR_LOGIN_TIMEOUT | NO | SQL_LOGIN_TIMEOUT | -| SQL_ATTR_ODBC_CURSORS | NO | | -| SQL_ATTR_PACKET_SIZE | NO | | -| SQL_ATTR_QUIET_MODE | NO | | -| SQL_ATTR_TRACE | NO | | -| SQL_ATTR_TRACEFILE | NO | | -| SQL_ATTR_TRANSLATE_LIB | NO | | -| SQL_ATTR_TRANSLATE_OPTION | NO | | -| SQL_ATTR_TXN_ISOLATION | YES | SQL_TXN_ISOLATION, SQL_DEFAULT_TXN_ISOLATION | +| SQL_ATTR_ACCESS_MODE | No | SQL_MODE_READ_WRITE | +| SQL_ATTR_ASYNC_ENABLE | No | SQL_ASYNC_ENABLE_OFF | +| SQL_ATTR_AUTO_IPD | No | | +| SQL_ATTR_AUTOCOMMIT | Yes | SQL_AUTOCOMMIT, SQL_AUTOCOMMIT_ON, SQL_AUTOCOMMIT_OFF | +| SQL_ATTR_CONNECTION_TIMEOUT | No | | +| SQL_ATTR_CURRENT_CATALOG | No | | +| SQL_ATTR_DISCONNECT_BEHAVIOR | No | | +| SQL_ATTR_ENLIST_IN_DTC | Yes | For win32 and with conditional compilation | +| SQL_ATTR_ENLIST_IN_XA | No | | +| SQL_ATTR_LOGIN_TIMEOUT | No | SQL_LOGIN_TIMEOUT | +| SQL_ATTR_ODBC_CURSORS | No | | +| SQL_ATTR_PACKET_SIZE | No | | +| SQL_ATTR_QUIET_MODE | No | | +| SQL_ATTR_TRACE | No | | +| SQL_ATTR_TRACEFILE | No | | +| SQL_ATTR_TRANSLATE_LIB | No | | +| SQL_ATTR_TRANSLATE_OPTION | No | | +| SQL_ATTR_TXN_ISOLATION | Yes | SQL_TXN_ISOLATION, SQL_DEFAULT_TXN_ISOLATION | ### SQLSetConnectAttr() @@ -336,60 +336,52 @@ SQLRETURN SQLSetConnectAttr ); ``` -`conn_handle` +- `conn_handle` — The connection handle. -The connection handle +- `attribute` — Identifies the attribute whose value you want to set. -`attribute` +- `value_pointer` — A pointer to the value that the attribute assumes. -`attribute` identifies the attribute whose value you wish to set +- `string_length` — If `attribute` is defined by ODBC and `value_pointer` points to a binary buffer or character string, `string_length` is the length of `value_pointer`. If `value_pointer` points to a fixed-length value (such as an integer), `string_length` is ignored. -`value_pointer` + If EDB-ODBC defines the attribute, the application sets the `string_length` parameter. Possible `string_length` values are shown in the table. -A pointer to the value that the `attribute` will assume. - -`string_length` - -If `attribute` is defined by ODBC and `value_pointer` points to a binary buffer or character string, `string_length` is the length of `value_pointer`. If `value_pointer` points to a fixed-length value (such as an integer), `string_length` is ignored. - -If EDB-ODBC defines the attribute, the application sets the `string_length` parameter. Possible `string_length` values are: - -| Value Type | Meaning | -| ---------------------- | --------------------------------------------- | -| Character string | The length of the character string or SQL_NTS | -| Binary buffer | The result of SQL_LEN_BINARY_ATTR(length) | -| Fixed length data type | SQL_IS_INTEGER or SQL_IS_UINTEGER | -| Any other type | SQL_IS_POINTER | + | Value type | Meaning | + | ---------------------- | --------------------------------------------- | + | Character string | The length of the character string or `SQL_NTS` | + | Binary buffer | The result of `SQL_LEN_BINARY_ATTR(length)` | + | Fixed length data type | `SQL_IS_INTEGER` or `SQL_IS_UINTEGER` | + | Any other type | `SQL_IS_POINTER` | `SQLSetConnectAttr()` returns `SQL_SUCCESS`, `SQL_SUCCESS_WITH_INFO`, `SQL_ERROR`, `SQL_STILL_EXECUTING` or `SQL_INVALID_HANDLE`. You can call `SQLSetConnectAttr()` any time after the connection handle is allocated, until the time that the connection is closed with a call to `SQLFreeHandle()`. All attributes set by the call persist until the call to `SQLFreeHandle()`. -Connection attributes have a specific time frame in which they can be set. Some attributes must be set before the connection is established, while others can only be set after a connection is established. +Connection attributes have a specific timeframe in which they can be set. Some attributes must be set before the connection is established, while others can be set only after a connection is established. -The following table lists the connection attributes and the time frame in which they can be set: +The following table lists the connection attributes and the time frame in which they can be set. -| Attribute | Set Before or After establishing a connection? | +| Attribute | Set before or after establishing a connection? | | --------------------------- | ---------------------------------------------- | -| SQL_ATTR_ACCESS_MODE | Before or After | -| SQL_ATTR_ASYNC_ENABLE | Before or After | -| SQL_ATTR_AUTO_IPD | Before or After | -| SQL_ATTR_AUTOCOMMIT | Before or After | -| SQL_ATTR_CONNECTION_TIMEOUT | Before or After | -| SQL_ATTR_CURRENT_CATALOG | Before or After | +| SQL_ATTR_ACCESS_MODE | Before or after | +| SQL_ATTR_ASYNC_ENABLE | Before or after | +| SQL_ATTR_AUTO_IPD | Before or after | +| SQL_ATTR_AUTOCOMMIT | Before or after | +| SQL_ATTR_CONNECTION_TIMEOUT | Before or after | +| SQL_ATTR_CURRENT_CATALOG | Before or after | | SQL_ATTR_ENLIST_IN_DTC | After | | SQL_ATTR_ENLIST_IN_XA | After | | SQL_ATTR_LOGIN_TIMEOUT | Before | | SQL_ATTR_ODBC_CURSORS | Before | | SQL_ATTR_PACKET_SIZE | Before | -| SQL_ATTR_QUIET_MODE | Before or After | -| SQL_ATTR_TRACE | Before or After | -| SQL_ATTR_TRACEFILE | Before or After | +| SQL_ATTR_QUIET_MODE | Before or after | +| SQL_ATTR_TRACE | Before or after | +| SQL_ATTR_TRACEFILE | Before or after | | SQL_ATTR_TRANSLATE_LIB | After | | SQL_ATTR_TRANSLATE_OPTION | After | -| SQL_ATTR_TXN_ISOLATION | Before or After | +| SQL_ATTR_TXN_ISOLATION | Before or after | -## Environment Attributes +## Environment attributes You can use the ODBC `SQLGetEnvAttr()` and `SQLSetEnvAttr()` functions to retrieve or set the value of an environment attribute. @@ -408,25 +400,15 @@ SQLRETURN SQLGetConnectAttr ); ``` -`env_handle` - -The environment handle. +- `env_handle` — The environment handle. -`attribute` +- `attribute` — Identifies the attribute whose value you want to retrieve. -`attribute` identifies the attribute whose value you wish to retrieve. +- `value_pointer` — A pointer to the location in memory to receive the `attribute` value. -`value_pointer` +- `buffer_length` — If the attribute is a character string, `buffer_length` is the length of `value_ptr`. If the value of the attribute isn't a character string, `buffer_length` is unused. -A pointer to the location in memory that will receive the `attribute` value. - -`buffer_length` - -If the attribute is a character string, `buffer_length` is the length of `value_ptr`. If the value of the attribute is not a character string, `buffer_length` is unused. - -`string_length_pointer` - -A pointer to a `SQLINTEGER` that receives the number of bytes available to return in `value_pointer`. If `value_pointer` is NULL, `string_length_pointer` is not returned. +- `string_length_pointer` — A pointer to a `SQLINTEGER` that receives the number of bytes available to return in `value_pointer`. If `value_pointer` is NULL, `string_length_pointer` isn't returned. This function returns `SQL_SUCCESS`, `SQL_SUCCESS_WITH_INFO` , `SQL_NO_DATA`, `SQL_ERROR` or `SQL_INVALID_HANDLE`. @@ -435,8 +417,8 @@ The following table lists the environment attributes supported by EDB-ODBC. | Attribute | Supported? | Restrictions? | | --------------------------- | ----------------------------------- | ----------------------------------- | | SQL_ATTR_CONNECTION_POOLING | SQL_CP_ONE_PER_DRIVER or SQL_CP_OFF | Determined by connection properties | -| SQL_ATTR_ODBC_VERSION | (SQL_OV_ODBC3), (SQL_OV_ODBC2) | NONE | -| SQL_ATTR_OUTPUT_NTS | SQL_SUCCESS | NONE | +| SQL_ATTR_ODBC_VERSION | (SQL_OV_ODBC3), (SQL_OV_ODBC2) | None | +| SQL_ATTR_OUTPUT_NTS | SQL_SUCCESS | None | ## SQLSetEnvAttr() @@ -452,28 +434,27 @@ SQLRETURN SQLSetEnvAttr ); ``` -- `env_handle` The environment handle. -- `attribute` identifies the attribute whose value you wish to set. -- `value_pointer` A pointer to the value assigned to the `attribute`. -- The value will be a `NULL` terminated character string or a 32 bit integer value depending on the specified `attribute`. -- `string_length` If `value_pointer` is a pointer to a binary buffer or character string,`string\_length` is the length of `value_pointer`. If the value being assigned to the attribute is a character, `string_length` is the length of that character string. If `value_pointer` is NULL, `string_length` is not returned. If value_pointer is an integer,`string_length`is ignored. +- `env_handle` — The environment handle. +- `attribute` — Identifies the attribute whose value you want to set. +- `value_pointer` — A pointer to the value assigned to the attribute. The value is a NULL terminated character string or a 32-bit integer value, depending on the specified attribute. +- `string_length` — If `value_pointer` is a pointer to a binary buffer or character string, `string_length` is the length of `value_pointer`. If the value being assigned to the attribute is a character, `string_length` is the length of that character string. If `value_pointer` is NULL, `string_length` isn't returned. If `value_pointer` is an integer, `string_length`is ignored. -`SQLSetEnvAttr()` returns `SQL_SUCCESS`, `SQL_INVALID_HANDLE`, `SQL_ERROR` or `SQL_SUCCESS_WITH_INFO`. The application must call `SQLSetEnvAttr()` before allocating a connection handle; all values applied to environment attributes will persist until `SQLFreeHandle()` is called for the connection. ODBC version 3.x allows you to allocate multiple environment handles simultaneously. +`SQLSetEnvAttr()` returns `SQL_SUCCESS`, `SQL_INVALID_HANDLE`, `SQL_ERROR` or `SQL_SUCCESS_WITH_INFO`. The application must call `SQLSetEnvAttr()` before allocating a connection handle. All values applied to environment attributes persist until `SQLFreeHandle()` is called for the connection. ODBC version 3.x allows you to allocate multiple environment handles simultaneously. The following table lists the environment attributes you can set with `SQLSetAttr()`. | Attribute | Value_pointer type | Restrictions? | | --------------------- | ------------------ | -------------------------------------------------------------------------------------------------------------------------- | -| SQL_ATTR_ODBC_VERSION | 32 bit Integer | Set this attribute before the application calls any function that includes an SQLHENV argument. | -| SQL_ATTR_OUTPUT_NTS | 32-bit Integer | Defaults to SQL_TRUE. Calls that set this attribute to SQL_FALSE return SQL_ERROR/SQLSTATEHYC00 (feature not implemented). | +| SQL_ATTR_ODBC_VERSION | 32-bit integer | Set this attribute before the application calls any function that includes an `SQLHENV` argument. | +| SQL_ATTR_OUTPUT_NTS | 32-bit integer | Defaults to `SQL_TRUE`. Calls that set this attribute to `SQL_FALSE` return `SQL_ERROR/SQLSTATEHYC00` (feature not implemented). | -## Statement Attributes +## Statement attributes -You can use the ODBC `SQLGetStmtAttr()` and `SQLSetStmtAttr()`functions to retrieve and set the value of a statement attribute. +You can use the ODBC `SQLGetStmtAttr()` and `SQLSetStmtAttr()` functions to retrieve and set the value of a statement attribute. ### SQLGetStmtAttr() -The `SQLGetStmtAttr()` function returns the current value of statement attribute. The signature is: +The `SQLGetStmtAttr()` function returns the current value of a statement attribute. The signature is: ```c++ SQLRETURN SQLGetConnectAttr @@ -486,63 +467,63 @@ SQLRETURN SQLGetConnectAttr ); ``` -- `stmt_handle` The statement handle +- `stmt_handle` — The statement handle. -- `attribute` is the attribute value +- `attribute` — The attribute value. -- `value_pointer` A pointer to the location in memory that will receive the `attribute` value. +- `value_pointer` — A pointer to the location in memory to receive the `attribute` value. -- `buffer_length` If the attribute is defined by ODBC, `buffer_length` is the length of `value_pointer` (if `value_pointer` points to a character string or binary buffer). If `value_pointer` points to an integer, `buffer_length` is ignored. +- `buffer_length` — If the attribute is defined by ODBC, `buffer_length` is the length of `value_pointer` (if `value_pointer` points to a character string or binary buffer). If `value_pointer` points to an integer, `buffer_length` is ignored. - If EDB-ODBC defines the attribute, the application sets the `buffer_length` parameter. `buffer_length`can be: + If EDB-ODBC defines the attribute, the application sets the `buffer_length` parameter. `buffer_length`can be: - | Value Type | Meaning | + | Value type | Meaning | | ---------------------- | ----------------------------------------- | | Character string | The length of the character string | - | Binary buffer | The result of SQL_LEN_BINARY_ATTR(length) | - | Fixed length data type | SQL_IS_INTEGER or SQL_IS_UINTEGER | - | Any other type | SQL_IS_POINTER | + | Binary buffer | The result of `SQL_LEN_BINARY_ATTR(length)` | + | Fixed length data type | `SQL_IS_INTEGER` or `SQL_IS_UINTEGER` | + | Any other type | `SQL_IS_POINTER` | -- `string_length_pointer` A pointer to an `SQLINTEGER` that receives the number of bytes required to hold the requested value. If `value_pointer` is NULL, `string_length_pointer` is not returned. +- `string_length_pointer` — A pointer to an `SQLINTEGER` that receives the number of bytes required to hold the requested value. If `value_pointer` is NULL, `string_length_pointer` isn't returned. - This function returns `SQL_SUCCESS`, `SQL_SUCCESS_WITH_INFO`, `SQL_ERROR` or `SQL_INVALID_HANDLE`. + This function returns `SQL_SUCCESS`, `SQL_SUCCESS_WITH_INFO`, `SQL_ERROR` or `SQL_INVALID_HANDLE`. | Attribute | Supported? | Restrictions? | | ------------------------------ | ---------- | ----------------------- | - | SQL_ATTR_APP_PARAM_DESC | YES | | - | SQL_ATTR_APP_ROW_DESC | YES | | - | SQL_ATTR_ASYNC_ENABLE | NO | | - | SQL_ATTR_CONCURRENCY | YES | SQL_CONCUR_READ_ONLY | - | SQL_ATTR_CURSOR_SCROLLABLE | YES | | - | SQL_ATTR_CURSOR_TYPE | YES | SQL_CURSOR_FORWARD_ONLY | - | SQL_ATTR_CURSOR_SENSITIVITY | YES | SQL_INSENSITIVE | - | SQL_ATTR_ENABLE_AUTO_IPD | NO | | - | SQL_ATTR_FETCH_BOOKMARK_PTR | YES | | - | SQL_ATTR_IMP_PARAM_DESC | YES | | - | SQL_ATTR_IMP_ROW_DESC | YES | | - | SQL_ATTR_KEYSET_SIZE | NO | | - | SQL_ATTR_MAX_LENGTH | NO | | - | SQL_ATTR_MAX_ROWS | NO | | - | SQL_ATTR_METADATA_ID | YES | | - | SQL_ATTR_NOSCAN | NO | | - | SQL_ATTR_PARAM_BIND_OFFSET_PTR | YES | ODBC V2.0 | - | SQL_ATTR_PARAM_BIND_TYPE | YES | | - | SQL_ATTR_PARAM_OPERATION_PTR | YES | | - | SQL_ATTR_PARAM_STATUS_PTR | YES | | - | SQL_ATTR_PARAMS_PROCESSED_PTR | YES | | - | SQL_ATTR_PARAMSET_SIZE | YES | | - | SQL_ATTR_QUERY_TIMEOUT | NO | | - | SQL_ATTR_RETRIEVE_DATA | NO | | - | SQL_ATTR_ROW_BIND_OFFSET_PTR | YES | | - | SQL_ATTR_ROW_BIND_TYPE | NO | | - | SQL_ATTR_ROW_NUMBER | YES | | - | SQL_ATTR_ROW_OPERATION_PTR | YES | | - | SQL_ATTR_ROW_STATUS_PTR | YES | | - | SQL_ATTR_ROWS_FETCHED_PTR | YES | | - | SQL_ATTR_ROW_ARRAY_SIZE | YES | | - | SQL_ATTR_SIMULATE_CURSOR | NO | | - | SQL_ATTR_USE_BOOKMARKS | YES | | - | SQL_ROWSET_SIZE | YES | | + | SQL_ATTR_APP_PARAM_DESC | Yes | | + | SQL_ATTR_APP_ROW_DESC | Yes | | + | SQL_ATTR_ASYNC_ENABLE | No | | + | SQL_ATTR_CONCURRENCY | Yes | SQL_CONCUR_READ_ONLY | + | SQL_ATTR_CURSOR_SCROLLABLE | Yes | | + | SQL_ATTR_CURSOR_TYPE | Yes | SQL_CURSOR_FORWARD_ONLY | + | SQL_ATTR_CURSOR_SENSITIVITY | Yes | SQL_INSENSITIVE | + | SQL_ATTR_ENABLE_AUTO_IPD | No | | + | SQL_ATTR_FETCH_BOOKMARK_PTR | Yes | | + | SQL_ATTR_IMP_PARAM_DESC | Yes | | + | SQL_ATTR_IMP_ROW_DESC | Yes | | + | SQL_ATTR_KEYSET_SIZE | No | | + | SQL_ATTR_MAX_LENGTH | No | | + | SQL_ATTR_MAX_ROWS | No | | + | SQL_ATTR_METADATA_ID | Yes | | + | SQL_ATTR_NOSCAN | No | | + | SQL_ATTR_PARAM_BIND_OFFSET_PTR | Yes | ODBC V2.0 | + | SQL_ATTR_PARAM_BIND_TYPE | Yes | | + | SQL_ATTR_PARAM_OPERATION_PTR | Yes | | + | SQL_ATTR_PARAM_STATUS_PTR | Yes | | + | SQL_ATTR_PARAMS_PROCESSED_PTR | Yes | | + | SQL_ATTR_PARAMSET_SIZE | Yes | | + | SQL_ATTR_QUERY_TIMEOUT | No | | + | SQL_ATTR_RETRIEVE_DATA | No | | + | SQL_ATTR_ROW_BIND_OFFSET_PTR | Yes | | + | SQL_ATTR_ROW_BIND_TYPE | No | | + | SQL_ATTR_ROW_NUMBER | Yes | | + | SQL_ATTR_ROW_OPERATION_PTR | Yes | | + | SQL_ATTR_ROW_STATUS_PTR | Yes | | + | SQL_ATTR_ROWS_FETCHED_PTR | Yes | | + | SQL_ATTR_ROW_ARRAY_SIZE | Yes | | + | SQL_ATTR_SIMULATE_CURSOR | No | | + | SQL_ATTR_USE_BOOKMARKS | Yes | | + | SQL_ROWSET_SIZE | Yes | | ### SQLSetStmtAttr() @@ -558,40 +539,40 @@ SQLRETURN SQLSetStmtAttr ); ``` -- `stmt_handle` is the environment handle. +- `stmt_handle` — The environment handle. -- `attribute` identifies the statement attribute whose value you wish to set. +- `attribute` — Identifies the statement attribute whose value you want to set. -- `value_pointer` is a pointer to the location in memory that holds the value that will be assigned to the attribute. `value_pointer`can be a pointer to: +- `value_pointer` — A pointer to the location in memory that holds the value to assigned to the attribute. `value_pointer` can be a pointer to: - A null-terminated character string - A binary buffer - A value defined by the driver - A value of the type `SQLLEN`, `SQLULEN` or `SQLUSMALLINT` - Value-pointer can also optionally hold one of the following values: + `value-pointer` can also optionally hold one of the following values: - An ODBC descriptor handle - A `SQLUINTEGER` value - A `SQLULEN` value - A signed INTEGER (if attribute is a driver-specific value) -- `string_length` If `attribute` is defined by ODBC and `value_pointer` points to a binary buffer or character string, `string_length` is the length of `value_pointer`. If `value_pointer` points to an integer, `string_length` is ignored. - If EDB-ODBC defines the attribute, the application sets the `string_length` parameter. Possible `string_length` values are: +- `string_length` — If `attribute` is defined by ODBC and `value_pointer` points to a binary buffer or character string, `string_length` is the length of `value_pointer`. If `value_pointer` points to an integer, `string_length` is ignored. + If EDB-ODBC defines the attribute, the application sets the `string_length` parameter. Possible `string_length` values are: -| Value Type | Meaning | -| ---------------------- | --------------------------------------------- | -| Character string | The length of the character string or SQL_NTS | -| Binary buffer | The result of SQL_LEN_BINARY_ATTR(length) | -| Fixed length data type | SQL_IS_INTEGER or SQL_IS_UINTEGER | -| Any other type | SQL_IS_POINTER | + | Value type | Meaning | + | ---------------------- | --------------------------------------------- | + | Character string | The length of the character string or `SQL_NTS` | + | Binary buffer | The result of `SQL_LEN_BINARY_ATTR(length)` | + | Fixed length data type | `SQL_IS_INTEGER` or `SQL_IS_UINTEGER` | + | Any other type | `SQL_IS_POINTER` | -## Error Handling +## Error handling -Diagnostic information for the ODBC functions mentioned in this guide can be retrieved via the ODBC `SQLGetDiagRec()` function. +You can retrieve diagnostic information for these ODBC functions mentioned by using the ODBC `SQLGetDiagRec()` function. ### SQLGetDiagRec() - The `SQLGetDiagRec()` function returns status and error information from a diagnostic record written by the ODBC functions that retrieve or set attribute values. The signature is: +The `SQLGetDiagRec()` function returns status and error information from a diagnostic record written by the ODBC functions that retrieve or set attribute values. The signature is: ```c++ SQLRETURN SQLGetDiagRec @@ -607,34 +588,34 @@ SQLRETURN SQLGetDiagRec ); ``` -- `handle_type` The handle type of the `handle` argument. `handle_type`must be one of the following: +- `handle_type` — The handle type of the `handle` argument. `handle_type` must be one of the following: - `SQL_HANDLE_ENV` specifies an environment handle. - `SQL_HANDLE_STMT` specifies a statement handle. - `SQL_HANDLE_DBC` specifies a connection handle. - `SQL_HANDLE_DESC` specifies a descriptor handle. -- `handle` The handle associated with the attribute error message. +- `handle` — The handle associated with the attribute error message. -- `record_number` The status record that the application is seeking information from (must be greater than or equal to 1). +- `record_number` — The status record that the application is seeking information from (must be greater than or equal to 1). -- `SQLState_pointer` Pointer to a memory buffer that receives the `SQLState` error code from the record. +- `SQLState_pointer` — Pointer to a memory buffer that receives the `SQLState` error code from the record. -- `native_error_pointer` Pointer to a buffer that receives the native error message for the data source (contained in the `SQL_DIAG_NATIVE` field). +- `native_error_pointer` — Pointer to a buffer that receives the native error message for the data source (contained in the `SQL_DIAG_NATIVE` field). -- `error_text_pointer` Pointer to a memory buffer that receives the error text (contained in the `SQL_DIAG_MESSAGE_TEXT` field) +- `error_text_pointer` — Pointer to a memory buffer that receives the error text (contained in the `SQL_DIAG_MESSAGE_TEXT` field). -- `buffer_length` The length of the `error_text` buffer. +- `buffer_length` — The length of the `error_text` buffer. -- `text_length_pointer` Pointer to the buffer that receives the size (in characters) of the `error_text_pointer` field. If the number of characters in the `error_text_pointer` parameter exceeds the number available (in `buffer_length`), `error_text_pointer` will be truncated. +- `text_length_pointer` — Pointer to the buffer that receives the size (in characters) of the `error_text_pointer` field. If the number of characters in the `error_text_pointer` parameter exceeds the number available (in `buffer_length`), `error_text_pointer` is truncated. `SQLGetDiagRec()` returns `SQL_SUCCESS`, `SQL_ERROR`, `SQL_INVALID_HANDLE`, `SQL_SUCCESS_WITH_DATA` or `SQL_NO_DATA`. -## Supported ODBC API Functions +## Supported ODBC API functions -The following table lists the ODBC API functions; the right column specifies `Yes` if the API is supported by the EDB-ODBC driver. Use the ODBC `SQLGetFunctions()` function (specifying a function ID of `SQL_API_ODBC3_ALL_FUNCTIONS`) to return a current version of this list. +The following table lists the ODBC API functions. The right column specifies Yes if the API is supported by the EDB-ODBC driver. Use the ODBC `SQLGetFunctions()` function (specifying a function ID of `SQL_API_ODBC3_ALL_FUNCTIONS`) to return a current version of this list. -| ODBC API Function Name | Supported by EDB-ODBC? | +| ODBC API function name | Supported by EDB-ODBC? | | ---------------------- | ---------------------- | | SQLAllocConnect() | Yes | | SQLAllocEnv() | Yes | @@ -714,11 +695,11 @@ The following table lists the ODBC API functions; the right column specifies `Ye | SQLSetStmtAttr() | Yes | | SQLBulkOperations() | Yes | -## Supported Data Types +## Supported data types -EDB-ODBC supports the following ODBC data types: +EDB-ODBC supports the following ODBC data types. -| ODBC Data Type | Corresponding Advanced Server Data Type | +| ODBC data type | Corresponding EDB Postgres Advanced Server data type | | ------------------ | --------------------------------------- | | SQL_BIGINT | PG_TYPE_INT8 | | SQL_BINARY | PG_TYPE_BYTEA | @@ -741,10 +722,10 @@ EDB-ODBC supports the following ODBC data types: | SQL_VARBINARY | PG_TYPE_BYTEA | | SQL_VARCHAR | PG_TYPE_VARCHAR | -## prerequisite for ADO users +## Prerequisite for ADO users You must execute `Command.Prepared = True` before executing `Command.Execute`. -## Thread Safety +## Thread safety EDB-ODBC is thread safe. diff --git a/product_docs/docs/odbc_connector/13/07_scram_compatibility.mdx b/product_docs/docs/odbc_connector/13/07_scram_compatibility.mdx index e5e249d2545..7df7419776e 100644 --- a/product_docs/docs/odbc_connector/13/07_scram_compatibility.mdx +++ b/product_docs/docs/odbc_connector/13/07_scram_compatibility.mdx @@ -1,5 +1,5 @@ --- -title: "Scram Compatibility" +title: "Scram compatibility" legacyRedirects: - "/edb-docs/d/edb-postgres-odbc-connector/user-guides/odbc-guide/12.2.0.2/security_and_encryption.html" @@ -7,4 +7,4 @@ legacyRedirects: -The EDB ODBC Connector provides SCRAM-SHA-256 support for Advanced Server versions 10 and above. This support is available from EDB ODBC 10.01.0000.01 release onwards. +The EDB ODBC Connector provides SCRAM-SHA-256 support for EDB Postgres Advanced Server versions 10 and later. This support is available from EDB ODBC 10.01.0000.01 release and later. diff --git a/product_docs/docs/odbc_connector/13/index.mdx b/product_docs/docs/odbc_connector/13/index.mdx index 40804657fec..cf66748a08b 100644 --- a/product_docs/docs/odbc_connector/13/index.mdx +++ b/product_docs/docs/odbc_connector/13/index.mdx @@ -5,9 +5,7 @@ directoryDefaults: --- -ODBC (Open Database Connectivity) is a programming interface that allows a client application to connect to any database that provides an ODBC driver. The EDB ODBC Connector provides connectivity between EDB Postgres Advanced Server (Advanced Server) and ODBC-compliant applications. - -This guide contains installation information for the EDB ODBC as well as information about creating data source definitions for the EDB ODBC. This guide also contains reference information that details the ODBC functionality supported by the EDB ODBC. +ODBC (Open Database Connectivity) is a programming interface that allows a client application to connect to any database that provides an ODBC driver. The EDB ODBC Connector provides connectivity between EDB Postgres Advanced Server and ODBC-compliant applications.
From 94580cbc4a4889c7f3c58c7ca49f6b8e88320600 Mon Sep 17 00:00:00 2001 From: jingjingliu20 <86595232+jingjingliu20@users.noreply.github.com> Date: Mon, 11 Apr 2022 14:01:58 +0800 Subject: [PATCH 24/34] Update 02_connect_cloud_account.mdx Add how to grant admin consent for the created spn. --- .../release/getting_started/02_connect_cloud_account.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx index f994dd05018..330ce0d75a2 100644 --- a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx +++ b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx @@ -108,6 +108,9 @@ If you receive the following error message, you need to request admin consent fo Error: Please request Azure AD Global Administrator or Privileged Role Administrator to grant admin consent permissions for Service Principal hello-s(77bbxxxx-xxxx-xxxx-xxxx-xxxxxxxx7c54) ``` +The Azure AD Global Administrator or Privileged Role Administrator role can grant admin consent from Azure **App registrations** at [Azure portal](https://portal.azure.com/), then select **API permissions** to grant admin consent. + + ## Connect your cloud account Connect your cloud account with your Azure subscription. From 2d5a79e16cacbe3351427ad185afcbe4a13dee4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Apr 2022 11:53:05 +0000 Subject: [PATCH 25/34] Bump moment from 2.29.1 to 2.29.2 Bumps [moment](https://github.com/moment/moment) from 2.29.1 to 2.29.2. - [Release notes](https://github.com/moment/moment/releases) - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](https://github.com/moment/moment/compare/2.29.1...2.29.2) --- updated-dependencies: - dependency-name: moment dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index d30f4a92c14..807c5ce702a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14249,9 +14249,9 @@ "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==" }, "node_modules/moment": { - "version": "2.29.1", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.1.tgz", - "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==", + "version": "2.29.2", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.2.tgz", + "integrity": "sha512-UgzG4rvxYpN15jgCmVJwac49h9ly9NurikMWGPdVxm8GZD6XjkKPxDTjQQ43gtGgnV3X0cAyWDdP2Wexoquifg==", "engines": { "node": "*" } @@ -32903,9 +32903,9 @@ "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==" }, "moment": { - "version": "2.29.1", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.1.tgz", - "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==" + "version": "2.29.2", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.2.tgz", + "integrity": "sha512-UgzG4rvxYpN15jgCmVJwac49h9ly9NurikMWGPdVxm8GZD6XjkKPxDTjQQ43gtGgnV3X0cAyWDdP2Wexoquifg==" }, "mri": { "version": "1.1.6", From 72018eaf0cd630524bf53b86176b6b1e995a9d2c Mon Sep 17 00:00:00 2001 From: theadamwright Date: Mon, 11 Apr 2022 13:36:41 -0400 Subject: [PATCH 26/34] Update 01_choosing_your_tool.mdx Tool comparison table updated to reflect PEM integration with Barman. --- .../docs/bart/2.6/bart_migration/01_choosing_your_tool.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/bart/2.6/bart_migration/01_choosing_your_tool.mdx b/product_docs/docs/bart/2.6/bart_migration/01_choosing_your_tool.mdx index 8dbbbcd013a..32d186b9f8c 100644 --- a/product_docs/docs/bart/2.6/bart_migration/01_choosing_your_tool.mdx +++ b/product_docs/docs/bart/2.6/bart_migration/01_choosing_your_tool.mdx @@ -35,7 +35,7 @@ tools on a generic level: | Custom WAL sizes | Yes | Yes ( v11+) | | Backup compression | Coming soon | Yes | | Partial restore (only selected databases) | - | Yes | - | PEM integration | Coming soon | - | + | PEM integration | Yes | - | | License | [GPLv3](https://github.com/EnterpriseDB/barman/blob/master/LICENSE) | [MIT](https://github.com/pgbackrest/pgbackrest/blob/master/LICENSE) | From ab35b0a8310d538105db4af86848eebfcf859a81 Mon Sep 17 00:00:00 2001 From: Betsy Gitelman <93718720+ebgitelman@users.noreply.github.com> Date: Tue, 12 Apr 2022 10:16:06 -0400 Subject: [PATCH 27/34] added para back in used proper links to sections --- .../docs/odbc_connector/13/04_creating_a_data_source.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx b/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx index cb692745fbe..8062a7aea95 100644 --- a/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx +++ b/product_docs/docs/odbc_connector/13/04_creating_a_data_source.mdx @@ -30,3 +30,5 @@ Port = 5444 The first line in the data source is the data source name. The name is a unique identifier, enclosed in square brackets. The data source name is followed by a series of `keyword=value` pairs that identify individual connection properties that make up the data source. The ODBC Administrator utility creates named data sources for ODBC connections. In most cases, an ODBC Administrator utility is distributed with the operating system. If you’re using Windows or unixODBC, the tool is called the ODBC Data Source Administrator. If your operating system doesn’t include an ODBC Administrator, third-party options are available online. + +[Adding a data source definition in Windows](05_edb-odbc_connection_properties/#adding-a-data-source-definition-in-windows) and [Adding a data source definition in Linux](05_edb-odbc_connection_properties/#adding-a-data-source-definition-in-linux) walk you through adding a data source in Windows and Linux using the graphical tools available for each operating system. During the process of defining a data source, you’ll be asked to specify a set of connection properties. [EDB-ODBC connection properties](05_edb-odbc_connection_properties) contains information about optional data source connection properties. You can specify connection properties with graphical tools or edit the `odbc.ini` file with a text editor. \ No newline at end of file From b53886bce837834d9e4a6d2ee6b7feb83f61846f Mon Sep 17 00:00:00 2001 From: Dee Dee Rothery <83650384+drothery-edb@users.noreply.github.com> Date: Wed, 13 Apr 2022 07:51:10 -0400 Subject: [PATCH 28/34] Update product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx --- .../release/getting_started/02_connect_cloud_account.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx index 330ce0d75a2..da74900360c 100644 --- a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx +++ b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx @@ -108,7 +108,7 @@ If you receive the following error message, you need to request admin consent fo Error: Please request Azure AD Global Administrator or Privileged Role Administrator to grant admin consent permissions for Service Principal hello-s(77bbxxxx-xxxx-xxxx-xxxx-xxxxxxxx7c54) ``` -The Azure AD Global Administrator or Privileged Role Administrator role can grant admin consent from Azure **App registrations** at [Azure portal](https://portal.azure.com/), then select **API permissions** to grant admin consent. +To grant admin consent, a user with the Azure AD Global Administrator or Privileged Role Administrator role goes to [App registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) in the Azure portal and selects **API permissions**. ## Connect your cloud account From d5ed588125739084c38a53bc13f347d609d8b8d2 Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Wed, 13 Apr 2022 10:21:54 -0400 Subject: [PATCH 29/34] refining rewrite --- .../release/getting_started/02_connect_cloud_account.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx index 330ce0d75a2..918f7a81ca8 100644 --- a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx +++ b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx @@ -108,7 +108,7 @@ If you receive the following error message, you need to request admin consent fo Error: Please request Azure AD Global Administrator or Privileged Role Administrator to grant admin consent permissions for Service Principal hello-s(77bbxxxx-xxxx-xxxx-xxxx-xxxxxxxx7c54) ``` -The Azure AD Global Administrator or Privileged Role Administrator role can grant admin consent from Azure **App registrations** at [Azure portal](https://portal.azure.com/), then select **API permissions** to grant admin consent. +To grant admin consent, you or another user with the Azure AD Global Administrator or Privileged Role Administrator role, go to [App registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) in the Azure portal and select **API permissions**. ## Connect your cloud account From 219cd9f12d129c6a79a615dba57bba4d621ea74f Mon Sep 17 00:00:00 2001 From: nick-ivanov-edb <103075931+nick-ivanov-edb@users.noreply.github.com> Date: Wed, 13 Apr 2022 10:25:13 -0400 Subject: [PATCH 30/34] Typo in parameter name --- product_docs/docs/bdr/4.0/conflicts.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/bdr/4.0/conflicts.mdx b/product_docs/docs/bdr/4.0/conflicts.mdx index b6a727690bb..ba229f6a554 100644 --- a/product_docs/docs/bdr/4.0/conflicts.mdx +++ b/product_docs/docs/bdr/4.0/conflicts.mdx @@ -790,7 +790,7 @@ is not the case, conflict resolution will tend to favour the node that is further ahead. Clock skew between nodes can be managed using the parameters `bdr.maximum_clock_skew` and `bdr.maximum_clock_skew_action`. -Row origins are only available if track_commit_timestamps = on. +Row origins are only available if track_commit_timestamp = on. Conflicts are initially detected based upon whether the replication origin has changed or not, so conflict triggers will be called in From 2fe56d810698d50eb29545125b937b1ad4ded8d2 Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Wed, 13 Apr 2022 13:14:24 -0400 Subject: [PATCH 31/34] BigAnimal: clarifying when restores are possible --- .../biganimal/release/using_cluster/04_backup_and_restore.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/using_cluster/04_backup_and_restore.mdx b/product_docs/docs/biganimal/release/using_cluster/04_backup_and_restore.mdx index 8ea9249da0d..9e0126d44e5 100644 --- a/product_docs/docs/biganimal/release/using_cluster/04_backup_and_restore.mdx +++ b/product_docs/docs/biganimal/release/using_cluster/04_backup_and_restore.mdx @@ -12,7 +12,7 @@ BigAnimal retains backups for 30 days by default. ### Restores -If a restore is necessary—for example, in case of an accidental `DROP TABLE` statement—you can restore clusters to any point in time as long as backups are retained in Azure Blob Storage. Currently BigAnimal does not age out backups, so you can restore clusters to any time since cluster creation. +If a restore is necessary—for example, in case of an accidental `DROP TABLE` statement—you can restore clusters to any point within the backup retention period. Cluster restores aren't performed "in-place" on an existing cluster. Instead, a new cluster is created and initialized with data from the backup archive. Restores must replay the transaction logs between the most recent full database backup and the target restore point. Thus restore times (that is, RTO) are dependent on the write activity in the source cluster. From 1b5b54c7ffb916240dce1c4384b4bd50dbb962f4 Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Wed, 13 Apr 2022 16:42:38 -0400 Subject: [PATCH 32/34] fixed misplaced comma --- .../release/getting_started/02_connect_cloud_account.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx index 918f7a81ca8..ff46419a7f4 100644 --- a/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx +++ b/product_docs/docs/biganimal/release/getting_started/02_connect_cloud_account.mdx @@ -108,7 +108,7 @@ If you receive the following error message, you need to request admin consent fo Error: Please request Azure AD Global Administrator or Privileged Role Administrator to grant admin consent permissions for Service Principal hello-s(77bbxxxx-xxxx-xxxx-xxxx-xxxxxxxx7c54) ``` -To grant admin consent, you or another user with the Azure AD Global Administrator or Privileged Role Administrator role, go to [App registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) in the Azure portal and select **API permissions**. +To grant admin consent you, or another user with the Azure AD Global Administrator or Privileged Role Administrator role, go to [App registrations](https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) in the Azure portal and select **API permissions**. ## Connect your cloud account From 79ea9ffdd29739f4e2959af25765e150af12311f Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Wed, 13 Apr 2022 17:53:52 -0400 Subject: [PATCH 33/34] mentioned new policy topic in parent page and added index cards --- .../release/administering_cluster/01_portal_access.mdx | 3 ++- .../release/administering_cluster/01a_superset_access.mdx | 1 + .../release/administering_cluster/03_account_activity.mdx | 1 + .../04_customizing_policy_ definitions.mdx | 1 + .../docs/biganimal/release/administering_cluster/index.mdx | 3 ++- 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/product_docs/docs/biganimal/release/administering_cluster/01_portal_access.mdx b/product_docs/docs/biganimal/release/administering_cluster/01_portal_access.mdx index 5d859e8bcd6..260e30b5396 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/01_portal_access.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/01_portal_access.mdx @@ -1,6 +1,7 @@ --- title: "Managing portal access" -redirects: +description: "Authenticate users and grant users access to different parts of the application" +redirects: - 01_user_access --- diff --git a/product_docs/docs/biganimal/release/administering_cluster/01a_superset_access.mdx b/product_docs/docs/biganimal/release/administering_cluster/01a_superset_access.mdx index 6d58c51537b..e82eb08326b 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/01a_superset_access.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/01a_superset_access.mdx @@ -1,5 +1,6 @@ --- title: Managing Superset access +description: "Control access to Superset data sources using Superset roles and permissions" --- You control access to Superset data sources by using Superset roles and permissions. diff --git a/product_docs/docs/biganimal/release/administering_cluster/03_account_activity.mdx b/product_docs/docs/biganimal/release/administering_cluster/03_account_activity.mdx index 605f7b2ac82..f8d3b9ef383 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/03_account_activity.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/03_account_activity.mdx @@ -1,5 +1,6 @@ --- title: "Reviewing account activity" +description: "Use the activity log to audit user activities or research account activities" --- The activity log collects BigAnimal events based on user activity in the portal. You can use the log to audit activities performed by users from your organizations or research activities that might have affected your account. diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx index 82776c55e66..4dd6ec4667e 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx @@ -1,5 +1,6 @@ --- title: "Customizing Azure policy definitions" +description: "Customize default Azure policies to match BigAnimal's resource configurations" --- Azure Policies help you monitor, identify, and remediate non-compliant resources. Azure automatically assigns a default set of policies to each subscription. If required by your organization, you can further customize these default Azure policies to match BigAnimal's resource configurations. diff --git a/product_docs/docs/biganimal/release/administering_cluster/index.mdx b/product_docs/docs/biganimal/release/administering_cluster/index.mdx index a480aaf2b7c..161e95e3043 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/index.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/index.mdx @@ -1,7 +1,8 @@ --- title: "Administering your account" +indexCards: simple --- -Administrative activities for the BigAnimal account include portal and database user access management as well as account activity reviews. +Administrative activities for the BigAnimal account include portal and database user access management as well as account activity reviews and customizing Azure policy definitions. If you coordinated with [BigAnimal Support](../overview/support) to enable the Apache Superset feature, see [Managing Superset access](01a_superset_access) for information on setting up roles and permission for access to the Superset data sources. From 29cda70500280c52ef5ab68426db9469e085111d Mon Sep 17 00:00:00 2001 From: drothery-edb Date: Wed, 13 Apr 2022 18:05:50 -0400 Subject: [PATCH 34/34] minor tweaks --- ...y_ definitions.mdx => 04_customizing_policy_definitions.mdx} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename product_docs/docs/biganimal/release/administering_cluster/{04_customizing_policy_ definitions.mdx => 04_customizing_policy_definitions.mdx} (98%) diff --git a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_definitions.mdx similarity index 98% rename from product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx rename to product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_definitions.mdx index 4dd6ec4667e..5144d1a4e76 100644 --- a/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_ definitions.mdx +++ b/product_docs/docs/biganimal/release/administering_cluster/04_customizing_policy_definitions.mdx @@ -13,7 +13,7 @@ Azure Policies help you monitor, identify, and remediate non-compliant resources In each of your BigAnimal-enabled Azure subscriptions, manually perform the following steps: !!! Note - You require *Microsoft.Authorizations/PolicyAssignments/write* permissions to be able to update policy initiatives (sets of policies) in Azure. + You require Microsoft.Authorizations/PolicyAssignments/write permissions to be able to update policy initiatives (sets of policies) in Azure. 1. In the Azure portal, enter **Policy** in the search box at the top and open the Policy service.