Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
News Ask around Meetups Schedule a demo Share your story COMPANY The handbook Testimonials
Pricing Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

authdb

click to open the table of contents
macOS logo

authdb

The macOS authorizationdb is used by Mac admins to give their users or themselves granular permissions on the Macs they manage. The authdb osquery table returns JSON output for the authorizationdb read <right_name> command.

Column Type Description
json_result text The JSON output parsed from authorizationdb plist.
right_name text The right_name to query in the authorizationdb read <right_name> command.
Required in WHERE clause

Example

The “right_name” string system.login.console is used in the mandatory WHERE clause for this table:

SELECT * FROM authdb WHERE right_name='system.login.console';

Notes

This table is from the Mac Admins osquery extension.

The authorizationdb is a SQLite database that can be dumped out with the following Terminal command:

sudo /usr/bin/sqlite3 /var/db/auth.db .dump

The following command generates a .plist showing the attributes of the authorizationdb configuration:

security authorizationdb read system.login.console
Edit page

Questions?

Ask us anything
{{table.title}} evented table