table_name("groups")
description("Local system groups.")
schema([
    Column("gid", BIGINT, "Unsigned int64 group ID", index=True),
    Column("gid_signed", BIGINT, "A signed int64 version of gid"),
    Column("groupname", TEXT, "Canonical local group name"),
])
extended_schema(WINDOWS, [
    Column("group_sid", TEXT, "Unique group ID", index=True),
    Column("comment", TEXT, "Remarks or comments associated with the group"),
])

extended_schema(DARWIN, [
    Column("is_hidden", INTEGER, "IsHidden attribute set in OpenDirectory"),
])
implementation("groups@genGroups")
examples([
  "select * from groups where gid = 0",
  # Group/user_groups is not JOIN optimized
  #"select g.groupname, ug.uid from groups g, user_groups ug where g.gid = ug.gid",
  # The relative group ID, or RID, is used by osquery as the "gid"
  # For Windows, "gid" and "gid_signed" will always be the same.
])