| Subject | RE: [IB-Architect] Re: Some thoughts on IB and security |
|---|---|
| Author | Claudio Valderrama C. |
| Post date | 2000-04-29T22:10:53Z |
I didn't want to mean SQL_Roles=OS_Groups by default. I was trying to say
that some plug-in could offer as an option a mapping between these two
concepts.
If you prefer, then let's use the information that exists in the ACLs of the
rdb$security_classes to map to groups/domains and let the roles totally
alone.
C.
that some plug-in could offer as an option a mapping between these two
concepts.
If you prefer, then let's use the information that exists in the ACLs of the
rdb$security_classes to map to groups/domains and let the roles totally
alone.
C.
> -----Original Message-----
> From: Bill Karwin [mailto:bill@...]
> Sent: Sábado 29 de Abril de 2000 18:03
>
> rfm@... wrote:
> > Yeah. What I had in mind would only happen at authentication time,
> > and could be as simple as saying that 'these OS groups correspond
> > to the SQL roles of the same name' Or even 'all OS groups correspond
> > to the SQL role of the same name'. My point being that it should not
> > just be 'any user who can log onto the OS can use the database'
>
> I want to repeat my opinion that OS groups should not correspond to SQL
> roles. If we want a SQL mechanism to map to OS groups, then InterBase
> could implement a groups concept (in fact it has it already, doesn't
> it?). But SQL roles ain't it.