> Yeah. Although the Interbase role model is a single role
> identified at logon, a more useful model is multiple roles,
> each of which may be turned on or off during a session.
>
> Jim Starkey

I assume you mean with only one active role at a time, right? Changing roles
without having to reconnect sounds quite useful. But when defining each role
correctly, I really don't think there should be any need to support the user
of multiple active roles. That would introduce the problem of conflicting
permissions and restrictions, and it would probably generate more headaches
than saving time.

For tricky stuff, implementing security in an outside layer is usually the
way to go (IMHO). The SQL security declarations have no notion of turning
permissions on/off in response to the current time, the connection IP,
permissions managed through other models, etc.

Marcelo Lopez Ruiz