Subject RE: [Firebird-Architect] Groups in Firebird
Author Samofatov, Nickolay
Hi, Geoff!

> But having given my opinion on how it should have been done,
> we should look at the SQL standard and other implementations.

In Oracle and most (all?) other databases roles act exactly as normal
Effective rights for the user are equal to union of rights granted to it
directly and via roles.

If I understand current standard correctly it "basic roles" chapter
explains exactly this approach.
I think Interbase developers misunderstood standard regarding roles

CURRENT_ROLE and related stuff is a part of another feature (T332 -
Extended Roles) which specifies <grantor> semantics.
I.e. when you grant something to somebody you grant it using ROLE you
specified at login by default (or current user if you didn't).
Then if you revoke rights from grantor, grantees are affected too.
That's it.

Actually Firebird roles may be more or less trivially fixed to support
standards-compliant behavior

> Perhaps this approach would be preferable to introducing a
> totally non-standard object (groups) into the databse?

Firebird is non standard-compliant regarding the matter.
Standard roles == groups.

> Geoff Worboys