| Subject | RE: [Firebird-Architect] Groups in Firebird |
|---|---|
| Author | Samofatov, Nickolay |
| Post date | 2004-10-22T00:40:26Z |
Hi, Geoff!
groups.
Effective rights for the user are equal to union of rights granted to it
directly and via roles.
If I understand current standard correctly it "basic roles" chapter
explains exactly this approach.
I think Interbase developers misunderstood standard regarding roles
semantics.
CURRENT_ROLE and related stuff is a part of another feature (T332 -
Extended Roles) which specifies <grantor> semantics.
I.e. when you grant something to somebody you grant it using ROLE you
specified at login by default (or current user if you didn't).
Then if you revoke rights from grantor, grantees are affected too.
That's it.
Actually Firebird roles may be more or less trivially fixed to support
standards-compliant behavior
Standard roles == groups.
> But having given my opinion on how it should have been done,In Oracle and most (all?) other databases roles act exactly as normal
> we should look at the SQL standard and other implementations.
groups.
Effective rights for the user are equal to union of rights granted to it
directly and via roles.
If I understand current standard correctly it "basic roles" chapter
explains exactly this approach.
I think Interbase developers misunderstood standard regarding roles
semantics.
CURRENT_ROLE and related stuff is a part of another feature (T332 -
Extended Roles) which specifies <grantor> semantics.
I.e. when you grant something to somebody you grant it using ROLE you
specified at login by default (or current user if you didn't).
Then if you revoke rights from grantor, grantees are affected too.
That's it.
Actually Firebird roles may be more or less trivially fixed to support
standards-compliant behavior
> Perhaps this approach would be preferable to introducing aFirebird is non standard-compliant regarding the matter.
> totally non-standard object (groups) into the databse?
Standard roles == groups.
> Geoff WorboysNickolay