Subject Re: [Firebird-Architect] User name SYSDBA
Author Jim Starkey
Martijn Tonies wrote:

>>>My only concern is that the current implementation of Role, while SQL
>>>compliant is almost completely useless. Any user can login with any
>>>role -- so how can access to the SYSDBA functions be limited?... they
>>>can't.
>>>
>>>The change of SYSDBA from a user to a "role" would be a good thing, only
>>>if the implementation uses a security "group" metaphor to which a user
>>>must be added as a member and not a property which is set as a value at
>>>login.
>>>
>>>
>"groups" sound fine to me.
>
>
>
What is the difference between a group and a role other than name?
While it makes sense for someone to activate and deactivate a
particularly role, does it makes sense to temporarily leave a group?
What sort of privilege would be required to register another user for a
group?

--

Jim Starkey
Netfrastructure, Inc.
978 526-1376