Subject RE: [Firebird-Architect] User name SYSDBA
Author Leyne, Sean

> When a case worker requests help desk support from an administrator
> is often necessary for the administrator to log out from their
> administrative role session and log back in choosing the case worker
> role in order to replicate the behaviour.

Our application allows a user to belong to multiple groups (roles) and
thus they have access to all functions available to all the groups they
belong to. Why does a user have to log out or perform some action to
change the role? It seems a very unnecessary step.

Our application, and the groups model I described previously, is exactly
the same model which was (is ?) used by Novell for there
network/resource security model. Microsoft today, also uses groups as I
described for access control to resources (though with a typical MS
twist which makes it different from Novell). In either case, you get
the maximum access to the resources based on your groups and the rights
assigned to your specific user account (i.e. you can still manage
security on a user by user basis if you don't want to use groups).