> -----Original Message-----
> From: Firebird-Architect@yahoogroups.com
> [mailto:Firebird-Architect@yahoogroups.com]On Behalf Of Jim Starkey
> Sent: Miércoles, 03 de Agosto de 2005 10:30
>
> I had rather thought that SYSDBA was an arbitrary account name generally
> used when creating new databases. In fact, it is hard coded in at least
> two places. Is this a really good idea? The idea of a magic account
> like "root" is pretty much discredited in favor of schemes that create a
> privileged account at creation time. Should we be considering
> eliminating the builtin SYSDBA in favor of the user name give when
> creating a database?

Borland had to harcoded SYSDBA to offer a default, fixed admin account on
Win 3.1 and to be able to login into the primitive, original Services API on
a Novell IB Server being administered by Server Manager running on Windows.

Following the simple role models, I added the column rdb$system_flag to
rdb$roles, thus in principle your could have some system roles like owner
(all privs), backup operator, metadata admin, etc.

When you login with a role that wasn't granted to you, that role is turned
into NONE, that's the reserved role name when you aren't using a role. It's
possible to log in with a not granted role only in IB, not in FB.

It's possible to grant roles to users with those users having the the
ability to grant this role in turn, using the WITH ADMIN OPTION.

It's possible to create more complex schemas by granting roles to roles (and
it's in the standard), but we don't support that capability.

C.