Subject RE: [Firebird-Architect] User name SYSDBA
Author Leyne, Sean

> Both are non-standard, but changing the rules on roles is less so,
> work to implement, less work to document, and less confusing to the
> DBA who would need to figure out when to use a role, when to use a
> group, and how to figure it when he guessed wrong.

Doesn't that apply to your proposed 'latent' roles?

What roles where active? Which were deactivated? Did the user login
with an explicit role?

The whole idea of activation/deactivation seems unnecessary and brings
it's own set of support issues.

Speaking of non-standard, I found it interesting that MS SQL doesn't
have a standard implementation of Role. They allow users to have
multiple roles.

So with MS in mind, and with the view of simplifying the groups/role
usage issue, and maintaining some backward compatibility. I propose:

- Allow users to have multiple roles, which are fixed (no

- Allow user to login with specific/singular role (as they can today)

- If user logs in without role then all the user's roles would apply.