| Subject | RE: [Firebird-Architect] User name SYSDBA |
|---|---|
| Author | Leyne, Sean |
| Post date | 2005-08-04T16:56:37Z |
Jim,
What roles where active? Which were deactivated? Did the user login
with an explicit role?
The whole idea of activation/deactivation seems unnecessary and brings
it's own set of support issues.
Speaking of non-standard, I found it interesting that MS SQL doesn't
have a standard implementation of Role. They allow users to have
multiple roles.
So with MS in mind, and with the view of simplifying the groups/role
usage issue, and maintaining some backward compatibility. I propose:
- Allow users to have multiple roles, which are fixed (no
activation/deactivation)
- Allow user to login with specific/singular role (as they can today)
- If user logs in without role then all the user's roles would apply.
Comments?
Sean
> Both are non-standard, but changing the rules on roles is less so,less
> work to implement, less work to document, and less confusing to thepoor
> DBA who would need to figure out when to use a role, when to use aDoesn't that apply to your proposed 'latent' roles?
> group, and how to figure it when he guessed wrong.
What roles where active? Which were deactivated? Did the user login
with an explicit role?
The whole idea of activation/deactivation seems unnecessary and brings
it's own set of support issues.
Speaking of non-standard, I found it interesting that MS SQL doesn't
have a standard implementation of Role. They allow users to have
multiple roles.
So with MS in mind, and with the view of simplifying the groups/role
usage issue, and maintaining some backward compatibility. I propose:
- Allow users to have multiple roles, which are fixed (no
activation/deactivation)
- Allow user to login with specific/singular role (as they can today)
- If user logs in without role then all the user's roles would apply.
Comments?
Sean