| Subject | FB security - Roles vs Groups |
|---|---|
| Author | Geoff Worboys |
| Post date | 2005-08-04T22:56:54Z |
Hi All,
I am being rude and starting a new topic to cover the offshoot
of the "User name SYSDBA" thread that concerns how security
should be managed in Firebird in terms of SQL roles versus
some potentially non-standard group facility.
My first comment is that I believe Ann is correct, we should
not try to extended the SQL role facility into something that
is non-standard. If a non-standard facility is required then
it should be declared separately and distinctly.
However Claudio did say:
important. If we had this ability then suddenly the whole
issue of privilege management becomes much easier.
We could finally begin to "group" privileges as roles, and
roles within roles, obtaining the sort of management features
that people have been requesting with "groups". All this while
still keeping entirely within the standard.
The ability to "pickup" or "drop" roles dynamically at runtime,
as suggested by Jim, I believe is a separate issue. That is;
once we resolve the problems of privilege management, the
ability to change things dynamically can be studied to see if
it can be made to work - and whether it is necessary.
All that leaves then would be the ability to define a user
has having a "default" role if they do not login with a
specific role. Perhaps the GRANT ROLE TO USER syntax could
be extended to have a DEFAULT clause that declares the grant
as the default role - replacing any previous default if any
exists.
--
Geoff Worboys
Telesis Computing
I am being rude and starting a new topic to cover the offshoot
of the "User name SYSDBA" thread that concerns how security
should be managed in Firebird in terms of SQL roles versus
some potentially non-standard group facility.
My first comment is that I believe Ann is correct, we should
not try to extended the SQL role facility into something that
is non-standard. If a non-standard facility is required then
it should be declared separately and distinctly.
However Claudio did say:
> It's possible to create more complex schemas by grantingThis aspect has been mentioned before and I believe it is very
> roles to roles (and it's in the standard), but we don't
> support that capability.
important. If we had this ability then suddenly the whole
issue of privilege management becomes much easier.
We could finally begin to "group" privileges as roles, and
roles within roles, obtaining the sort of management features
that people have been requesting with "groups". All this while
still keeping entirely within the standard.
The ability to "pickup" or "drop" roles dynamically at runtime,
as suggested by Jim, I believe is a separate issue. That is;
once we resolve the problems of privilege management, the
ability to change things dynamically can be studied to see if
it can be made to work - and whether it is necessary.
All that leaves then would be the ability to define a user
has having a "default" role if they do not login with a
specific role. Perhaps the GRANT ROLE TO USER syntax could
be extended to have a DEFAULT clause that declares the grant
as the default role - replacing any previous default if any
exists.
--
Geoff Worboys
Telesis Computing