Subject Re: Database Culture and Progress
Author Aleksey Karyakin
--- In, "Aleksey Karyakin"
<karyakin@c...> wrote:
> So the application does not choose roles? If so, how they are
> determined? Is there some system-level mapping of user identity to
> set of role names? How that mapping is stored and how it is
> so that the database server can trust it?

Read 'application' as 'application server' :)

> > per user basis. This is possible already when the connection is
> > obtained each time a new combination of user name/password and
> is
> > passed. But it is not possible in case of connection pooling.

With the scenario in which the app server passes role names (the
first one in my last post), there is no need to re-authenticate. So
role name(s) can be passed as parameter to _each_ query.

But, taking into account that today in Firebird permissions are
checked when a request is prepared ...

> Regards,
> Aleksey Karyakin