Subject Re: FB security - Roles vs Groups
Author johnson_dave2003
--- In, "Leyne, Sean" <Sean@B...>
> Christian,
> > As a chosen combination of already granted roles isn't of relevance
> > regarding security, why not allow the user to define the needed
> > selection her-/himself, e.g. by transferring a comma-separated list of
> > roles, or - for convenience - alternatively an asterisk, if an
> > inclusion of them all for the least restricted db access is desired.
> Wouldn't this allow the user to 'promote' himself to SYSDBA and do
> anything he wanted?

No - a requested role must always be checked against the roles that
the user has been assigned.