|Subject||Re: [Firebird-Architect] External engines - metadata|
> Vlad Khorsun wrote:I still not understand why we should have such privileges (for language usage).
>>>> While i can't agree its necessary i not object until all plugins are equal for
>>>> engine. Each plugin as any other application may create its objects in database.
>>>> If it granted to do it ;)
>>> Are you thinking something like GRANT CREATE TABLE TO PLUGIN JavaESP?
>> No, of course no. But when plugin will create its objects ? When its registered
>> by SYSDBA ? Then we need some kind of predefined event for plugin.
> It may be when SYSDBA grant language usage to a user.
>> Or on first reference ? Then we have no guarantee that current user have necessary privilegesPlugin's tables must be acessible at least for read by all users. Only
>> to create tables (plugin have no own login and can access database using current
>> user credentials). Also current user became owner of objects created by plugin -
>> i don't like it.
> But here we have problem.
> If plugin tables are owned by SYSDBA, how it will work with tables in
> user context?
> Note that security plugin tables should not be accessible to users and
> classes stored in blobs should only be accessible to who own it.
exception is security plugin (hmm... i tought we talked here about external
engines not about generic plugins ?). Anyway - for security database we already
have special connection. Why remove it ?