Subject Re: [Firebird-Architect] Connect privilege
Author Dmitry Yemanov
Philippe Makowski wrote:
> Did I missed something ?

It seems so :-)

> Any user define into security database can access at any database on the server
> and can create object in the database

Yes. He/she can also alter or drop generators/UDFs, modify system tables
and so on.

> Can't we have a CONNECT and CREATE OBJECT privileges to avoid this ?

We can, I suppose. But where would you suggest to store the CONNECT
privilege in the case of the database-level authentication (without a
security database)? If in the database itself, then should the engine
first perform an actual connection and only then check whether it was