| Subject | Re: [Firebird-Architect] Connect privilege |
|---|---|
| Author | Philippe Makowski |
| Post date | 2007-04-30T06:48:18Z |
Le 30/04/2007 08:20, Dmitry Yemanov a dit :
CREATE or MODIFY object have to be at the database-level, just like SELECT,
INSERT,UPDATE,DELETE
CONNECT is a more difficult
I see three options :
- at database-level :but yes the engine should first perform an actual
connection and only then check whether it is allowed
- using security database
- using this only with aliases and store this into aliases.conf
>> Can't we have a CONNECT and CREATE OBJECT privileges to avoid this ?That's need reflection, that's why I post this here ;)
>
> We can, I suppose. But where would you suggest to store the CONNECT
> privilege in the case of the database-level authentication (without a
> security database)? If in the database itself, then should the engine
> first perform an actual connection and only then check whether it was
> allowed?
>
CREATE or MODIFY object have to be at the database-level, just like SELECT,
INSERT,UPDATE,DELETE
CONNECT is a more difficult
I see three options :
- at database-level :but yes the engine should first perform an actual
connection and only then check whether it is allowed
- using security database
- using this only with aliases and store this into aliases.conf