| Subject | Re: [Firebird-Java] Re: Table permissions and EJBs |
|---|---|
| Author | Helen Borrie |
| Post date | 2004-07-13T03:51:53Z |
At 02:17 AM 13/07/2004 +0000, you wrote:
authenticated user can log into any database. What the user can do, once
logged in, depends on SQL privileges. No privs for objects = no access to
objects.
Roles are created at database level: the server doesn't even know about a
role until the authenticated user is connected to the database where the
role exists. Ditto all other SQL privileges. Don't confuse roles with
UNIX groups..a role nothing more than a way of packaging a bunch of SQL
privileges.
So the client must supply the role in the connection string in order to
make that role's privileges available to the user (provided the user has
privileges for that role, natch!)
Helen
>The user ID used to create the datasource belongs to the productionWrong assumption. Users are authenticated at server level - any
>group. Do I also have to specify this information in the connection
>URL? I would assume the database would manage the permissions based
>on how the user was set-up.
authenticated user can log into any database. What the user can do, once
logged in, depends on SQL privileges. No privs for objects = no access to
objects.
Roles are created at database level: the server doesn't even know about a
role until the authenticated user is connected to the database where the
role exists. Ditto all other SQL privileges. Don't confuse roles with
UNIX groups..a role nothing more than a way of packaging a bunch of SQL
privileges.
So the client must supply the role in the connection string in order to
make that role's privileges available to the user (provided the user has
privileges for that role, natch!)
Helen