| Subject | Problem with revoke |
|---|---|
| Author | Brad Pepers |
| Post date | 2001-01-18T12:25:25Z |
I'm using Firebird 0.9-4 and have found a problem with revoke. I created a
user called "admin" and then granted all on a table to them like this (while
connected as sysdba):
grant all on config to "admin";
I needed the quotes around the user name since I guess admin is a keyword. I
then tried to revoke it using this command:
revoke all on config from "admin";
This seemed to work but I was surprised to find that "admin" could still
connect and do operations on the "config" table! In looking around it I
noticed that the RDB$USER_PREVILEGES table stores the user names in upper
case. Suspecting this to be the problem, I changed the command to:
revoke all on config from "ADMIN";
This worked! So the revoke command needs the user name in upper case. I
didn't find this documented in the LangRef manual and don't think its a very
good idea! Either the name should be stored in the original case and matched
that way or else the revoke command should convert it to upper case to match
what the grant command is doing.
--
Brad Pepers
brad@...
user called "admin" and then granted all on a table to them like this (while
connected as sysdba):
grant all on config to "admin";
I needed the quotes around the user name since I guess admin is a keyword. I
then tried to revoke it using this command:
revoke all on config from "admin";
This seemed to work but I was surprised to find that "admin" could still
connect and do operations on the "config" table! In looking around it I
noticed that the RDB$USER_PREVILEGES table stores the user names in upper
case. Suspecting this to be the problem, I changed the command to:
revoke all on config from "ADMIN";
This worked! So the revoke command needs the user name in upper case. I
didn't find this documented in the LangRef manual and don't think its a very
good idea! Either the name should be stored in the original case and matched
that way or else the revoke command should convert it to upper case to match
what the grant command is doing.
--
Brad Pepers
brad@...