Subject Re: [ib-support] ROLE in gbak
Author Ivan Prenosil
> From: Claudio Valderrama C.
> > Yes, of course. I'm not stupid. And I ask again, for what? This will make
> I
> > backup only that things I have permission in role? No. Then, for what?
> In theory, only sysdba and the db owner should be able to backup a db. If
> another user wants to do the trick, probably the intention was that this
> should be possible, provided that:
> - there's a role R that was granted rights over all objects (or at least
> SELECT rights in most cases)
> - there's a user U that's neither sysdba nor the db owner but that was
> granted role R
> - user U connects with role R through gbak to do the backup
> I never have tried if this works in practice.

I think that both -role switch of gbak and isc_dpb_gbak_attach attach
parameter were introduced in IB5.
Because gbak now uses isc_dpb_gbak_attach, if you try to do backup
with other user than db owner or SYSDBA, you get error:

"Unable to perform operation. You must be either SYSDBA or owner of the database."

So possibilities are either
- drop -role switch
- modify gbak to not use isc_dpb_gbak_attach when -role is specified.