Subject | Re: [ib-support] Users |
---|---|
Author | Nando Dessena |
Post date | 2001-05-23T07:15:54Z |
Marcello,
you the ability to set up different access profiles and assign different
privileges to each user; it will also allow you to take advantage of the
USER variable in trigger and stored procedures. In addition, you don't
have to write a login/authentication system from scratch, even though
you might have to do a little more work if you intend to let each user
change its own password (by default only SYSDBA can do that). There are
more advantages, but these are the most obvious I think.
If you really must use a single user, please don't use SYSDBA nor the
database owner; this will keep you from the ability to shutdown the
database as needed (I'm unsure about the database owner, but I wouldn't
use it anyway).
grant/revoke can be done in SQL only, but I'm not sure. You could have a
set of predefined roles with privilege granted, so that no
granting/revoking has to be done when you add a new user or delete one
(except the role stuff).
That same API is encapsulated in both IBX and IBO components; if I'm not
wrong, IBO uses the "old" API to manage users, whereas IBX uses the
"new" services API; this means that IBO will work on IB 5 as well (and
perhaps on classic builds), whereas IBX will work on IB 6 only, even
though maybe with an easier interface (managing users is not at all
difficult even with the old API, though).
and IB Console (IBX) have the Delphi code to manage users.
HTH
--
____
_/\/ando
> Is it better if every user has its own id, or everyone can use a single userI would suggest using a different user id for each user; this grants (!)
> like SYSDBA, for instance?
you the ability to set up different access profiles and assign different
privileges to each user; it will also allow you to take advantage of the
USER variable in trigger and stored procedures. In addition, you don't
have to write a login/authentication system from scratch, even though
you might have to do a little more work if you intend to let each user
change its own password (by default only SYSDBA can do that). There are
more advantages, but these are the most obvious I think.
If you really must use a single user, please don't use SYSDBA nor the
database owner; this will keep you from the ability to shutdown the
database as needed (I'm unsure about the database owner, but I wouldn't
use it anyway).
> Then if it is better, how do I use create user, grant, revoke and so onInterBase/Firebird has a published API for managing users; I believe
> through a Delphi program?
grant/revoke can be done in SQL only, but I'm not sure. You could have a
set of predefined roles with privilege granted, so that no
granting/revoking has to be done when you add a new user or delete one
(except the role stuff).
That same API is encapsulated in both IBX and IBO components; if I'm not
wrong, IBO uses the "old" API to manage users, whereas IBX uses the
"new" services API; this means that IBO will work on IB 5 as well (and
perhaps on classic builds), whereas IBX will work on IB 6 only, even
though maybe with an easier interface (managing users is not at all
difficult even with the old API, though).
> What happens regarding the database performance?I'm not sure what you mean here.
> Does someone has some example for sharing?The docs have examples of grant/revoke. The sources of IB_WISQL (IBO)
> Or just some SQL example.
and IB Console (IBX) have the Delphi code to manage users.
HTH
--
____
_/\/ando