Subject Re: A Newbie Question
Author Wayne
Hi Doug,

Thanks for response.
A quick question, in another newsgroup I asked a very similar
question as I like to get different answers from different angles.

On another group I was told that roles are saved in specific database
for that database whereas users are server wide. This makes sense to
me as different databases may share users on a server, but certain
roles that are assumed by a user will only affect the database in
which those roles have been defined. Is this correct?

Thanks in advance


--- In ib-support@y..., Doug Chamberlin <dchamberlin@n...> wrote:
> At 8/20/2001 05:46 AM (Monday), Wayne wrote:
> >Am I right in saying the following, users are for the server but
> >roles are database specific?
> >
> >This is what I want to achieve. Currently I have no roles at all
> >have decided to implement roles, security will be at database level
> >as well as app level. At the app level, certain roles will access
> >certain forms (menu Items).
> >
> >Currently users log in showing user name and password.
> >
> >1. I do not want the user to have to enter a role at log in time
> >fact each user will only have one possible role and as far as I am
> >concerned, need not even know what that role is)
> >
> >2. How can I ascertain the role immedietly after logging in so
that I
> >can make certain menu items invisible?
> >
> >3. How do I allocate a role to a user, is it via isc4.gdb or my own
> >database?
> Roles are server-wide, not specific to a database.
> Users "assume" a role when they connect. A user can only assume one
> per connection. When they assume a role they acquire the privileges
> to that role.
> When a database connection is made the role to be assumed is chosen
by the
> client application and provided to the server. The actual human
user need
> not see or know the role but the specified role must come from the
> application. Therefore, the client should always known what role
the user
> assumed when they connected.
> Users are granted the ability to assume a role via the normal
> commands.
> Roles are NOT the same as "groups" of users because while a single
user can
> be granted the right to assume several roles they are only allowed
> assume one per connection. If a user belongs to several groups and
> connect then they still belong to all those groups during that
> Hope this clears up things!