| Subject | Re: A Newbie Question |
|---|---|
| Author | Wayne |
| Post date | 2001-08-20T12:41:41Z |
Hi Doug,
Thanks for response.
A quick question, in another newsgroup I asked a very similar
question as I like to get different answers from different angles.
On another group I was told that roles are saved in specific database
for that database whereas users are server wide. This makes sense to
me as different databases may share users on a server, but certain
roles that are assumed by a user will only affect the database in
which those roles have been defined. Is this correct?
Thanks in advance
Wayne
Thanks for response.
A quick question, in another newsgroup I asked a very similar
question as I like to get different answers from different angles.
On another group I was told that roles are saved in specific database
for that database whereas users are server wide. This makes sense to
me as different databases may share users on a server, but certain
roles that are assumed by a user will only affect the database in
which those roles have been defined. Is this correct?
Thanks in advance
Wayne
--- In ib-support@y..., Doug Chamberlin <dchamberlin@n...> wrote:
> At 8/20/2001 05:46 AM (Monday), Wayne wrote:
> >Am I right in saying the following, users are for the server but
> >roles are database specific?
> >
> >This is what I want to achieve. Currently I have no roles at all
but
> >have decided to implement roles, security will be at database level
> >as well as app level. At the app level, certain roles will access
> >certain forms (menu Items).
> >
> >Currently users log in showing user name and password.
> >
> >1. I do not want the user to have to enter a role at log in time
(In
> >fact each user will only have one possible role and as far as I am
> >concerned, need not even know what that role is)
> >
> >2. How can I ascertain the role immedietly after logging in so
that I
> >can make certain menu items invisible?
> >
> >3. How do I allocate a role to a user, is it via isc4.gdb or my own
> >database?
>
> Roles are server-wide, not specific to a database.
>
> Users "assume" a role when they connect. A user can only assume one
role
> per connection. When they assume a role they acquire the privileges
granted
> to that role.
>
> When a database connection is made the role to be assumed is chosen
by the
> client application and provided to the server. The actual human
user need
> not see or know the role but the specified role must come from the
client
> application. Therefore, the client should always known what role
the user
> assumed when they connected.
>
> Users are granted the ability to assume a role via the normal
GRANT/REVOKE
> commands.
>
> Roles are NOT the same as "groups" of users because while a single
user can
> be granted the right to assume several roles they are only allowed
to
> assume one per connection. If a user belongs to several groups and
they
> connect then they still belong to all those groups during that
connection.
>
> Hope this clears up things!