| Subject | Re: PROBLEMS WITH GRANT & REVOKE |
|---|---|
| Author | robjimwilliams |
| Post date | 2002-09-11T09:02:56Z |
--- In ib-support@y..., Helen Borrie <helebor@t...> wrote:
Indeed yes logged in as SYSDBA
I am using the console application IBConsole. I appeared to allow me
to INSERT, UPDATE and SELECT fine. I connected through my Delphi
application fine with the caveats. I had to allow all users to do
everything though or I got the same behaviour (ie GRANT ALL ...)
which I felt rather defeated the object!
REVOKE DELETE all I can do is SELECT.
Robert Williams.
> At 05:13 PM 05-09-02 +0000, you wrote:I've
> >I'm new to client server and Interbase.
> >
> >I'm having problems with grant and revoke running IB6. What I want
> >to do is grant a user SELECT, INSERT and UPDATE but not DELETE.
> >tried the following:WHAT'S COMMITTING? How do I commit? I'm sure I didn't commit.
> >
> >GRANT
> > SELECT,
> > INSERT,
> > UPDATE
> >ON CUSTS TO ROBERT;
>
> This looks right. Did you commit it?
>GRANTed. So
>
> >ALSO
> >
> >GRANT
> > ALL
> >ON CUSTS TO ROBERT;
> >
> >and then did
> >
> >REVOKE
> > DELETE
> >ON CUSTS TO ROBERT;
>
> This won't work. You can only revoke what has been explicitly
> you can revoke ALL but you can't pick out the "bits" and revokethem one by
> one.until you
>
> Note that each statement's effect, if valid, will stay in place
> revoke it explicitly.DELETE
>
> It bemuses me somewhat that (from your description here) revoking
> appeared to have caused a revoke on ALL. AFAIK, your REVOKE onDELETE
> should have done nothing to affect either the first or thesecond...were
> you logged in as SYSDBA or Owner when submitting these GRANT/REVOKEstatements?
Indeed yes logged in as SYSDBA
>Delphi)
> >Either way I get the same result. The interface (written in
> >behaves as if I had also REVOKEd INSERT and UPDATE, although whenyou
> >look at the permissions on the table INSERT AND UPDATE are botheither the
> >selected - WHAT am I doing wrong??
>
> How are you submitting this DDL? This could be a problem with
> interface you are using to install the privileges or a fault in theuncommitted
> interface you are using in the client; or that there is an
> transaction around somewhere....Probably uncommitted transactions - how do I commit?
>
I am using the console application IBConsole. I appeared to allow me
to INSERT, UPDATE and SELECT fine. I connected through my Delphi
application fine with the caveats. I had to allow all users to do
everything though or I got the same behaviour (ie GRANT ALL ...)
which I felt rather defeated the object!
> What happens if you submit your SELECT/INSERT/UPDATE statementsthrough
> your admin tool while logged in as ROBERT?Behaviour as described - if I GRANT ALL I can do everything. If I
REVOKE DELETE all I can do is SELECT.
>Thanks
> heLen
Robert Williams.