| Subject | Re: [firebird-support] Problem with roles |
|---|---|
| Author | Nando Dessena |
| Post date | 2003-10-10T10:47:58Z |
Daniel,
D> That means a user only 'belongs to' one role at a time and
D> has to reconnect to use the rights he/she might have with another role?
that's correct. According to the SQL standard, if I'm not mistaken,
the first part of your sentence is right (a user can use only one role
at a time), while the second part is a Firebird implementation detail.
It should be possible for a connected user to change role without
reconnecting, and I'm sure I have seen such a feature request in the
past. In any case it mustn't have much priority.
D> And how do you know which roles the user belongs to before
D> you connect to the database? Let's say the admin granted you
D> new permissions on a table via a role, but didn't tell you.
a login screen could let the user choose the role to use from a list
(unfortunately is would have to connect to the database in advance,
using a sufficiently privileged account, to get the list).
Ciao
--
Nando mailto:nandod@...
D> That means a user only 'belongs to' one role at a time and
D> has to reconnect to use the rights he/she might have with another role?
that's correct. According to the SQL standard, if I'm not mistaken,
the first part of your sentence is right (a user can use only one role
at a time), while the second part is a Firebird implementation detail.
It should be possible for a connected user to change role without
reconnecting, and I'm sure I have seen such a feature request in the
past. In any case it mustn't have much priority.
D> And how do you know which roles the user belongs to before
D> you connect to the database? Let's say the admin granted you
D> new permissions on a table via a role, but didn't tell you.
a login screen could let the user choose the role to use from a list
(unfortunately is would have to connect to the database in advance,
using a sufficiently privileged account, to get the list).
Ciao
--
Nando mailto:nandod@...