Subject RE: [ib-support] Metadata opinions appreciated
Author Alan McDonald
You create users via a front end tool, ibconsole, IBExpert, or GSEC etc.
They are created in the security database and are not part of your database.
They are users who are able to log on to the server but are limited in what
they can do to the extent to which they are granted permissions by the owner
of the database or another user who has been granted the grant option by the
owner of the database. (hmm... read carefully)

You can grant permissions to users and this grant information is stoed in
your database.
You may (therefore) grant permissions to users who do not have access to the
server. They will not get access to anything until SYSDBA has created the
user. Then they get access to all the things you (the owner) has granted

>So if I create an application that uses a firebird database, and that
>database is created by user 'johnDoe', then the firebird server that is
>running must recognise 'JohnDoe' or the application will fail??
Precisely - in fact unless the server recognises JohnDoe, you will not be
able to restore your database onto that server.
(Don't think Ive tried it but you probably can't create a DB owned by
JohnDoe unless JohnDoe is logged on.)

The first thing you should do after installing a server is change the SYDBA

Nothing stops them copying the file - if they install another server and as
SYSDBA log on - then they have access to your database - so protect it.
There are also some quite tricky ways to "fool" the security database - you
can read more about that at IBPhoenix

>Are you developing in Delphi?
Sort of, I am developing in Borland CBuilder.
OK, then you have a choice of components and you should become familiar with
these ASAP.

If you have the money - then I would recommend IBObjects... you can use them
til you can pay for them.
They do, however, provide the best path to being able to move along with FB
since other components e.g. IBX have already declared that if FB diverges
from IB then tough - they won't follow.