Iam just beginning to use roles.

I have a new user lets says its john with out any permission.

Then a create a role name "invuser" then grant the role the
permission to do anything to the invoice table.

then I grant the role "invuser" to user "john"

base from my experiment/learning ... even I have grant the
role "invuser" to user "john". when I log in as "john" not
identifying my role, I still can't access the "invoice" table... But
when I log in as "john" with identifying my role, that's the time I
can access the "invoice" table.

here are my question.

isn't it was awkward to have it that way? I expect that once when the
role "invuser" was granted to user "john" everytime when "john" log
in it has the priviledges of the role "invuser". I think it could be
nice once the user login to the application my entering his user and
password only, not more identifying the role to make the application
more user friendly.

or maybe I did something wrong?

Well Iam using IBexpert as my tool

thanks.