> Hi all,
>
> Looking at the embedded database readme file I notice the
> following section:
>
> 2.3. Authentication and security
>
> The security database (namely security.fdb) is not used
> in the embedded server and hence is not required. Any
> user is able to attach to any database. Since both
> the server and the client run in the same address space,
> the security becomes just an agreement between both
> sides which can be easily compromised.
>
> But note that SQL privileges are still checked.
>
> Reading the first paragraph I think that anyone can connect to an
> embedded database and then read/write to whatever table they
> wish. But the last line confuses me a little. What is the
> difference between anyone being able to connect to the database
> and then having SQL privileges checked? I apologise for this
> newbie question.
>
> Cheers,
> Diego

Roles are still active - if you connect via a role you will be forced to
abide by that role's privileges.
Alan