| Subject | RE: [firebird-support] Create SYSDBA power under a different name and then delete SYSDBA |
|---|---|
| Author | Goutam Paruchuri |
| Post date | 2004-12-21T14:05:15Z |
Yes Hele is right. My statement was having wrong intrepetation.
Roles are used for easy management & security (protection).
Note the below of what Helen wrote
""" In assigning the role TO a user you don't somehow make the
role "inherit"
that user's privileges. You make THAT role's privileges
available to THAT user. """
- Goutam
The information contained in this e-mail is confidential and intended for use only by the person(s) or organization listed in the address. If you have received this communication in error, please contact the sender at O'Neil & Associates, Inc., immediately. Any copying, dissemination, or distribution of this communication, other than by the intended recipient, is strictly prohibited.
Roles are used for easy management & security (protection).
Note the below of what Helen wrote
""" In assigning the role TO a user you don't somehow make the
role "inherit"
that user's privileges. You make THAT role's privileges
available to THAT user. """
- Goutam
> -----Original Message-----Confidentiality Notice
> From: Helen Borrie [mailto:helebor@...]
> Sent: Tuesday, December 21, 2004 1:38 AM
> To: firebird-support@yahoogroups.com
> Subject: RE: [firebird-support] Create SYSDBA power under a
> different name and then delete SYSDBA
>
>
>
> At 11:16 AM 21/12/2004 +0530, you wrote:
>
> >Hi Goutam
> >
> >Thanks for responding.
> >
> >At 08:00 pm 20/12/2004, you wrote:
> >
> > >Multiple users could belong to a single role.
> > >
> > >You can assign permissions to role and don't have to individually
> > >assign the same permissions to all the users within the role.
> > >Eg. You have users x,y,z. You need the users to have same level of
> > >permissions all the time.
> > >Create a role p , assign x,y,z to Role p . Grant the permission to
> > >Role p.
> >
> >Okay so role is a sort of group head. Can a role inherit
> from a user, ie.
> >the SYSDBA is already created and has it's own blanket power. Now
> >supposing I create a role P and assign SYSDBA to it, do I have to go
> >about giving permission to everything
>
> A role is not a user, or a group of users. It is a package
> of privileges.
> User authentication takes place at server level, roles and
> privileges apply at database level. At login, the user logs
> in with his/her username and password AND the role. You
> can't log in with a role on its own.
>
> 1. SYSDBA or db_owner creates the role
> 2. SYSDBA and/or object_owners and/or
> grantees_with_grant_option assign privileges to the role.
> 3. SYSDBA or db_owner assign the role TO individual users.
>
> In assigning the role TO a user you don't somehow make the
> role "inherit"
> that user's privileges. You make THAT role's privileges
> available to THAT user.
>
> It's totally pointless assigning a role to SYSDBA since it
> already has all privs to all things in all databases.
>
> ./hb
>
>
>
>
> ------------------------ Yahoo! Groups Sponsor
> --------------------~--> Make a clean sweep of pop-up ads.
> Yahoo! Companion Toolbar.
> Now with Pop-Up Blocker. Get it for free!
> http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/67folB/TM
> --------------------------------------------------------------
> ------~->
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
The information contained in this e-mail is confidential and intended for use only by the person(s) or organization listed in the address. If you have received this communication in error, please contact the sender at O'Neil & Associates, Inc., immediately. Any copying, dissemination, or distribution of this communication, other than by the intended recipient, is strictly prohibited.