Sorry, my mistake for the misunderstaning.

ADMIN_ROLE has been granted read/write permission for a whole stack of
tables and read permission for others.

After creating the role ADMIN_ROLE, I granted the role these
permissions (which are stored in the DB, I did check RDS$USER_ROLE or
some such table).

So when a user "foobar" does perform a "mock" login, I would like them
to be granted the role of ADMIN_ROLE.

If I set up a connection object with my app that connects as SYSDBA
and grants this "mock" login the role ADMIN_ROLE, it does not seem to
have any effect (a query fails saying "foobar" does not have read
permission blah blah)

I thought maybe in Firebird embedded the

GRANT <role> to <user>

seems to have no effect, or should it?

Cheers
-raj

> >I have created a role called ADMIN_ROLE.
> >SYSDBA (who is DB owner) does not seem to be affected by ADMIN_ROLE
> >(the gdb file was created using a client-server edition).
> >
> >I can connect as user "foobar". But "foobar" is prevented from reading
> >tables because of permission problems.
> >
> >Even if I state: GRANT ADMIN_ROLE TO foobar
> >it has no effect.
>
> You have to grant the permissions to the role.
> Then you grant the role to the user.
>
>
> >Thats why I could not see the point in roles for the embedded version!
>
> If you're always going to use the same username for the (mock)

login, then,

> no, there's no point. You might as well just grant the permissions
> directly to this user.