> >After creating the role ADMIN_ROLE, I granted the role these
> >permissions (which are stored in the DB, I did check RDS$USER_ROLE or
> >some such table).

> >I thought maybe in Firebird embedded the
> >
> >GRANT <role> to <user>
> >
> >seems to have no effect, or should it?
>
> No.
>
> What's needed (not in your application) is for SYSDBA to
> 1. CREATE ROLE ADMIN_ROLE
> COMMIT;
> 2. GRANT <privileges> ON <things> to ADMIN_ROLE
> (as many as it takes, and COMMIT)
> 3. GRANT ADMIN_ROLE TO FOOBAR( and commit)
>
> Then that setup part is done. SYSDBA is not involved any more.
>
> Now, when foobar logs in, he has to have ADMIN_ROLE in his connection
> parameters.

Yes I did do step 1.

Step 2 was done and I can browse RDB$USER_PRIVILEGES table to see that
its all there.

I have done step 3. I noticed the entry into RDB$USER_PRIVILEGES for
FOOBAR:
RDB$PRIVILEGE is "M" (which is, what I am told, is to be expected).

Finally, you wouldn't know how to set up connection (name/value)
property for role name when using Jaybird by any chance, would you?

Cheers
-raj