| Subject | Agregate rights to user from roles |
|---|---|
| Author | Antonio M.S. |
| Post date | 2004-06-26T08:29:34Z |
Is possible modify the table RDB$USER_PRIVILEGES directy.
I like agregate the privileges from roles to user, example, is possible
this (is a dirty e imcomplete sentence of example):
Variables:
user: User to grant the privileges
role: Role from suply the privileges
insert into RDB$USER_PRIVILEGES (RDB$USER, RDB$GRANTOR, RDB$PRIVILEGE,
RDB$GRANT_OPTION, RDB$RELATION_NAME, RDB$FIELD_NAME, RDB$USER_TYPE,
RDB$OBJECT_TYPE)
select :user, RDB$GRANTOR, RDB$PRIVILEGE, NULL, RDB$RELATION_NAME,
RDB$FIELD_NAME, 8, 0
from RDB$USER_PRIVILEGES
where (RDB$USER_PRIVILEGES = :role)
This system + 2 tables:
TS_USER
USER
TS_ROLES
USER
ROLE
Permit a system for manager privileges for user in the database baseed
in rights of roles:
Example of "possible" (not testing) store procedure:
Variables:
user: User to grant the privileges
delete from RDB$USER_PRIVILEGES
where RDB$USER = :user;
insert into RDB$USER_PRIVILEGES (RDB$USER, RDB$GRANTOR, RDB$PRIVILEGE,
RDB$GRANT_OPTION, RDB$RELATION_NAME, RDB$FIELD_NAME, RDB$USER_TYPE,
RDB$OBJECT_TYPE)
select distinct :user, RDB$GRANTOR, RDB$PRIVILEGE, NULL,
RDB$RELATION_NAME, RDB$FIELD_NAME, 8, 0
from RDB$USER_PRIVILEGES
where RDB$USER_PRIVILEGES in (select((select ROLE from TS_ROLES where
USER = :user) union ('PUBLICO')));
Distinct for delete the same rights for several roles.
The table TS_USER is necesary for work why a role PUBLIC ("PUBLICO")
private for the specific database.
The rights for roles are manager normally.
For this system is necesary can modify the table RDB$USER_PRIVILEGES
directy. Is possible??
Un Saludo;
Antonio Muñoz
P.D. Perdón por mi mal inglés
I like agregate the privileges from roles to user, example, is possible
this (is a dirty e imcomplete sentence of example):
Variables:
user: User to grant the privileges
role: Role from suply the privileges
insert into RDB$USER_PRIVILEGES (RDB$USER, RDB$GRANTOR, RDB$PRIVILEGE,
RDB$GRANT_OPTION, RDB$RELATION_NAME, RDB$FIELD_NAME, RDB$USER_TYPE,
RDB$OBJECT_TYPE)
select :user, RDB$GRANTOR, RDB$PRIVILEGE, NULL, RDB$RELATION_NAME,
RDB$FIELD_NAME, 8, 0
from RDB$USER_PRIVILEGES
where (RDB$USER_PRIVILEGES = :role)
This system + 2 tables:
TS_USER
USER
TS_ROLES
USER
ROLE
Permit a system for manager privileges for user in the database baseed
in rights of roles:
Example of "possible" (not testing) store procedure:
Variables:
user: User to grant the privileges
delete from RDB$USER_PRIVILEGES
where RDB$USER = :user;
insert into RDB$USER_PRIVILEGES (RDB$USER, RDB$GRANTOR, RDB$PRIVILEGE,
RDB$GRANT_OPTION, RDB$RELATION_NAME, RDB$FIELD_NAME, RDB$USER_TYPE,
RDB$OBJECT_TYPE)
select distinct :user, RDB$GRANTOR, RDB$PRIVILEGE, NULL,
RDB$RELATION_NAME, RDB$FIELD_NAME, 8, 0
from RDB$USER_PRIVILEGES
where RDB$USER_PRIVILEGES in (select((select ROLE from TS_ROLES where
USER = :user) union ('PUBLICO')));
Distinct for delete the same rights for several roles.
The table TS_USER is necesary for work why a role PUBLIC ("PUBLICO")
private for the specific database.
The rights for roles are manager normally.
For this system is necesary can modify the table RDB$USER_PRIVILEGES
directy. Is possible??
Un Saludo;
Antonio Muñoz
P.D. Perdón por mi mal inglés