Subject Re: [firebird-support] question regarding roles, users, db-owner, gbak
Author Martijn Tonies


This link explains MS SQL Server 7 roles - which are
different from Firebird.

> 1. What's the use of Roles ? I can't seem to find any docs on this ,
> and I haven't got/ordered HeLen's book yet :(.

With Firebird, to make use of a role, you have to log in with the
role as well.

You can give a certain role rights to objects (insert, delete, select,
update, execute). You can then assign users rights to roles, so that
if they log in with the given role, they inherit all rights from the role.
You can then easily create new users and let them use existing
roles (and its rights) without having to assign individual rights to
the new user.

Mind you: a user does not inherit rights from a role by just assinging
a user to a role - you need to explicitly log in with the rolename in
addition to your username/password.

> 2. I've made a Db to be installed at a customer's site, and added a
> user which is granted some rights on some tables, SYSDBA (that's me)
> pasword is not given to customer (question of responsability when sth
> goes wrong). How can I allow my customer to be able to use GBAK to
> shedule backup/restore of this DB, without giving him SYSDBA
> password ? can I somehow 'grant' backup/restore rights to the User I
> created for him ?

Well, only SYSDBA and the database owner can do a backup.
In such a case as yours, most people do the following:

1) create a special user for your database
2) use that user to create everything
3) deploy it using that user for backup/restore
4) keep SYSDBA private

With regards,

Martijn Tonies
Database Workbench - developer tool for InterBase, Firebird, MySQL & MS SQL
Upscene Productions