Subject Re: [firebird-support] question regarding roles, users, db-owner, gbak
Author Helen Borrie
At 12:55 PM 1/09/2004 +0000, you wrote:
>1. What's the use of Roles ? I can't seem to find any docs on this ,
>and I haven't got/ordered HeLen's book yet :(.

Roles are a way to package a bunch of SQL privileges. You create the role,
then grant the required privs to the role, then grant the role to each user
who needs those privs. At login time, the user must supply both username
and role to get the privs of the role.

>2. I've made a Db to be installed at a customer's site, and added a
>user which is granted some rights on some tables, SYSDBA (that's me)
>pasword is not given to customer (question of responsability when sth
>goes wrong). How can I allow my customer to be able to use GBAK to
>shedule backup/restore of this DB, without giving him SYSDBA
>password ? can I somehow 'grant' backup/restore rights to the User I
>created for him ?

You can't 'grant" backup/restore rights. What you need to do is create a
user who is to be the "Owner", e.g. DB_OWNER; back up the database as
SYSDBA, then do a gbak -c, with a temporary database file name, supplying
the user name and password of DB_OWNER as switches to the command. The new
database is now owned by DB_OWNER.

Log into this database as DB_OWNER and test that all is OK; when you're
ready, rename the old database file (or move it) and the rename the new
one. The new owner will now be able to back up the database. However, it
won't have any privs for the objects inside the database...