--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@t...>
wrote:

> At 12:55 PM 1/09/2004 +0000, you wrote:
> >Hi,
> >
> >1. What's the use of Roles ? I can't seem to find any docs on

this ,

> >and I haven't got/ordered HeLen's book yet :(.
>
> Roles are a way to package a bunch of SQL privileges. You create

the role,

> then grant the required privs to the role, then grant the role to

each user

> who needs those privs. At login time, the user must supply both

username

> and role to get the privs of the role.
>

Ok, good to know how it works ;-)

> >2. I've made a Db to be installed at a customer's site, and added a
> >user which is granted some rights on some tables, SYSDBA (that's

me)

> >pasword is not given to customer (question of responsability when

sth

> >goes wrong). How can I allow my customer to be able to use GBAK to
> >shedule backup/restore of this DB, without giving him SYSDBA
> >password ? can I somehow 'grant' backup/restore rights to the User

I

> >created for him ?
>
> You can't 'grant" backup/restore rights. What you need to do is

create a

> user who is to be the "Owner", e.g. DB_OWNER; back up the database

as

> SYSDBA, then do a gbak -c, with a temporary database file name,

supplying

> the user name and password of DB_OWNER as switches to the command.

The new

> database is now owned by DB_OWNER.
>
> Log into this database as DB_OWNER and test that all is OK; when

you're

> ready, rename the old database file (or move it) and the rename the

new

> one. The new owner will now be able to back up the database.

However, it

> won't have any privs for the objects inside the database...
>
> ./helen

Ok, when SYSDBA still holds all privs, this is exactly what I need.
Can you confirm that SYSDBA -privs remain unchanged ?


Thanks for clearing this up,

Best regards,

Dirk Naudts.