| Subject | Re: [firebird-support] Gsec Question |
|---|---|
| Author | Thomas Steinmaurer |
| Post date | 2005-01-10T07:48:26Z |
Hi Daniel,
to the database via Database Workbench or IBConsole?
Authentication happens server-wide that means, Firebird
users are defined on a per server-basis. Once you've
created a new Firebird user, he needs proper rights
on database objects inside a Firebird database. This
doesn't happen automatically, except you've granted
ALL rights for a database object to the synonym PUBLIC
which stands for "all users".
If you don't want to do that from a security POV, then
you could maintain SQL privileges by using roles. A
user can be a member of 0..n roles and roles can have
proper SQL privileges on database objects. At connect
time, the user (or your application silently) specifies
that particular role and the user will "inheritate" the
SQL priviliges from the role he has specified at connect
time.
Excample: Connecting as the database owner.
CREATE ROLE myrole;
COMMIT;
GRANT ALL ON MYTABLE TO MYROLE;
COMMIT;
Then, after you've created a new Firebird user, the only
thing needed is (connecting as the database owner):
GRANT MYROLE TO MYNEWUSER;
COMMIT;
When MYNEWUSER specifies MYROLE at connect time, MYNEWUSER
automatically gets the SQL privileges defined for MYROLE.
HTH,
Thomas Steinmaurer
LogManager Series - Logging/Auditing Suites supporting
InterBase, Firebird, Advantage Database and MS SQL Server
Upscene Productions
http://www.upscene.com
> I have defined the schema for a FDB. The schema does not include userI guess you are using the database owner when connecting
> definitions.
>
> The idea, is that once the application which makes use of the FDB is
> installed, when first run, it will detect that the FDB is not available and
> it will ask the user to point to the schema to run, thus creating the FDB.
>
> The next step will be to create the FDB users. This is where I am having
> trouble.
>
> If I use Gsec, I can define the users, but when I try to connect to the FDB
> using one of this new users, I get an error saying that the user is not
> defined. However If I use Database Workbench or IBConsole, I do not get this
> error.
>
> Any suggestion?
to the database via Database Workbench or IBConsole?
Authentication happens server-wide that means, Firebird
users are defined on a per server-basis. Once you've
created a new Firebird user, he needs proper rights
on database objects inside a Firebird database. This
doesn't happen automatically, except you've granted
ALL rights for a database object to the synonym PUBLIC
which stands for "all users".
If you don't want to do that from a security POV, then
you could maintain SQL privileges by using roles. A
user can be a member of 0..n roles and roles can have
proper SQL privileges on database objects. At connect
time, the user (or your application silently) specifies
that particular role and the user will "inheritate" the
SQL priviliges from the role he has specified at connect
time.
Excample: Connecting as the database owner.
CREATE ROLE myrole;
COMMIT;
GRANT ALL ON MYTABLE TO MYROLE;
COMMIT;
Then, after you've created a new Firebird user, the only
thing needed is (connecting as the database owner):
GRANT MYROLE TO MYNEWUSER;
COMMIT;
When MYNEWUSER specifies MYROLE at connect time, MYNEWUSER
automatically gets the SQL privileges defined for MYROLE.
HTH,
Thomas Steinmaurer
LogManager Series - Logging/Auditing Suites supporting
InterBase, Firebird, Advantage Database and MS SQL Server
Upscene Productions
http://www.upscene.com