Subject RE: [firebird-support] Gsec Question
Author Daniel Jimenez
Hi Thomas,

Thank you for your help, much appreciated.

Daniel.

> > I have defined the schema for a FDB. The schema does not
> include user
> > definitions.
> > The idea, is that once the application which makes use of
> the FDB is
> > installed, when first run, it will detect that the FDB is not
> > available and it will ask the user to point to the schema
> to run, thus creating the FDB.
> >
> > The next step will be to create the FDB users. This is where I am
> > having trouble.
> >
> > If I use Gsec, I can define the users, but when I try to connect to
> > the FDB using one of this new users, I get an error saying that the
> > user is not defined. However If I use Database Workbench or
> IBConsole,
> > I do not get this error.
> >
> > Any suggestion?
>
> I guess you are using the database owner when connecting to
> the database via Database Workbench or IBConsole?
>
> Authentication happens server-wide that means, Firebird users
> are defined on a per server-basis. Once you've created a new
> Firebird user, he needs proper rights on database objects
> inside a Firebird database. This doesn't happen
> automatically, except you've granted ALL rights for a
> database object to the synonym PUBLIC which stands for "all users".
>
> If you don't want to do that from a security POV, then you
> could maintain SQL privileges by using roles. A user can be a
> member of 0..n roles and roles can have proper SQL privileges
> on database objects. At connect time, the user (or your
> application silently) specifies that particular role and the
> user will "inheritate" the SQL priviliges from the role he
> has specified at connect time.
>
> Excample: Connecting as the database owner.
>
> CREATE ROLE myrole;
> COMMIT;
>
> GRANT ALL ON MYTABLE TO MYROLE;
> COMMIT;
>
>
> Then, after you've created a new Firebird user, the only
> thing needed is (connecting as the database owner):
>
> GRANT MYROLE TO MYNEWUSER;
> COMMIT;
>
>
> When MYNEWUSER specifies MYROLE at connect time, MYNEWUSER
> automatically gets the SQL privileges defined for MYROLE.
>
>
>
> HTH,
> Thomas Steinmaurer
> LogManager Series - Logging/Auditing Suites supporting
> InterBase, Firebird, Advantage Database and MS SQL Server
> Upscene Productions http://www.upscene.com