Subject Users and Roles Problem
Author w_y_v_i_s
Hi

I am a firebird newbie and I am having a few problems with users and
roles. Simple scenario: I want to create a DB, add a table, create a
role with privileges and finally create a new user with the role.

Seems simple enough, eh? However, having followed some info I found
online, I get permission errors and I don't know why.

The steps I followed are below (Firebird 1.5.1 on WinNT). Can anyone
tell me what I am doing wrong?

Step 1: Create DB and table
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database "D:\ROLETEST.FDB" user "sysdba" password
"p4ssw0rd";
SQL>
SQL> connect "D:\ROLETEST.FDB" user sysdba password p4ssw0rd;
Commit current transaction (y/n)?n
Rolling back work.
Database: "D:\ROLETEST.FDB", User: sysdba
SQL> create table COUNTRIES (
CON> code varchar(2) not null,
CON> description varchar(100) not null,
CON> constraint c_pk primary key (code));
SQL> commit;
SQL>
SQL> create role TESTROLE;
SQL> commit;
SQL>
SQL> grant ALL on table COUNTRIES to role TESTROLE;
SQL> commit;
SQL>
SQL> insert into COUNTRIES values ('UK', 'United Kingdom');
SQL> commit;
SQL>
SQL> exit;


Step 2: Create user
$>gsec -user sysdba -password p4ssw0rd
GSEC> add TESTUSER -fname TEST -lname USER
GSEC> modify TESTUSER -pw t3stus3r
GSEC> quit


Step 3: Assign role
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect "D:\ROLETEST.FDB" user sysdba password p4ssw0rd;
Database: "D:\ROLETEST.FDB", User: sysdba
SQL> grant "TESTROLE" to user "TESTUSER";
SQL> commit;
SQL>exit;


Step 4: Login as user and try it
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect "D:\ROLETEST.FDB" user TESTUSER password t3stus3r;
Database: "D:\ROLETEST.FDB", User: TESTUSER
SQL> select * from COUNTRIES;
Statement failed, SQLCODE = -551

no permission for read/select access to TABLE COUNTRIES
SQL>
SQL> insert into COUNTRIES values ('US', 'United States');
Statement failed, SQLCODE = -551

no permission for insert/write access to TABLE COUNTRIES
SQL>

Any help appreciated.
Thanks.