Subject Re: [firebird-support] Access rights
Author Helen Borrie
At 04:58 PM 27/01/2005 -0600, you wrote:

>I'm migrating from interbase 6.0.x to firebird 1.5.x and decided to
>start using users instead of having my program always log in as sysdba.
>So I created a user, called "IMS" which I then called

OK, this gives IMS SELECT, UPDATE, INSERT and DELETE rights on that table
and also REFERENCES rights to any tables to which this table refers through
a foreign key.

>for all the tables in the database and all the stored procedures that I
>need access to.

GRANT ALL ON APROCEDURE does nothing. You have to grant the EXECUTE
privilege on a SP.

>However I keep getting a message saying ISC ERROR CODE:335544352, no
>permission for read/select access to COLUMN trancat_desc.
>Do I have to grant access to individual fields in the database for all
>the tables or am I not doing something right?

Not in this case (if I'm reading you correctly). You can give column-level
update rights on columns in a table that the user doesn't otherwise have
UPDATE rights to.-- for example, let employees update their name and
address columns in a personnel record, but not their salary. :-)

>I'm using IBExpert personal edition to look at the database and I can
>see the grants in RDB$USER_PRIVILEGES table, not sure what the
>RDB$GRANT_OPTION field is for, but the records for my IMS user shows 0
>for it.

Don't be tempted to use IBE (or any other tool) to modify
RDB$USER_PRIVILEGES yourself - always use GRANT and REVOKE.

GRANT_OPTION will be 1 if the owner of the object passed on to the user the
right to grant that privilege to other users. In the GRANT statement, the
WITH GRANT OPTION clause is used to effect that.

>I also tried granting all rights to the table for public, but I still
>get that error. I can still log in as sysdba, but I would prefer not to.

PUBLIC is "just a user" - it just happens to be one that the system
recognises as "any old user". Your main problem here seems to be that you
thought GRANT ALL would give the user access to procedures. It