Maybe I don't understand basics, but here is my question.
I have database with certain number of tables (let's say A, B, C, D,
E) and make following ROLE's:
CREATE ROLE FULLACC;
GRANT ALL ON A TO FULLACC;
GRANT ALL ON B TO FULLACC;
GRANT ALL ON C TO FULLACC;
GRANT ALL ON D TO FULLACC;
GRANT ALL ON E TO FULLACC;

CREATE ROLE PARTIAL;
GRANT ALL ON E TO PARTIAL;
GRANT SELECT ON A TO PARTIAL;
GRANT SELECT ON B TO PARTIAL;

CREATE ROLE PROCS;
GRANT EXECUTE ON PROCEDURE AP TO PROCS;
GRANT EXECUTE ON PROCEDURE BP TO PROCS;

Then, I defined grants for two users USERA and USERB:

GRANT PARTIAL TO USERB WITH ADMIN OPTION;
GRANT PROCS TO USERB WITH ADMIN OPTION;
GRANT FULLACC TO USERA WITH ADMIN OPTION;
GRANT PROCS TO USERA WITH ADMIN OPTION;

SQL is executed using IBExpert Personal, without any errors. Roles are
defined. In UserManager I can see that USERA has roles FULLACC and
PROCS checked and USERB roles PARTIAL and PROCS: So, that't OK.

But, when I try to make SELECT on table A when loged as USERB I get
error... my user cannot acces this table.

I checked with GrantManager, and it seems that Roles are defined OK.


So, what is my question? Can user grants be done like I did it, or I
must do something else?
All SQL was executed when I was loged as SYSDBA user...
What am I doing wrong?