Subject Re: [firebird-support] grant sgestockviewer to GRANT;
Author Helen Borrie
At 02:15 PM 20/09/2005 +1000, you wrote:
>How do I grant a role to a user named Grant?
>e.g. grant sales to GRANT;
>Database rejects my statment with our without quotes.
Check the syntax pattern for the GRANT statement.

While it's true you can't grant privileges to a user defined with the
unquoted identifier 'Grant', if you use the right syntax for the GRANT
statement you should be able to grant privileges to "GRANT".


i.e. it's not legal syntax to grant an object. You grant a privilege (or a
package of privileges, in the case of GRANT ALL or GRANT ROLE).

In detail:

Gsec will allow this:

gsec -add Grant -pw molotov

gsec -display


As you see, the username is stored in upper case and gsec doesn't care
about your use of a reserved word for the username. All gsec cares about
is to fulfil its before insert trigger and convert the username to upper
case. As far as gsec is concerned, 'GRANT' is just data.

However, when it comes to permissions and other SQL database-level stuff, a
username is handled as an identifier and hence, if it is a word that isn't
a legal identifier, it cannot be used "raw" without conflicting with checks
on keywords.

Really, it would be best if all parents were given a copy of the SQL
reserved words before registering their children's names, to avoid
potential conflicts with keywords. :-))