| Subject | Re: [firebird-support] grant sgestockviewer to GRANT; |
|---|---|
| Author | Helen Borrie |
| Post date | 2005-09-20T06:49:45Z |
At 02:15 PM 20/09/2005 +1000, you wrote:
While it's true you can't grant privileges to a user defined with the
unquoted identifier 'Grant', if you use the right syntax for the GRANT
statement you should be able to grant privileges to "GRANT".
GRANT ALL ON SALES TO "GRANT"
i.e. it's not legal syntax to grant an object. You grant a privilege (or a
package of privileges, in the case of GRANT ALL or GRANT ROLE).
In detail:
Gsec will allow this:
gsec -add Grant -pw molotov
gsec -display
SYSDBA
MICKEY
...
GRANT
As you see, the username is stored in upper case and gsec doesn't care
about your use of a reserved word for the username. All gsec cares about
is to fulfil its before insert trigger and convert the username to upper
case. As far as gsec is concerned, 'GRANT' is just data.
However, when it comes to permissions and other SQL database-level stuff, a
username is handled as an identifier and hence, if it is a word that isn't
a legal identifier, it cannot be used "raw" without conflicting with checks
on keywords.
Really, it would be best if all parents were given a copy of the SQL
reserved words before registering their children's names, to avoid
potential conflicts with keywords. :-))
./heLen
>Hello,Check the syntax pattern for the GRANT statement.
>
>How do I grant a role to a user named Grant?
>
>e.g. grant sales to GRANT;
>
>Database rejects my statment with our without quotes.
While it's true you can't grant privileges to a user defined with the
unquoted identifier 'Grant', if you use the right syntax for the GRANT
statement you should be able to grant privileges to "GRANT".
GRANT ALL ON SALES TO "GRANT"
i.e. it's not legal syntax to grant an object. You grant a privilege (or a
package of privileges, in the case of GRANT ALL or GRANT ROLE).
In detail:
Gsec will allow this:
gsec -add Grant -pw molotov
gsec -display
SYSDBA
MICKEY
...
GRANT
As you see, the username is stored in upper case and gsec doesn't care
about your use of a reserved word for the username. All gsec cares about
is to fulfil its before insert trigger and convert the username to upper
case. As far as gsec is concerned, 'GRANT' is just data.
However, when it comes to permissions and other SQL database-level stuff, a
username is handled as an identifier and hence, if it is a word that isn't
a legal identifier, it cannot be used "raw" without conflicting with checks
on keywords.
Really, it would be best if all parents were given a copy of the SQL
reserved words before registering their children's names, to avoid
potential conflicts with keywords. :-))
./heLen