| Subject | Problems with Linux users and roles |
|---|---|
| Author | phil_hhn |
| Post date | 2006-02-16T04:53:22Z |
Hi,
We're having a bit of trouble managing Firebird (1.5.x) logins under
linux.
We are installing a database and need to have our own user login on a
per-site basis. This is often a 'blank' database with a few simple
tables for our system but no data yet. I.e the idea is that a customer
receives our system with either a 'blank' database template or a
database which has already been populated with their data.
So when the user receives our system we need to provide them a script
to which they supply a username, then that is used to create a user in
the database for use with our system. We use the User and Role Stored
Procedures from 'The Firebird Book' and run via iSQL. We've tried to
assign the user/role full rights - they can add/modify delete data ok,
but seems they cannot add/delete columns or tables, which they must
also be able to do. Seems you can only change metadata as sysdba
unless you are the owner of those objects (tables, views, etc)?
So we fell back to a _completely_ empty database with none of our
tables yet in it. We next create the user/role, then run the schema to
add all the tables, etc. Now the user _is_ the owner of those objects,
so they CAN modify metadata.
Now the trouble begins.
1) Our helpdesk has already created a bunch of different client
databases for a whole lot of clients. But all the database objects
will be owned by sysdba. So when a client gets their installer from us
and they create a user in the database, it has no access to modify
metadata. How can we retrospectively go back to changing all the
ownership or access rights for the existing metadata in each database?
[Each one is the result of many hours running through a migration
process so it's not too feasible to do it all again.]
2) When our helpdesk needs to create a new customer database, they
always do it against a 'blank' template in which the common structure
(tables, views etc) for all systems is the same (obviously saves a lot
of unnecessary repetition). However if they always have to start with
a completely empty database and run the database creation schema every
time with a user specific to each site, this will not only slow down
the process but also become an administration nightmare as they
continually change user logins (mistakes are bound to be made).
We cannot simply send out a security.fdb file for each different
client as this a) would also be an admin hassle and b) we can't simply
overwrite their security.fdb incase they already use Firebird for
other purposes.
This all seems too complicated and is giving us headaches. Maybe
there's a better way? All need is to be able to add a Firebird user
which has FULL rights to our database, including the power to modify
metadata (without having to create all db objects from scratch as that
user!). Is there a way?
I don't normally stick up for MS SQL Server but when you create a
Login in MS Enterprise Manager and give them full access to a database
that's all you have to do; it's very easy. Is there a similar way in
Firebird?
Any suggestions?
We're having a bit of trouble managing Firebird (1.5.x) logins under
linux.
We are installing a database and need to have our own user login on a
per-site basis. This is often a 'blank' database with a few simple
tables for our system but no data yet. I.e the idea is that a customer
receives our system with either a 'blank' database template or a
database which has already been populated with their data.
So when the user receives our system we need to provide them a script
to which they supply a username, then that is used to create a user in
the database for use with our system. We use the User and Role Stored
Procedures from 'The Firebird Book' and run via iSQL. We've tried to
assign the user/role full rights - they can add/modify delete data ok,
but seems they cannot add/delete columns or tables, which they must
also be able to do. Seems you can only change metadata as sysdba
unless you are the owner of those objects (tables, views, etc)?
So we fell back to a _completely_ empty database with none of our
tables yet in it. We next create the user/role, then run the schema to
add all the tables, etc. Now the user _is_ the owner of those objects,
so they CAN modify metadata.
Now the trouble begins.
1) Our helpdesk has already created a bunch of different client
databases for a whole lot of clients. But all the database objects
will be owned by sysdba. So when a client gets their installer from us
and they create a user in the database, it has no access to modify
metadata. How can we retrospectively go back to changing all the
ownership or access rights for the existing metadata in each database?
[Each one is the result of many hours running through a migration
process so it's not too feasible to do it all again.]
2) When our helpdesk needs to create a new customer database, they
always do it against a 'blank' template in which the common structure
(tables, views etc) for all systems is the same (obviously saves a lot
of unnecessary repetition). However if they always have to start with
a completely empty database and run the database creation schema every
time with a user specific to each site, this will not only slow down
the process but also become an administration nightmare as they
continually change user logins (mistakes are bound to be made).
We cannot simply send out a security.fdb file for each different
client as this a) would also be an admin hassle and b) we can't simply
overwrite their security.fdb incase they already use Firebird for
other purposes.
This all seems too complicated and is giving us headaches. Maybe
there's a better way? All need is to be able to add a Firebird user
which has FULL rights to our database, including the power to modify
metadata (without having to create all db objects from scratch as that
user!). Is there a way?
I don't normally stick up for MS SQL Server but when you create a
Login in MS Enterprise Manager and give them full access to a database
that's all you have to do; it's very easy. Is there a similar way in
Firebird?
Any suggestions?