| Subject | security problem with user permission! |
|---|---|
| Author | juniorvf |
| Post date | 2006-02-20T13:07:31Z |
Hello Fellows!
I work on ministry of education of Brazilian government.
I'm trying to use firebird 1.5.3 like a departmental database server
instead of MS Sql Server 2000.
But we are having a security problem with users permission!
1-I created a user SYSDBSIMAP_DEV, with password sysdbsimap_dev;
2-I revoked its permissions as listed below:
Revoke Insert , delete , update On RDB$RELATIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_CONSTRAINTS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_FIELDS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$ROLES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$USER_PRIVILEGES from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURE_PARAMETERS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTION_ARGUMENTS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$GENERATORS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDEX_SEGMENTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDICES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$EXCEPTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$DATABASE from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGERS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGER_MESSAGES from
SYSDBSIMAP_DEVP
3-I created a new database named sysdbsimap_dev using the sysdba
permission.
4-I generated the tables, procedures and several indexes on that
database connected as sysdba.
5-Then i registered the database using the sysdbsimap_dev user.
I noticed that the user sysdbsimap_dev doesn't have permission to
alter the objects created by sysdba.
Unfortunately, the user can create new objects on database( tables,
procedures,etc)!
How can I do to deny those permissions to user sysdbsimap_dev? I want
the user only have permissions for insert, update, delete and execute
procedures on my database.
Please, help me!
If I can't assure that an application user can not create objects on
my database, my boss will stop to use firebird anymore! He will use
postgres...
My work environment is:
1. A dedicated server
2. Linux debian operational system.
3. Firebird 1.5.3 located on /opt/firebird
Thanks,
Vicente Ferreira Jr.
I work on ministry of education of Brazilian government.
I'm trying to use firebird 1.5.3 like a departmental database server
instead of MS Sql Server 2000.
But we are having a security problem with users permission!
1-I created a user SYSDBSIMAP_DEV, with password sysdbsimap_dev;
2-I revoked its permissions as listed below:
Revoke Insert , delete , update On RDB$RELATIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_CONSTRAINTS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_FIELDS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$ROLES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$USER_PRIVILEGES from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURE_PARAMETERS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTION_ARGUMENTS from
SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$GENERATORS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDEX_SEGMENTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDICES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$EXCEPTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$DATABASE from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGERS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGER_MESSAGES from
SYSDBSIMAP_DEVP
3-I created a new database named sysdbsimap_dev using the sysdba
permission.
4-I generated the tables, procedures and several indexes on that
database connected as sysdba.
5-Then i registered the database using the sysdbsimap_dev user.
I noticed that the user sysdbsimap_dev doesn't have permission to
alter the objects created by sysdba.
Unfortunately, the user can create new objects on database( tables,
procedures,etc)!
How can I do to deny those permissions to user sysdbsimap_dev? I want
the user only have permissions for insert, update, delete and execute
procedures on my database.
Please, help me!
If I can't assure that an application user can not create objects on
my database, my boss will stop to use firebird anymore! He will use
postgres...
My work environment is:
1. A dedicated server
2. Linux debian operational system.
3. Firebird 1.5.3 located on /opt/firebird
Thanks,
Vicente Ferreira Jr.