| Subject | security problems with users permission! |
|---|---|
| Author | Vicente Ferreira Jÿfffffanior |
| Post date | 2006-02-20T14:22Z |
Hello Fellows!
I work on ministry of education of Brazilian government.
Im trying to use firebird 1.5.3 like a departmental database server instead of MS Sql Server 2000.
But we are having a security problem with users permission!
1-I created a user SYSDBSIMAP_DEV, with password sysdbsimap_dev;
2-I revoked its permissions as listed below:
Revoke Insert , delete , update On RDB$RELATIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_CONSTRAINTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_FIELDS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$ROLES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$USER_PRIVILEGES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURE_PARAMETERS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTION_ARGUMENTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$GENERATORS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDEX_SEGMENTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDICES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$EXCEPTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$DATABASE from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGERS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGER_MESSAGES from SYSDBSIMAP_DEVP
3-I created a new database named sysdbsimap_dev using the sysdba permission.
4-I generated the tables, procedures and several indexes on that database connected as sysdba.
5-Then i registered the database using the sysdbsimap_dev user.
I noticed that the user sysdbsimap_dev doesnt have permission to alter the objects created by sysdba.
Unfortunately, the user can create new objects on database( tables, procedures,etc)!
How can I do to deny those permissions to user sysdbsimap_dev? I want the user only have permissions for insert, update, delete and execute procedures on my database.
Please, help me!
If I cant assure that an application user can not create objects on my database, my boss will stop to use firebird anymore! He will use postgres...
My work environment is:
1. A dedicated server
2. Linux debian operational system.
3. Firebird 1.5.3 located on /opt/firebird
Thanks,
Vicente Ferreira Jr.
Vicente Ferreira Júnior.
To One Step Of The Future...
---------------------------------
Yahoo! Acesso Grátis
Internet rápida e grátis. Instale o discador agora!
[Non-text portions of this message have been removed]
I work on ministry of education of Brazilian government.
Im trying to use firebird 1.5.3 like a departmental database server instead of MS Sql Server 2000.
But we are having a security problem with users permission!
1-I created a user SYSDBSIMAP_DEV, with password sysdbsimap_dev;
2-I revoked its permissions as listed below:
Revoke Insert , delete , update On RDB$RELATIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_CONSTRAINTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$RELATION_FIELDS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$ROLES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$USER_PRIVILEGES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$PROCEDURE_PARAMETERS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$FUNCTION_ARGUMENTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$GENERATORS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDEX_SEGMENTS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$INDICES from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$EXCEPTIONS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$DATABASE from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGERS from SYSDBSIMAP_DEVP
Revoke Insert , delete , update On RDB$TRIGGER_MESSAGES from SYSDBSIMAP_DEVP
3-I created a new database named sysdbsimap_dev using the sysdba permission.
4-I generated the tables, procedures and several indexes on that database connected as sysdba.
5-Then i registered the database using the sysdbsimap_dev user.
I noticed that the user sysdbsimap_dev doesnt have permission to alter the objects created by sysdba.
Unfortunately, the user can create new objects on database( tables, procedures,etc)!
How can I do to deny those permissions to user sysdbsimap_dev? I want the user only have permissions for insert, update, delete and execute procedures on my database.
Please, help me!
If I cant assure that an application user can not create objects on my database, my boss will stop to use firebird anymore! He will use postgres...
My work environment is:
1. A dedicated server
2. Linux debian operational system.
3. Firebird 1.5.3 located on /opt/firebird
Thanks,
Vicente Ferreira Jr.
Vicente Ferreira Júnior.
To One Step Of The Future...
---------------------------------
Yahoo! Acesso Grátis
Internet rápida e grátis. Instale o discador agora!
[Non-text portions of this message have been removed]