--- In firebird-support@yahoogroups.com, "robertgilland"
<robert_gilland@...> wrote:

>
>
> >
> > It's not as bad as it probably seems to log everyone in as

someone

> > else. You can still use a surrogate name and still connect

everyone

> > through that user. You will need to issue a batch of grant
> statements
> > but I would think there is otherwise little if any code change.
> >
> > Adam
> >
>
> This is frightening. This means we have to write a procedure, that
> checks if the new user exists, if not add him, then go through all
> current Metadata objects and add GRANT access to the new user.

IIRC, the grant will work even if the user doesn't yet exist. There
are some queries around the place that extract all object names from
the RDB$ tables. It would not be hard to manipulate the output of
such queries to write the appropriate grant statements, probably half
an hours work.

>
> On top of this whenever we create a new Metadata object we have to

add

> GRANT to the new user as well.

It will bug you for the first 2 you write, then it is second nature.

> If I don't run these GRANT commands. Does this mean the new user
> cannot read/write to any Tables/Views?

It depends on what you grant too. You can grant select only
permissions for example. I would grant these permissions rather to a
role and grant that role to the user. Then you log in as that user
and that role.

Don't forget to grant access for views, triggers and stored
procedures to do whatever they need to do.

I strongly suggest you read Chapter 35 of the Firebird Book. There is
a lot of information and examples.

But in answer to your question, that is correct.

Adam