| Subject | issue with granting roles |
|---|---|
| Author | C.J. |
| Post date | 2006-04-17T20:38:21Z |
Hello All,
I have a PHP script front-end to a firebird database. In the
database I have setup a three roles that have declining levels of
access, defines as Admin, Mgr and User. From the web-interface any
Admin can create new users and set the security level. I can varify
that the roles are set correctly, but I am have an issue with this
error...
================================================
no permission for delete/write access to TABLE <table1>
================================================
My setup is like this...
========================
Using superserver. 1.5
Using IbEasy+ 1.5
- made main user, request_admin.
- request_admin makes a database called request.
- request_admin make the tables; table1, table2, and table3
- each table has one primary index.
- the three tables are "free tables", all relations are handles in
code.
- request_admin sets up three roles admin, mgr and user
- admin permissions are set as follows GRANT ALL ON TABLE1 TO ADMIN
WITH GRANT OPTION. This is repeated for each table in the database.
- mgr is set with GRANT [ALL]|[SELECT] ON TABLE1 TO MGR. Either ALL
or SELECT is used in each statement. For TABLE1, ALL is used.
- user is the same as mgr, but user is only given ALL on TABLE1 only.
From my php script i can log into the database, as REQUEST_ADMIN,
and insert, delete, or change users. When I add users I also grant
the correct ROLE. I can then open IbEasy and see the desired results.
But I can not delete from TABLE1...,even though I have checked to
make sure that the named user, Lets say 'Bob', is assigned the mgr
role. and the mgr role has delete permission on table1. This
permission was granted by the creator(a.k.a - owner) of the database.
Now I did a test and using IbEasy, changed the permissions for the
user (Bob) to have delete access to table1 and Wa-La, Bob can delete!
So now I'm wondering, are roles broken? or have I missed something?
I have a PHP script front-end to a firebird database. In the
database I have setup a three roles that have declining levels of
access, defines as Admin, Mgr and User. From the web-interface any
Admin can create new users and set the security level. I can varify
that the roles are set correctly, but I am have an issue with this
error...
================================================
no permission for delete/write access to TABLE <table1>
================================================
My setup is like this...
========================
Using superserver. 1.5
Using IbEasy+ 1.5
- made main user, request_admin.
- request_admin makes a database called request.
- request_admin make the tables; table1, table2, and table3
- each table has one primary index.
- the three tables are "free tables", all relations are handles in
code.
- request_admin sets up three roles admin, mgr and user
- admin permissions are set as follows GRANT ALL ON TABLE1 TO ADMIN
WITH GRANT OPTION. This is repeated for each table in the database.
- mgr is set with GRANT [ALL]|[SELECT] ON TABLE1 TO MGR. Either ALL
or SELECT is used in each statement. For TABLE1, ALL is used.
- user is the same as mgr, but user is only given ALL on TABLE1 only.
From my php script i can log into the database, as REQUEST_ADMIN,
and insert, delete, or change users. When I add users I also grant
the correct ROLE. I can then open IbEasy and see the desired results.
But I can not delete from TABLE1...,even though I have checked to
make sure that the named user, Lets say 'Bob', is assigned the mgr
role. and the mgr role has delete permission on table1. This
permission was granted by the creator(a.k.a - owner) of the database.
Now I did a test and using IbEasy, changed the permissions for the
user (Bob) to have delete access to table1 and Wa-La, Bob can delete!
So now I'm wondering, are roles broken? or have I missed something?