| Subject | Re: [firebird-support] issue with granting roles |
|---|---|
| Author | Helen Borrie |
| Post date | 2006-04-17T21:49:17Z |
At 06:38 AM 18/04/2006, you wrote:
name. Is this what you missed?
./heLen
>Hello All,You didn't mention that BOB's login structure included the role
>
>I have a PHP script front-end to a firebird database. In the
>database I have setup a three roles that have declining levels of
>access, defines as Admin, Mgr and User. From the web-interface any
>Admin can create new users and set the security level. I can varify
>that the roles are set correctly, but I am have an issue with this
>error...
>================================================
>no permission for delete/write access to TABLE <table1>
>================================================
>
>My setup is like this...
>========================
>Using superserver. 1.5
>Using IbEasy+ 1.5
>- made main user, request_admin.
>- request_admin makes a database called request.
>- request_admin make the tables; table1, table2, and table3
>- each table has one primary index.
>- the three tables are "free tables", all relations are handles in
>code.
>- request_admin sets up three roles admin, mgr and user
>- admin permissions are set as follows GRANT ALL ON TABLE1 TO ADMIN
>WITH GRANT OPTION. This is repeated for each table in the database.
>- mgr is set with GRANT [ALL]|[SELECT] ON TABLE1 TO MGR. Either ALL
>or SELECT is used in each statement. For TABLE1, ALL is used.
>- user is the same as mgr, but user is only given ALL on TABLE1 only.
>
> >From my php script i can log into the database, as REQUEST_ADMIN,
>and insert, delete, or change users. When I add users I also grant
>the correct ROLE. I can then open IbEasy and see the desired results.
>
>But I can not delete from TABLE1...,even though I have checked to
>make sure that the named user, Lets say 'Bob', is assigned the mgr
>role. and the mgr role has delete permission on table1. This
>permission was granted by the creator(a.k.a - owner) of the database.
>
>Now I did a test and using IbEasy, changed the permissions for the
>user (Bob) to have delete access to table1 and Wa-La, Bob can delete!
>
>So now I'm wondering, are roles broken? or have I missed something?
name. Is this what you missed?
./heLen