| Subject | Re: issue with granting roles |
|---|---|
| Author | C.J. |
| Post date | 2006-04-18T13:56:05Z |
--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@...>
wrote:
shown here.
====================================
resource ibase_pconnect ( [string database [, string username [,
string password [, string charset [, int buffers [, int dialect [,
string role [, int sync]]]]]]]] )
------------------------------------
is this required to enable "Bob's" role of mgr? If this is so, then
whats the purpose of granting a role to Bob? So he can have more
than one role, maybe?
wrote:
>varify
> At 06:38 AM 18/04/2006, you wrote:
> >Hello All,
> >
> >I have a PHP script front-end to a firebird database. In the
> >database I have setup a three roles that have declining levels of
> >access, defines as Admin, Mgr and User. From the web-interface any
> >Admin can create new users and set the security level. I can
> >that the roles are set correctly, but I am have an issue with thisADMIN
> >error...
> >================================================
> >no permission for delete/write access to TABLE <table1>
> >================================================
> >
> >My setup is like this...
> >========================
> >Using superserver. 1.5
> >Using IbEasy+ 1.5
> >- made main user, request_admin.
> >- request_admin makes a database called request.
> >- request_admin make the tables; table1, table2, and table3
> >- each table has one primary index.
> >- the three tables are "free tables", all relations are handles in
> >code.
> >- request_admin sets up three roles admin, mgr and user
> >- admin permissions are set as follows GRANT ALL ON TABLE1 TO
> >WITH GRANT OPTION. This is repeated for each table in thedatabase.
> >- mgr is set with GRANT [ALL]|[SELECT] ON TABLE1 TO MGR. EitherALL
> >or SELECT is used in each statement. For TABLE1, ALL is used.only.
> >- user is the same as mgr, but user is only given ALL on TABLE1
> >REQUEST_ADMIN,
> > >From my php script i can log into the database, as
> >and insert, delete, or change users. When I add users I also grantresults.
> >the correct ROLE. I can then open IbEasy and see the desired
> >database.
> >But I can not delete from TABLE1...,even though I have checked to
> >make sure that the named user, Lets say 'Bob', is assigned the mgr
> >role. and the mgr role has delete permission on table1. This
> >permission was granted by the creator(a.k.a - owner) of the
> >delete!
> >Now I did a test and using IbEasy, changed the permissions for the
> >user (Bob) to have delete access to table1 and Wa-La, Bob can
> >something?
> >So now I'm wondering, are roles broken? or have I missed
>The PHP function ibase_pconnect() list role as an optional value as
> You didn't mention that BOB's login structure included the role
> name. Is this what you missed?
>
> ./heLen
>
shown here.
====================================
resource ibase_pconnect ( [string database [, string username [,
string password [, string charset [, int buffers [, int dialect [,
string role [, int sync]]]]]]]] )
------------------------------------
is this required to enable "Bob's" role of mgr? If this is so, then
whats the purpose of granting a role to Bob? So he can have more
than one role, maybe?