At 11:56 PM 18/04/2006, you wrote:

> > >
> > >So now I'm wondering, are roles broken? or have I missed
>something?
> >
> > You didn't mention that BOB's login structure included the role
> > name. Is this what you missed?
> >
> > ./heLen
> >
>
>The PHP function ibase_pconnect() list role as an optional value as
>shown here.
>====================================
>resource ibase_pconnect ( [string database [, string username [,
>string password [, string charset [, int buffers [, int dialect [,
>string role [, int sync]]]]]]]] )
>------------------------------------
>
>is this required to enable "Bob's" role of mgr?

Y E S. Y E S. Y E S. Y E S. Y E S. Y E S. Y E S.

>If this is so, then
>whats the purpose of granting a role to Bob?

A role is "a package of privileges". So, the purpose of granting a
role to Bob is to make that package of privileges available to Bob.

>So he can have more than one role, maybe?

Not usually, although it is possible for the same user to log in at
different times using different roles.

I think your mistake is in assuming that roles form something like
user groups. If so, you're not the first. :-)

A simple way to think about the login is:

-- with the username and password the user gets authenticated on the
server but has no privileges in the database.
-- when you add the role, you add all the necessary privileges in the
database.

The alternative to using roles is a complete birdsnest of individual
user privileges that can very easily get right out of control.

./heLen