Author Adam
--- In, Michael Weissenbacher
<mw@...> wrote:
> Hi,
> > You do not normally want to grant everyone all access to everything.
> > Most people for whom security is of no concern could simply log in as
> > SYSDBA (which has rights to everything).
> Of course, but I often have the requirement to grant full access to all
> things in a database to a particular user. It often happens to me that a
> certain (web-)application needs full access to its database but to none
> of the others. They should never log in as SYSDBA, because they would be
> able to access other databases too. Vice versa, a REVOKE ALL FROM
> EVERYONE would be nice too.
> >
> > But if you did want to head down that road, surely it would not be too
> > hard to create a stored procedure. This procedure could run a for
> > select loop through RDB$RELATIONS, then use the EXECUTE STATEMENT
> > syntax (see FB 1.5 Release notes) to do the grant.
> > Then execute the procedure and commit.
> This sounds like a good idea, I will look into it. If I come up with a
> working solution, what would be a good place to put it so others can use
> it too? Maybe send it to helen for inclusion in the release notes?

It's not really the sort of thing release notes are for. Somewhere
like may be better. There is definately room for more
'useful tricks', but I think we want to be careful that important
information about fixed bugs and new features isn't swallowed by 100s
of these tricks. By the same token, I don't like the idea of different
pieces of knowledge scattered everywhere. I think Si has done an
excellent job with fbtalk, so that is where I would post.

If you do make a generic SP, provide an input parameter to allow you
to specify the user / role you are granting to.