--- In firebird-support@yahoogroups.com, Michael Weissenbacher
<mw@...> wrote:

>
> Hi,
> > You do not normally want to grant everyone all access to everything.
> > Most people for whom security is of no concern could simply log in as
> > SYSDBA (which has rights to everything).
> Of course, but I often have the requirement to grant full access to all
> things in a database to a particular user. It often happens to me that a
> certain (web-)application needs full access to its database but to none
> of the others. They should never log in as SYSDBA, because they would be
> able to access other databases too. Vice versa, a REVOKE ALL FROM
> EVERYONE would be nice too.
> >
> > But if you did want to head down that road, surely it would not be too
> > hard to create a stored procedure. This procedure could run a for
> > select loop through RDB$RELATIONS, then use the EXECUTE STATEMENT
> > syntax (see FB 1.5 Release notes) to do the grant.
> > Then execute the procedure and commit.
> This sounds like a good idea, I will look into it. If I come up with a
> working solution, what would be a good place to put it so others can use
> it too? Maybe send it to helen for inclusion in the release notes?
>

It's not really the sort of thing release notes are for. Somewhere
like www.fbtalk.net may be better. There is definately room for more
'useful tricks', but I think we want to be careful that important
information about fixed bugs and new features isn't swallowed by 100s
of these tricks. By the same token, I don't like the idea of different
pieces of knowledge scattered everywhere. I think Si has done an
excellent job with fbtalk, so that is where I would post.

If you do make a generic SP, provide an input parameter to allow you
to specify the user / role you are granting to.

Adam