Subject Re: [firebird-support] rights issue
Author Helen Borrie
At 12:54 AM 1/08/2006, you wrote:
>i am currently logging on to my databases as sysdba only but i do want
>to implement user functionality into my application, so i would like
>to know how firebird users/rights work? does it work like linux file
>permissions; i.e. does it all work with these two kinds of permissions
>(view, modify) which a user may o may not have?

No. It's about granting access rights and operational privileges on
database objects to users and to other objects.

>how do i grant permissions on a database?

You don't. Rights and privs are GRANTed on database objects.

>who can grant permissions on a database?

Initially, the Owner of the database and SYSDBA. It is possible for
those users to hand on the privilege of GRANTing privileges (WITH

>suppose user x creates a database, what are the default permissions
>for other users, i.e. what can they do with the database?

Nothing. Each privilege (e.g. SELECT, UPDATE, INSERT, DELETE,
EXECUTE, REFERENCES) must be granted specifically. Privileges can be
packaged into a ROLE. When that role is granted to a user, the user
acquires all the privileges for that role. There is also a user
PUBLIC to which you can grant privs that anyone can have; and a
special package of privs called ALL which encompasses SELECT, UPDATE,

It's not a five-minute voyage.

>i'll also be glad if you just show me the right resources where i can
>read up on this topic...

1. The Firebird Book, Chapter 35 (a whole chapter on the subject)

2. (watch wrap)
I think this paper is also available in German.

3. Also look up GRANT and REVOKE in the IB 6 LangRef.pdf.

Plus, many of the free and commercial Admin tools include a privilege
management utility.