>>
>> That's not a good solution.
>> Is there any other idea?

> no - not with fb2's new security model, unless you make the mods to
> security2.fdb and distribute the modified version of it.
> That's what I do.
> OR
> in the admin tool of choice, you register 2 servers, one as creator and one
> as SYSDBA, use the owner registered server to do your dev work, and the
> SYSDBA registered server to do the permissions.

> if you use roles, then role admin is carried out without seeing WHO
> (specific users) on the server. You can grant roles to users also without
> seeing them, with a grant statement.
> but yes, the full use of gui grant managers to individual users is not going
> to work with the standard install unless you are SYSDBA.

Thank you, but that's no solution for me as I don't give away the
sysdba pw to others but db accounts.

Due to the architecture of separating user and roles in different dbs
I think I do have to build an own admin tool...


--
Björn Reimer, Datenbanken und DV-Verfahren