> PUBLIC privileges, IMHO, cause more problems than they solve. It is
> far preferable to create the ROLEs (which can be done with a
> carefully prepared script in your favourite text editor, with
> copy-and-paste) and then to grant and revoke the required roles as
> required. The benefits are that your script acts as documentation of
> the privileges that are available and that new roles can be created
> subsequently to meet new conditions as they arise.

Not all databases try to be Fort Knox ;-)

It is good that Firebird gives us this flexibility, but as Firebird is
also very useful for small, non-critical database applications, it can
be tedious to grant everything to everybody. Currently, the only way
to get around that is to log on as SYSDBA or the database owner. But
then, CURRENT_USER or the list of connected users from the server is
useless.

Regards

Stefan