> > PUBLIC privileges, IMHO, cause more problems than they solve. It is
> > far preferable to create the ROLEs (which can be done with a
> > carefully prepared script in your favourite text editor, with
> > copy-and-paste) and then to grant and revoke the required roles as
> > required. The benefits are that your script acts as documentation of
> > the privileges that are available and that new roles can be created
> > subsequently to meet new conditions as they arise.
>
> Not all databases try to be Fort Knox ;-)
>
> It is good that Firebird gives us this flexibility, but as Firebird is
> also very useful for small, non-critical database applications, it can
> be tedious to grant everything to everybody. Currently, the only way
> to get around that is to log on as SYSDBA or the database owner. But
> then, CURRENT_USER or the list of connected users from the server is
> useless.
>
> Regards
>
> Stefan

it's still a lot simpler to use roles.
each time you add a new ibject usin the "public" method you still have to
issue a gratn statement.
But if this grant statement is to a role instead, then it's more effective
as an end result.
Alan