| Subject | Re: [firebird-support] Grant all to all |
|---|---|
| Author | Helen Borrie |
| Post date | 2007-03-25T23:23:08Z |
At 08:15 AM 26/03/2007, you wrote:
and cleanest (and proper) way to deal with this. In the easy case,
take the few minutes needed to prepare the script for the role's
privileges, covering everything that the generic user needs.
Maybe on Day one, you have only one database and only login that
everyone uses, call it "GENERIC", if you like. Write your role
specific to the database and just grant it to the user
GENERIC. Later changes on the server won't bump into the privs for
the original database...and you won't ever be confronted with
problems if someone else installs unrelated software that gives *its*
users access to the original database through PUBLIC.
./helen
>Not all databases try to be Fort Knox ;-)Nevertheless, the point I'm making is that using ROLE is the simplest
>
>It is good that Firebird gives us this flexibility, but as Firebird is
>also very useful for small, non-critical database applications, it can
>be tedious to grant everything to everybody. Currently, the only way
>to get around that is to log on as SYSDBA or the database owner. But
>then, CURRENT_USER or the list of connected users from the server is
>useless.
and cleanest (and proper) way to deal with this. In the easy case,
take the few minutes needed to prepare the script for the role's
privileges, covering everything that the generic user needs.
Maybe on Day one, you have only one database and only login that
everyone uses, call it "GENERIC", if you like. Write your role
specific to the database and just grant it to the user
GENERIC. Later changes on the server won't bump into the privs for
the original database...and you won't ever be confronted with
problems if someone else installs unrelated software that gives *its*
users access to the original database through PUBLIC.
./helen