Subject RE: [firebird-support] A question about roles
Author Alan McDonald
> We are using Firebird 2.0.1 database for the Delphi application
> we have developed.
> The users that use the application must have different access
> permissions on tables so we use roles to achieve that.
> So everytime a user connects to the database he supplies the
> username, role and password in order to connect.
> So far so good.
> I have tried to establish connections withour supplying the role,
> but then the user cannot access anything that is not explicitly
> granted to the user or ALL for select. I personally don't like
> granting permissions to users explicitly. I prefer granting roles
> to users.
> My question is why the user should supply the role to the
> database. Doesn't the database know which role every user belongs
> to. After all as I've seen from the metadata, there are such
> structures that keep the memberships in the database.
> And how should I deal with users granted more that one roles at a
> time since I can provide only one role to the connection.
> Thanks
> Jean-Paul

roles are created and stored int the database. users are created in the security database. So, no, the database does not know about users, only roles.
users have to disconnect as one role and reconnect as another. OR you grant a role to a super role thereby allowing users whoc logon as a "super-role" the rights afforded by multiple lesser roles.