Subject RE: [firebird-support] A question about roles
Author Miracle Information Systems
-----Original message-----
From: "Alan McDonald" alan@...
Date: Wed, 09 May 2007 14:33:10 +0100
To: firebird-support@yahoogroups.com
Subject: RE: [firebird-support] A question about roles

> > We are using Firebird 2.0.1 database for the Delphi application
> > we have developed.
> >
> > The users that use the application must have different access
> > permissions on tables so we use roles to achieve that.
> > So everytime a user connects to the database he supplies the
> > username, role and password in order to connect.
> > So far so good.
> >
> > I have tried to establish connections withour supplying the role,
> > but then the user cannot access anything that is not explicitly
> > granted to the user or ALL for select. I personally don't like
> > granting permissions to users explicitly. I prefer granting roles
> > to users.
> >
> > My question is why the user should supply the role to the
> > database. Doesn't the database know which role every user belongs
> > to. After all as I've seen from the metadata, there are such
> > structures that keep the memberships in the database.
> > And how should I deal with users granted more that one roles at a
> > time since I can provide only one role to the connection.
> >
> > Thanks
> > Jean-Paul
>
> roles are created and stored int the database. users are created in the security database. So, no, the database does not know about users, only roles.
> users have to disconnect as one role and reconnect as another. OR you grant a role to a super role thereby allowing users whoc logon as a "super-role" the rights afforded by multiple lesser roles.
> Alan
>
>
>
>

Yes, I understand the usage of roles and the difference with groups. It's not what I'm trying to find out here.
The main reason why I ask this is just for making the user's and administrator's life easier (lazy me :) ).

I just haven't been in any situation where the same user has to provide different roles depending on what he is doing.
Of course, creating an other role with granted priviledges from other roles would make user's life easier but not for the administrator which will have to maintain lots of roles.

I'm not trying to say that it is not good. We've been using Firebird for many years with great success and we use roles every time. I just wanted to share my opinion here.

Thanks for the reponse

Jean-Paul




[Non-text portions of this message have been removed]