| Subject | Re: [firebird-support] I can't get roles to work... |
|---|---|
| Author | Helen Borrie |
| Post date | 2007-05-21T01:44:39Z |
At 08:09 AM 21/05/2007, you wrote:
The table will happily store "rubbish" like GRANT TOOLUSER TO BOBJOHN
but of course, because it *is* rubbish, it doesn't have any entries in the ACL.
./hb
>I am just trying 2.01 for the first time and having trouble gettinggrant ROLE tooluser to BOBJOHN
>roles to work as advertised. Using isql I log in as sysdba and execute
>the following statements:
>
>CREATE TABLE TEST_TABLE(COLUMN_1 Integer, COLUMN_2 Varchar(100));
>
>INSERT INTO TEST_TABLE VALUES (1, 'Hi Mom');
>INSERT INTO TEST_TABLE VALUES (2, 'Greetings');
>INSERT INTO TEST_TABLE VALUES (3, 'Hellllo Nurse!');
>COMMIT;
>
>CREATE ROLE TOOLUSER;
>
>GRANT SELECT ON TEST_TABLE TO ROLE TOOLUSER;
>
>GRANT TOOLUSER TO BOBJOHN;
>
>After executing these statements (without error) I then query the
>contents of the table test_table just to make sure everything is
>there, and it is.
>
>I then login as the user bobjohn with the role tooluser. The
>connection response indicates I have connected with the role. I then
>try to query the table test_table contents and get the error message:
>
>Statement failed, SQLCODE = -551
>no permission for read/select access to TABLE TEST_TABLE
>
>I can then execute the command: 'SHOW GRANTS;' and I get the response:
>
>GRANT SELECT ON TEST_TABLE TO ROLE TOOLUSER
>GRANT TOOLUSER TO BOBJOHN
>
>Any ideas what I am doing wrong?
The table will happily store "rubbish" like GRANT TOOLUSER TO BOBJOHN
but of course, because it *is* rubbish, it doesn't have any entries in the ACL.
./hb