Subject | Re: [firebird-support] Problem with GRANT |
---|---|
Author | Helen Borrie |
Post date | 2007-09-07T02:02Z |
At 11:21 AM 7/09/2007, you wrote:
1. At the top is SYSDBA. This user has all privileges for
everything and can grant privileges on anything to any user.
2. Next is the user that owns an object. The user that created an
object (table, stored procedure, view, role) is the owner. The owner
of an object can grant privileges to any other user, but only on the
objects it owns. If the owner wants the other user to be able to
grant this privilege to another user, it must grant that privilege
WITH GRANT OPTION.
NOTE: The owner of the DATABASE might not be the owner of
objects. The database owner cannot grant privileges on objects it
does not own.
3. At the next level are users who are granted privileges WITH GRANT
OPTION on an object by the owner of that object, or by another user
that has been awarded the privilege[s] WITH GRANT OPTION.
Your problem here is that ADMINISTRADOR lacks the privilege to grant
use of a role to other users, because it did not receive the
privilege WITH GRANT OPTION from the user that granted its privilege
to the role.
./heLen
>Firebird 1.5.4You have to plan the authorities carefully, from the top down.
>
>My APP has an user named ADMINISTRADOR, i need to login with this
>account, to asign roles to anothers, but the following message appears
>
>"User ADMINISTRADOR has no grant admin option on sql role CCENTER"
>
>Please Help.
1. At the top is SYSDBA. This user has all privileges for
everything and can grant privileges on anything to any user.
2. Next is the user that owns an object. The user that created an
object (table, stored procedure, view, role) is the owner. The owner
of an object can grant privileges to any other user, but only on the
objects it owns. If the owner wants the other user to be able to
grant this privilege to another user, it must grant that privilege
WITH GRANT OPTION.
NOTE: The owner of the DATABASE might not be the owner of
objects. The database owner cannot grant privileges on objects it
does not own.
3. At the next level are users who are granted privileges WITH GRANT
OPTION on an object by the owner of that object, or by another user
that has been awarded the privilege[s] WITH GRANT OPTION.
Your problem here is that ADMINISTRADOR lacks the privilege to grant
use of a role to other users, because it did not receive the
privilege WITH GRANT OPTION from the user that granted its privilege
to the role.
./heLen