At 02:26 PM 25/03/2008, you wrote:

>Hi all,
>
>
>H> Hmm, you apparently don't understand the purpose of roles.
>H> A role is a package of permissions. Once the package is
>H> set up, then the role is granted to each user that
>H> requires those permissions.
>
>
>One thing I can't understand about Firebird roles is WHY do you need
>to "set" one at client connection. If you've already granted
>the "package of permissions" (roles) to the user, and the DB already
>know about it, why on the earth do the client has to set this
>information for the connection? That's quite annoying.
>
>I wished this worked in a more "smart" way... when connected the user
>would just have access to everything already granted to the user and
>(all) it's granted roles.

Wish....wish...wish...we are talking about the SQL standard. "Smart" does not figure on its 10 Most Wanted. ;-) But there are other reasons that you could say are Firebird-specific. "User" at logon is for server-level authentication. As it happens, users also exist in the SQL permissions (if you put them there). It is a matter of convenience to you that Firebird treats "server" users and "privileges" users as though they were the same thing. But they are not; and in fact you can grant permissions to users that don't exist at server level at all.

./heLen