| Subject | RE: [firebird-support] Connect using a ROLE that has not been GRANTed |
|---|---|
| Author | Jarrod Hollingworth |
| Post date | 2008-04-17T06:49:39Z |
Thanks Dean and Helen,
I realized my mistake of granting privileges to the users directly instead
of the roles and corrected that. I understand Firebird users and roles in
general - I just forgot to select the 'roles' dropdown instead of 'users' in
the gui when granting the privileges and I didn't spot it due to the
similarity of role and user names (GENUSER + GENROLE)! Bad example.
With that corrected it still allows the connection with the non-granted role
but defaults to no privileges. At least that is a better clue that something
was wrong in the connection params.
(read-only) context and a general (read-write) context? Do you propose two
separate user accounts?
Regards,
Jarrod Hollingworth
I realized my mistake of granting privileges to the users directly instead
of the roles and corrected that. I understand Firebird users and roles in
general - I just forgot to select the 'roles' dropdown instead of 'users' in
the gui when granting the privileges and I didn't spot it due to the
similarity of role and user names (GENUSER + GENROLE)! Bad example.
With that corrected it still allows the connection with the non-granted role
but defaults to no privileges. At least that is a better clue that something
was wrong in the connection params.
> It doesn't make sense to grant multiple roles to a user.Really? What if you wanted someone to be able to work in a reporting
(read-only) context and a general (read-write) context? Do you propose two
separate user accounts?
Regards,
Jarrod Hollingworth