Subject RE: [firebird-support] Permissions problem on database restore.
Author Alan McDonald
> At 1:18 PM -0400 5/21/08, Ray Cote wrote:
> >Hi All:
> >
> >I'm having a permissions problem trying to restore a schema that was
> >backed up from an embedded database.
> >
> >If I understand correctly, when I restore a database, the
> user that did
> >the restore should have full access to the information. I get a
> >permission error when I attempt to read any of the restored tables.
> >
> >Here's the process:
> >(This is all done with Firebird 2.0).
> >- create an embedded database.
> >- back it up.
> >- create a user called BOB on a Firebird server.
> >- gbak restore the backup, as BOB.
> >- connect via isql as BOB
> >- select * from systemattribute
> >- ..failed, SQLCODE = -551
> >no permission for read/select access to TABLE SYSTEMATTRIBUTE
> >
> >Shouldn't BOB have full access to the schema?
> >Is there something different because I started with an
> embedded schema?
> >
> >Note: I'm using the backup services in kinterbasdb (Python)
> to backup
> >the embedded and using gbak to do the restore to the full server.
> >
> >Any pointers as to where I should look.
> >
> >Thanks
> >--Ray
> In further research, the embedded is not involved with the
> problem I'm seeing. When I create a schema under one user,
> use gbak to back it up, create
> a new user, use gbak to restore, I cannot do a select on any of the
> tables due to permissions.
> According to the Firebird Reference, page 814, running gbak restore
> should change ownership.
> I'm obviously missing something fairly fundamental and hope someone
> can provide a pointer for my cluelessnes.
> --Ray

This new bob will own the database but unfortunately it will never own the
objects inside it (unless you ask Thomas Steinmaurer here on the list) for
his beautifull little utility which changes all object ownerships to this
new identity.
Ether that.. Or create a a role which has access to everything, and grant
this role to new person.
The embedded will ignore all this if you do not log on with a role (ie just
any person).