Subject RE: [firebird-support] Real problem with permissions
Author Paul Hope
Hello Andre

> -----Original Message-----
> From:
> [] On Behalf Of André
> Knappstein
> Sent: 30 June 2008 11:56
> To:
> Subject: Re: [firebird-support] Real problem with permissions
> >> Typically what happens is that everything works OK, then one day I
> >> get a call to say that an error has occurred 'No
> permission to access table xxx'.
> >> I log on remotely using the app and get the same error. I go into
> >> IBExpert and look at the permissions and they are all there. I
> >> delete them, reinstate them, re-start the app and everything is OK.
> Paul,
> I saw such a behaviour in 2 scenarios; both of which do not
> seem to apply to your situation; but you can never be too sure :)
Always worth a try ;-)

> Maybe someone will jump in with additional scenarios later.
> a.) make sure that whatever is logging you into the database
> is always doing so as "PAUL" (all uppercase) and not as "Paul".
> There has been or still is a bug in 1.5 that will assign to
> you the "PUBLIC" user permissions if your log-in name is not
> all uppercase.
> Most users will never find out, because they are lavishly
> giving nearly all permissions to "PUBLIC"; but if you do
> block the PUBLIC user (probably a good idea), then you will
> get "No permission..."

I didnt know about that problem but it wont apply here because the program
logs in as PAUL not the user. The program logs in, asks for user name and
password, then checks these against a USER table.

> b.) a member of our usergroup was forced to share his
> database with a 3rd party software which - so we found out
> later - has been always working in "table snapshot"
> isolation. I don't remember the details, and if I did I
> probably would not understand them, but the effect was pretty
> much the same:
> Tables were there, but could not be accessed by anybody else
> in the network until the application that created the table
> was shut down (!). Obviously they also did not care too much
> about terminating transactions.
The table is only created by my app using committed isolation. The customer
can access the database using Lotus Notes and ODBC, could it be possible
that this is causing a problem?

> >> The database has two logins SYSDBA and PAUL. All user security is
> >> handled within the client app which logs in as PAUL. There are no
> >> roles defined
> It is by the way fairly easy to create a mapping "windows
> user/application user/database user". That way you would not
> only have user "PAUL" logged in, and could make use of some
> wonderful monitoring/logging functions.
I assume that if I did that the customer system admin could be in control of
database access - which I wouldnt want.

> ciao,
> André
Thanks Andre, any more thoughts on Lotus Notes and ODBC woudl be useful.