Subject Re: [firebird-support] Grants on views
Author Thomas Steinmaurer
> I just can't figure how to set up rights to select from a view on
> Firebird 1.5. So far I only accessed data through the owner of the
> database (no problem there) or through another user who only had access
> to procedures (which I managed to set up fine). But now I need a
> view-accessing user and it just won't work.
>
> Tables:
> master (id, value)
> detail (id, master_id, value)
>
> Views:
> CREATE VIEW master_all (id, value, some_detail)
> AS SELECT id, value, (SELECT MAX(value) FROM detail WHERE
> master_id=m.id) FROM master m;
>
> CREATE VIEW master_some (id, value, some_detail)
> AS SELECT id, value, some_detail FROM master_all WHERE value>123;
>
> Grants:
> GRANT SELECT ON master_all TO my_user;
> GRANT SELECT ON master_some TO my_user;
> GRANT SELECT ON master TO VIEW master_all;
> GRANT SELECT ON detail TO VIEW master_all;
> GRANT SELECT ON master_all TO VIEW master_some
>
> However, whenever I try to SELECT * FROM (either view) I get an error
> message "no permission for read/select access to table detail". What
> other grant to I need? I definitely do not want to grant my_user access
> to the underlying tables.

Your provided script works for me with Firebird 2.1.2 CS. MY_USER is
able to query both views.

* Did you commit your GRANT statements?
* If you did a commit, then does it help to start a new transaction in
the session where you are running the SELECT * FROM statement?



--
Best Regards,
Thomas Steinmaurer
LogManager Series - Logging/Auditing Suites supporting
InterBase, Firebird, Advantage Database, MS SQL Server and
NexusDB V2
Upscene Productions
http://www.upscene.com
My blog:
http://blog.upscene.com/thomas/