Subject Re: [firebird-support] Grants on views
Author Thomas Steinmaurer
>> I just can't figure how to set up rights to select from a view on
>> Firebird 1.5. So far I only accessed data through the owner of the
>> database (no problem there) or through another user who only had access
>> to procedures (which I managed to set up fine). But now I need a
>> view-accessing user and it just won't work.
>>
>> Tables:
>> master (id, value)
>> detail (id, master_id, value)
>>
>> Views:
>> CREATE VIEW master_all (id, value, some_detail)
>> AS SELECT id, value, (SELECT MAX(value) FROM detail WHERE
>> master_id=m.id) FROM master m;
>>
>> CREATE VIEW master_some (id, value, some_detail)
>> AS SELECT id, value, some_detail FROM master_all WHERE value>123;
>>
>> Grants:
>> GRANT SELECT ON master_all TO my_user;
>> GRANT SELECT ON master_some TO my_user;
>> GRANT SELECT ON master TO VIEW master_all;
>> GRANT SELECT ON detail TO VIEW master_all;
>> GRANT SELECT ON master_all TO VIEW master_some
>>
>> However, whenever I try to SELECT * FROM (either view) I get an error
>> message "no permission for read/select access to table detail". What
>> other grant to I need? I definitely do not want to grant my_user access
>> to the underlying tables.
>
> Your provided script works for me with Firebird 2.1.2 CS. MY_USER is
> able to query both views.
>
> * Did you commit your GRANT statements?
> * If you did a commit, then does it help to start a new transaction in
> the session where you are running the SELECT * FROM statement?

And third, in CS you might need to re-connect, otherwise the already
established connection probably won't see this metadata change.


--
Best Regards,
Thomas Steinmaurer
LogManager Series - Logging/Auditing Suites supporting
InterBase, Firebird, Advantage Database, MS SQL Server and
NexusDB V2
Upscene Productions
http://www.upscene.com
My blog:
http://blog.upscene.com/thomas/