Subject Re: [firebird-support] user/pass directed to single .gdb file
Author Helen Borrie
At 09:36 AM 5/03/2009, you wrote:
>hello one and all,
>is there a way, like under gsec, to allow a user to be attached, directed, or allowed into only a single gdb file? this way when that user logs into the database with their username and password, that they are only allowed into that one database.

Judicious use of SQL privileges, which are defined at database level, including roles. Never assign SQL privileges directly to users, only to roles. The roles defined in one database are unknown in other databases. Then, both user credentials and role will be required at login.

User authentication is done at server level. If the login gets past the gate, the user can *access* any database. However, unless that user has permissions explicity assigned for objects within a particular database, it cannot access anything in it. (Currently, though, any authenticated user can create objects in any database and manipulate them subsequently.)

The SYSDBA user (currently) can access any object in any database.