| Subject | Re: [firebird-support] user/pass directed to single .gdb file |
|---|---|
| Author | Helen Borrie |
| Post date | 2009-03-04T22:59:45Z |
At 09:36 AM 5/03/2009, you wrote:
User authentication is done at server level. If the login gets past the gate, the user can *access* any database. However, unless that user has permissions explicity assigned for objects within a particular database, it cannot access anything in it. (Currently, though, any authenticated user can create objects in any database and manipulate them subsequently.)
The SYSDBA user (currently) can access any object in any database.
./heLen
>hello one and all,Judicious use of SQL privileges, which are defined at database level, including roles. Never assign SQL privileges directly to users, only to roles. The roles defined in one database are unknown in other databases. Then, both user credentials and role will be required at login.
>
>is there a way, like under gsec, to allow a user to be attached, directed, or allowed into only a single gdb file? this way when that user logs into the database with their username and password, that they are only allowed into that one database.
User authentication is done at server level. If the login gets past the gate, the user can *access* any database. However, unless that user has permissions explicity assigned for objects within a particular database, it cannot access anything in it. (Currently, though, any authenticated user can create objects in any database and manipulate them subsequently.)
The SYSDBA user (currently) can access any object in any database.
./heLen