> Hi Alan
>
> You are right, when modified security2.fdb to allow adding new users,
> then it's a feature I have created.
>
> My user to add and delete users is the ADMINISTRATOR. So I have added
> the following grant to the security2.fdb by moving it from the firebird
> root directory and moving it back afterwards:
>
> GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON USERS TO
> ADMINISTRATOR;
>
> But why does the security service block the access only in one
> direction. Am I missing some GRANTS or are there some switches in the
> firebird.conf file?
>
> Christian

no switches, I'm surprised you can add users like this. It's supposed to be
hard wired to SYSDBA in most cases.
You've probably found something that will be blocked pretty quickly.
AFAIK, The only things you are supposed to be able to do is grant view to
non-SYSDBA users (or roles) such that they may see a list of other users,
but they will not be able to edit those users (unless they are the user
themselves) or delete them, or create other users unless they are SYSDBA.
As I mentioned, even if you manage to fool it for the moment, the security
sercice is the final filter since it is the only way you will gain access to
the security db (for this version), and the service itself may be the reason
you cannot delete.

Alan