> Since SYSDBA is the only person who can create new accounts,
> I've never found it worthwhile even creating a situation
> where DBOWNER grants user privleges.

This is an app with a customised security database that allows
users to change their own passwords - and allows a couple of
specific users to create new accounts, those users being the
app-database owner and a special user-admin user of the app.

The idea was to keep SYSDBA locked away for emergencies only.
I hate giving SYSDBA to end-users for any day-to-day use, and
user management is day-to-day use. That was my solution.

The way that Firebird/SQL default security is designed is much
like old Windows versions: asking an end-user (the databases
user management) to run always with full access so any mistake
can be a really, realy bad one.

It is all very well to tell the user: "only use SYSDBA while
maintaining users"... I think we all know that that does not
happen. I could ask for the SYSDBA password only before
executing certain statements - but that gets both slow and
messy when there are multiple changes to apply.

--
Geoff Worboys
Telesis Computing