> > Since SYSDBA is the only person who can create new accounts,
> > I've never found it worthwhile even creating a situation
> > where DBOWNER grants user privleges.
>
> This is an app with a customised security database that allows
> users to change their own passwords - and allows a couple of
> specific users to create new accounts, those users being the
> app-database owner and a special user-admin user of the app.

Normal/standard setup provides for users to change their own password.
So you've modified the security92).fdb to allow this I suppose. Up to you.

>
> The idea was to keep SYSDBA locked away for emergencies only.
> I hate giving SYSDBA to end-users for any day-to-day use, and
> user management is day-to-day use. That was my solution.

I tend to think this is a bit anal on the part of us developers. My clients
own their system, they have a right to the keys. :-) They know that it's an
important set of credentials and I log my DBs as well.

>
> The way that Firebird/SQL default security is designed is much
> like old Windows versions: asking an end-user (the databases
> user management) to run always with full access so any mistake
> can be a really, realy bad one.

SYSDBA in my setup doesn't get permission to do anything in the app other
than user management.

>
> It is all very well to tell the user: "only use SYSDBA while
> maintaining users"... I think we all know that that does not
> happen. I could ask for the SYSDBA password only before
> executing certain statements - but that gets both slow and
> messy when there are multiple changes to apply.

One of my apps block SYSDBA from getting to screens to do anything. Sure -
if they had the where-for-all to get isql out and tamper, they can do what
they like. But then they'd be paying me to fix any mess. Bottom line... they
don't do it, they've proved that to me over many years.
Alan

>
> --
> Geoff Worboys
> Telesis Computing
>