Hi Niko,

> In order to use the new features about the CREATE/ALTER/DELETE USER I
> would like to understand if following scenario can be achieved:
>
> *) Every user can change his own password -> ok
> *) A privileged user - not the SYDBA - can create, alter and delete also
> other users
> *) This privileged user should not be able to modify the datastructure
> by alter/delete views, tables etc.
>
> The objective is to seperate the ability to manage users (for the client
> - server application) and the power to mess arround with the datastructure.

Yes, this is possible. For instructions:

http://www.firebirdsql.org/manual/qsg25-config.html#qsg25-config-gsec-addadmin


HTH,
Paul Vinkenoog