| Subject | Re: [firebird-support] difficulties with rights (found using openschema in Ado) |
|---|---|
| Author | Helen Borrie |
| Post date | 2010-06-09T23:51:07Z |
At 10:38 AM 10/06/2010, Gerald wrote:
Note that the database owner (praxis here) so far owns only the database and the system objects. If you log in as SYSDBA or a different user, e.g., gerry, and create tables, then SYSDBA (or gerry) will own those tables and praxis will not be able to modify them, add triggers or indices to them, etc.
OTOH, either SYSDBA or praxis may perform backups and run gfix utilities, even if the database contains objects that praxis does not own; gerry will not get that access, even if he owns some objects.
Further inquiries about your ADO interface should be made in the support list for your driver, e.g., firebird-php or firebird-net-provider, as appropriate.
./heLen
>1) I create a firebird database with the sql-command:No, this is not the problem. *For better or for worse*, any logged-in user can view the metadata of any database. However, since this is long regarded as a problem by some developers, it is possible that your ADO driver is using hard code to block system table access to *any* user that is not SYSDBA - including the database owner, apparently.
>"create database 'c:\testdb.fbd' user 'praxis' password 'somepw' ...
>2) I access the database:
> a) via ADO as 'praxis'. I create a table, a trigger, a sequence.
> Trying to find out anything about my table with the "OpenSchema"-
> function of ADO dosn't return any results. E.g., I can only get
> Information on Columns of two tables using the adSchemaColumns-
> Criterion of the OpenSchema-Function:
> RDB$FORMATS and RDB$PAGES.
> b) via ADO as 'sysdba'. Using "OpenSchema", I get every information
> on all columns of the table created by 'praxis' as well as all
> the remaining system tables.
> But I can't create any table, trigger oder sequence, because I'm
> not the owner of the database.
>So I need two users to do any database construction work with dependencies (e.g.: look if a column 'somecol' exists and eventually add it) within this database??Well, ADO aside (because that's where your initial problem occurs), one designated user, e.g., praxis in your example, is enough. It is not a good idea to proliferate the users who are permitted to alter metadata.
Note that the database owner (praxis here) so far owns only the database and the system objects. If you log in as SYSDBA or a different user, e.g., gerry, and create tables, then SYSDBA (or gerry) will own those tables and praxis will not be able to modify them, add triggers or indices to them, etc.
OTOH, either SYSDBA or praxis may perform backups and run gfix utilities, even if the database contains objects that praxis does not own; gerry will not get that access, even if he owns some objects.
Further inquiries about your ADO interface should be made in the support list for your driver, e.g., firebird-php or firebird-net-provider, as appropriate.
./heLen