Subject Re: [firebird-support] Re: Newbie: Viewing system users
Author Helen Borrie
At 12:29 AM 11/07/2012, dve83 wrote:
>I thank you for the reply. Please forgive my limited understanding of Firebird DB thus far. I understand that security2 is the replacement for the previous security.fbd and that now I cannot connect to it (even with DBAdmin).
>You mentioned using the API. COuld you perhaps direct me to documentation (I am currently working via ZeosLib libraries that interface with the dll's).
If you are using ZeosLib then you are using the API. If you are trying to use old components with newer releases of Firebird then some functions that were previously available to ordinary users through a regular database connection (such as adding, deleting and modifying users) are NOT available to ordinary users. The old API documentation won't help much as it was written for InterBase before the days of security awareness, when services were openly available to ordinary uses via database parameters.

I haven't looked at ZeosLib for years but it in the past it didn't support the Services API, which exposes the code in the engine that is used by gsec, gbak, etc. to the programmer, putting it under the control of a subsystem known as the Services Manager. It is the recommended route for all server-level activities. The VERY old functions were (and still are) in the database parameter block but have been deprecated in Firebird for most of its life. From v.2.0.6 and (I think) 2.1.1, only SYSDBA could connect using these parameters.

Check whether the current version of ZeosLib provides support for the Services API: you would be looking for components whose names include clues to the specific Services API functions (such as backup, restore, user, statistics, and so on).

From v.2.0 onward, connecting directly to security2.fdb by any means, by any user, is not allowed. All access is through the Services Manager, which makes an updatable view from the users table available to the client (gsec and other applications using the Services API).

As others have told you, v.2.5 made an interface to security2.fdb available for clients through SQL requests when connected to any user database. Ordinary users can access only their own account and only to change their passwords; SYSDBA or equivalent can access multiple accounts and add, modify or delete users.