Subject Re: [firebird-support] Re: Newbie: Viewing system users
Author Danie van Eeden
Many thanks. Checking with the Zeoslib support forum for Services API
support as well.
Danie

On 7/10/2012 10:32 PM, Helen Borrie wrote:
>
> At 12:29 AM 11/07/2012, dve83 wrote:
> >Hello,
> >
> >I thank you for the reply. Please forgive my limited understanding of
> Firebird DB thus far. I understand that security2 is the replacement
> for the previous security.fbd and that now I cannot connect to it
> (even with DBAdmin).
> >
> >You mentioned using the API. COuld you perhaps direct me to
> documentation (I am currently working via ZeosLib libraries that
> interface with the dll's).
> If you are using ZeosLib then you are using the API. If you are trying
> to use old components with newer releases of Firebird then some
> functions that were previously available to ordinary users through a
> regular database connection (such as adding, deleting and modifying
> users) are NOT available to ordinary users. The old API documentation
> won't help much as it was written for InterBase before the days of
> security awareness, when services were openly available to ordinary
> uses via database parameters.
>
> I haven't looked at ZeosLib for years but it in the past it didn't
> support the Services API, which exposes the code in the engine that is
> used by gsec, gbak, etc. to the programmer, putting it under the
> control of a subsystem known as the Services Manager. It is the
> recommended route for all server-level activities. The VERY old
> functions were (and still are) in the database parameter block but
> have been deprecated in Firebird for most of its life. From v.2.0.6
> and (I think) 2.1.1, only SYSDBA could connect using these parameters.
>
> Check whether the current version of ZeosLib provides support for the
> Services API: you would be looking for components whose names include
> clues to the specific Services API functions (such as backup, restore,
> user, statistics, and so on).
>
> >From v.2.0 onward, connecting directly to security2.fdb by any means,
> by any user, is not allowed. All access is through the Services
> Manager, which makes an updatable view from the users table available
> to the client (gsec and other applications using the Services API).
>
> As others have told you, v.2.5 made an interface to security2.fdb
> available for clients through SQL requests when connected to any user
> database. Ordinary users can access only their own account and only to
> change their passwords; SYSDBA or equivalent can access multiple
> accounts and add, modify or delete users.
>
>




[Non-text portions of this message have been removed]