| Subject | Re: [firebird-support] Can non-sysdba really alter users? |
|---|---|
| Author | Tomasz Tyrakowski |
| Post date | 2012-09-18T09:44:07Z |
Problem solved, thanks to Thomas Steinmaurer and Dmitry Yemanov.
Here's what to do when you experience problems regarding users with
elevated privileges not being able to alter other users via SQL.
1. Disconnect all clients from Firebird.
2. Copy security2.fdb to another location.
3. Connect to the copy of security2.fdb.
4. Issue
ALTER VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS
SELECT RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID,
RDB$GID, RDB$PASSWD,
RDB$PRIVILEGE, RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME,
RDB$LAST_NAME,
COALESCE (RDB$first_name || _UNICODE_FSS ' ', '') ||
COALESCE (RDB$middle_name || _UNICODE_FSS ' ', '') ||
COALESCE (RDB$last_name, '')
FROM RDB$USERS
WHERE CURRENT_USER = 'SYSDBA'
OR CURRENT_ROLE = 'RDB$ADMIN'
OR CURRENT_USER = RDB$USERS.RDB$USER_NAME;
5. Disconnect from the copied security2.fdb and copy it back to the
Firebird folder.
Thanks again guys for your help. The cause of all trouble was the lack
of the "OR CURRENT_ROLE = 'RDB$ADMIN'" condition in the original view
definition.
regards
Tomasz
--
__--==============================--__
__--== Tomasz Tyrakowski ==--__
__--== SOL-SYSTEM ==--__
__--== http://www.sol-system.pl ==--__
__--==============================--__
Here's what to do when you experience problems regarding users with
elevated privileges not being able to alter other users via SQL.
1. Disconnect all clients from Firebird.
2. Copy security2.fdb to another location.
3. Connect to the copy of security2.fdb.
4. Issue
ALTER VIEW USERS (USER_NAME, SYS_USER_NAME, GROUP_NAME, UID, GID, PASSWD,
PRIVILEGE, COMMENT, FIRST_NAME, MIDDLE_NAME, LAST_NAME, FULL_NAME) AS
SELECT RDB$USER_NAME, RDB$SYS_USER_NAME, RDB$GROUP_NAME, RDB$UID,
RDB$GID, RDB$PASSWD,
RDB$PRIVILEGE, RDB$COMMENT, RDB$FIRST_NAME, RDB$MIDDLE_NAME,
RDB$LAST_NAME,
COALESCE (RDB$first_name || _UNICODE_FSS ' ', '') ||
COALESCE (RDB$middle_name || _UNICODE_FSS ' ', '') ||
COALESCE (RDB$last_name, '')
FROM RDB$USERS
WHERE CURRENT_USER = 'SYSDBA'
OR CURRENT_ROLE = 'RDB$ADMIN'
OR CURRENT_USER = RDB$USERS.RDB$USER_NAME;
5. Disconnect from the copied security2.fdb and copy it back to the
Firebird folder.
Thanks again guys for your help. The cause of all trouble was the lack
of the "OR CURRENT_ROLE = 'RDB$ADMIN'" condition in the original view
definition.
regards
Tomasz
--
__--==============================--__
__--== Tomasz Tyrakowski ==--__
__--== SOL-SYSTEM ==--__
__--== http://www.sol-system.pl ==--__
__--==============================--__