| Subject | RDB$ADMIN and Role Revocation |
|---|---|
| Author | Alan McDonald |
| Post date | 2013-02-07T21:18:20Z |
I know in the past that the grantor must be the one who revokes that role.
But now we have RDB$ADMIN a user with role RDB$ADMIN can create, edit and
delete users and grant a role to another user.
I would have thought SYSDBA or indeed any other RDB$ADMIN user could revoke
any role.
Firebird 2.5.2 - this is not the case. I get an exception
unsuccessful metadata update SYSDBA is not grantor of Role on MANAGER to
0S0ASDFASDF.
Surely this is not intended?
Regards
Alan McDonald
[Non-text portions of this message have been removed]
But now we have RDB$ADMIN a user with role RDB$ADMIN can create, edit and
delete users and grant a role to another user.
I would have thought SYSDBA or indeed any other RDB$ADMIN user could revoke
any role.
Firebird 2.5.2 - this is not the case. I get an exception
unsuccessful metadata update SYSDBA is not grantor of Role on MANAGER to
0S0ASDFASDF.
Surely this is not intended?
Regards
Alan McDonald
[Non-text portions of this message have been removed]