Hi Alan,

> I know in the past that the grantor must be the one who revokes that role.
>
> But now we have RDB$ADMIN a user with role RDB$ADMIN can create, edit and
> delete users and grant a role to another user.
>
> I would have thought SYSDBA or indeed any other RDB$ADMIN user could revoke
> any role.
>
> Firebird 2.5.2 - this is not the case. I get an exception
>
>
>
> unsuccessful metadata update SYSDBA is not grantor of Role on MANAGER to
> 0S0ASDFASDF.

You have to use GRANTED BY here:

revoke manager from 0S0ASDFASDF granted by rdb$admin


Paul Vinkenoog