| Subject | Re: [firebird-support] Which is the reason for the clause GRANTED BY? |
|---|---|
| Author | Paul Vinkenoog |
| Post date | 2013-09-06T23:31:07Z |
Walter wrote:
One reason I can think of: to enable the user thus registered as grantor to revoke the privilege later if and when he sees fit. Without this option, it would take an admin/owner account to revoke the privilege again.
It's a bit like root creating files and then transferring ownership to a normal user.
Paul Vinkenoog
> When a privilege is granted it seems logic to me to store it in theOf course, and that's the default.
> database with the current user as the grantor.
> With the GRANTED BY clause, the user who grants the privilege can haveFirst, only the database owner and users with admin rights can do that - not just any grantor.
> someone else registered as the grantor.
>
> Why?
>
> Which would be the reason for to do that?
One reason I can think of: to enable the user thus registered as grantor to revoke the privilege later if and when he sees fit. Without this option, it would take an admin/owner account to revoke the privilege again.
It's a bit like root creating files and then transferring ownership to a normal user.
Paul Vinkenoog