Subject Re: Delegating SYSDBA and enumerating users
---In, <cerrogrande69@...> wrote :

> In a production environment using Firebird v2.5, we need to delegate authority of USER CRUD operations to more than one person without these admins sharing the SYSDBA user and password.
> These admins have been created as users with ADMIN ROLE, and are logged in under the RDB$ADMIN ROLE (eg in Flame Robin or via the .NET Provider, or '-admin' switch in gsec). With this ROLE, it is possible to perform Creation, Update, and Deletion operations of CRUD via Flame Robin as well as gsec.


> The roadblock, however, is not being able to list/enumerate the users (ie Read). In gsec when logged in as SYSDBA all users are displayed via the 'display' command, whereas using another RDB$ADMIN superuser only the logged in user is displayed.

  Does you pass
RDB$ADMIN role name to a gsec command line ?

> The latter is also the case when using the .NET Provider and making the call to FirebirdSql.Data.Services.FbSecurity.DisplayUsers().

  Does you specify RDB$ADMIN role when using Services API ?

> Via Flame Robin menu Server | Manager Users, you are prompted with the Database Credentials dialog with Username pre-populated with 'SYSDBA' and read-only.

  I don't know if
Flame Robin ask for role in this dialog.

  It is enough for start :)