| Subject | Re: Delegating SYSDBA and enumerating users |
|---|---|
| Author | |
| Post date | 2017-02-23T08:54:35Z |
---In firebird-support@yahoogroups.com, <cerrogrande69@...> wrote :
Does you read this chapter ?
https://www.firebirdsql.org/file/documentation/release_notes/html/en/2_5/rnfb25-admin.html#rnfb25-prvlgs-super
Ok
I don't know if Flame Robin ask for role in this dialog.
It is enough for start :)
Regards,
Vlad
> In a production environment using Firebird v2.5, we need to delegate authority of USER CRUD operations to more than one person without these admins sharing the SYSDBA user and password.
Does you read this chapter ?
https://www.firebirdsql.org/file/documentation/release_notes/html/en/2_5/rnfb25-admin.html#rnfb25-prvlgs-super
> These admins have been created as users with ADMIN ROLE, and are logged in under the RDB$ADMIN ROLE (eg in Flame Robin or via the .NET Provider, or '-admin' switch in gsec). With this ROLE, it is possible to perform Creation, Update, and Deletion operations of CRUD via Flame Robin as well as gsec.
Ok
> The roadblock, however, is not being able to list/enumerate the users (ie Read). In gsec when logged in as SYSDBA all users are displayed via the 'display' command, whereas using another RDB$ADMIN superuser only the logged in user is displayed.
Does you pass RDB$ADMIN role name to a gsec command line ?
Does you pass RDB$ADMIN role name to a gsec command line ?
> The latter is also the case when using the .NET Provider and making the call to FirebirdSql.Data.Services.FbSecurity.DisplayUsers().Does you specify RDB$ADMIN role when using Services API ?
> Via Flame Robin menu Server | Manager Users, you are prompted with the Database Credentials dialog with Username pre-populated with 'SYSDBA' and read-only.
I don't know if Flame Robin ask for role in this dialog.
It is enough for start :)
Regards,
Vlad