| Subject | Re: [firebird-support] Re: Delegating SYSDBA and enumerating users |
|---|---|
| Author | |
| Post date | 2017-02-23T23:19:17Z |
---In firebird-support@yahoogroups.com, <cerrogrande69@...> wrote :
Something in this direction will be available in FB4
I don't use .NET by myself. But quick look at code show that FbSecurity.DisplayUsers() doesn't pass
role name into service manager (it should be done using isc_spb_sql_role_name tag). So, you could
add requiest to the tracker.
Regards,
Vlad
...
Sure, it is possible> Now I have a couple of questions for you:>> 1. Do you know if it is possible in gsec to log in under a custom ROLE?
> Further to this, is there a way of GRANTing the custom ROLE the RDB$ADMIN ROLE?No
> I am guessing this isn't possible for 2 reasons; custom ROLE is in a particular DB not the Security2.fdb,
> and you can't GRANT a ROLE to a ROLE.
Something in this direction will be available in FB4
> 2. Do you know how things work via the .NET Provider (or rather why they don't :)?
> When connecting using SYSDBA I see all users (ie via FirebirdSql.Data.Services.FbSecurity.DisplayUsers()),
> however logging in using another user (eg your ADM1) and the RDB$ADMIN ROLE, I am still only seeing the
> the single user ADM1.
> When connecting using SYSDBA I see all users (ie via FirebirdSql.Data.Services.FbSecurity.DisplayUsers()),
> however logging in using another user (eg your ADM1) and the RDB$ADMIN ROLE, I am still only seeing the
> the single user ADM1.
I don't use .NET by myself. But quick look at code show that FbSecurity.DisplayUsers() doesn't pass
role name into service manager (it should be done using isc_spb_sql_role_name tag). So, you could
add requiest to the tracker.
Regards,
Vlad