Subject Re: [firebird-support] Does GRANT... TO PUBLIC has no more effect anymore?
Author Mark Rotteveel
On 10-11-2018 12:57, Tomasz Tyrakowski t.tyrakowski@...
[firebird-support] wrote:
> On 09.11.2018 at 16:03, Mark Rotteveel mark@...
> [firebird-support] wrote:
>> On 2018-11-09 15:19, jonatan.lauritsen@... [firebird-support]
>> wrote:
>>> I used to execute GRANT... TO PUBLIC for every new database object I
>>> had created in the past, but for some time (I can not tell exactly -
>>> whether starting from Firebird 2.1 or from Firebird 3.0 only) this has
>>> not effect. I can see in the metadata tables, that PUBLIC has been
>>> granted new rights, but individual users (who should inherited all the
>>> assigned privilegies from the PUBLIC) have no access to the new
>>> objects. It worked as expected in Firebird 1.5. Does something changed
>>> here, is it by design now or is it error or I am doing something wrong
>>> technically?
>> It should still work, although possibly some form of metadata-caching
>> may be involved (not sure). Please provide a reproduction recipe.
> I can confirm it works correctly in 2.5.x (can't say anything about 3.x
> though). We're using the same approach (the users of our system are
> actually created as FB users, so granting access to PUBLIC is more
> convenient than having to execute dozens of grants after adding each new
> user; I know it has some downsides, but that's not the point here).

Firebird 4 will introduce default roles (though technically PUBLIC is a
default role as well) which will allow more control by granting users a
default role. That way they will get the rights of those default roles
without having to explicitly specify a role on connect.

Mark Rotteveel