On Tue, 2018-12-18 at 12:52 +0100, Mark Rotteveel mark@... [firebird-support] wrote:

 

On 2018-12-18 12:12, Dimitry Sibiryakov sd@...
[firebird-support] wrote:
> 18.12.2018 12:04, 'Bryan Cole' bryan.cole@...
> [firebird-support] wrote:
>> [mypc]$ isql-fb -u test -p test -r rdb$admin localhost:mydatabase
>> Database: localhost:mydatabase, User: TEST
>
> At first, role rdb$admin wasn't granted to this user and applied
> how you can see in
> second quoted line.
> At second, grants are per-database, so the role must be granted in
> the database that
> keeps list of users.

Using CREATE USER ... GRANT ADMIN ROLE, will grant the created user
admin rights in the security database, which is what should be
sufficient here.

I wonder if this might be related to CORE-5898 (fixed in 3.0.4).

Thanks for the comments. I've just built a fresh firebird-v3.0.4 rpm and tested as follows on a Fedora28 system:

[bryan@bryan RPMS]$ sudo systemctl restart firebird-superserver

[bryan@bryan RPMS]$ rpm -q firebird

firebird-3.0.4.33054-1.fc28.x86_64

[bryan@bryan RPMS]$ isql-fb -user SYSDBA -pass mydbapassword localhost:employee

Database: localhost:employee, User: SYSDBA

SQL> CREATE USER test PASSWORD 'test' GRANT ADMIN ROLE;

SQL> commit;

SQL> exit;

[bryan@bryan RPMS]$ isql-fb -user test -pass test -r rdb$admin localhost:employee

Database: localhost:employee, User: TEST

SQL> CREATE USER owner PASSWORD 'owner';

Statement failed, SQLSTATE = 28000

add record error

-no permission for INSERT access to TABLE PLG$SRP_VIEW

SQL> 

Looks like this isn't something fixed in the latest version. I guess I'm doing something wrong but don't understand what.

Someone have mercy on me....

Thanks,

Bryan

Mark

-- 

Group Leader, Technical Development Group - Teraview Ltd.
Platinum Building, St. John's Innovation Park, Cambridge CB4 0DS, UK.
tel: +44 (0)1223 435386, fax: +44 (0)1223 435382, web: www.teraview.com Registered Number: 04126946, VAT Number: 770 8883 84

...preferred document formats: ODF (ISO/IEC 26300:2006), PDF