Subject Re: [firebird-support] External Tables
Author Helen Borrie
Saturday, March 10 alansbraga@... wrote:

> I'm trying to create an external table with a normal user and I'm getting this error:

> This operation is not defined for system tables.

> unsuccessful metadata update.


> There is no privilege for this operation.

> How do I grant permission to a regular user to create external
> tables? During my tests only sysdba could create them.

Access to the database via external tables is a potential
vulnerability. If a non-privileged user is allowed to create and
manipulate the metadata of database objects, the vulnerabilty
escalates. Hence the restriction you are encountering when a
non-privileged user tries to create a table.

If you are using Firebird 3, you can grant permission to any ordinary
user (or a user with a specific role) to create tables. With that
privilege, that user can create and manipulate metadata for *any*
table. You would have to feel very sure that the appointed user, or
users with that role, would not mess with any other tables or abuse
the privilege in any way.

You can read about metadata privileges (sometimes nicknamed "DDL
privileges") here:

You should restrict the location of external files as heavily as
possible, by setting the allowed location in firebird.conf, via the
ExternalFileAccess parameter with the RESTRICT argument. Don't forget
that you have to restart Firebird after changes to firebird.conf or