> It appears that TIB_Connection does not verify that a user is
> actually a member of the SQL ROLE that was specified in the Login
> Prompt.

It seems that Interbase server does not verify this. You can check it in
isql - you can log in using a role although your account is not member of
that role. However, you don't hold the privileges granted to the role.

> This is a big problem because I began designing my app
> around ROLE security. The user of my app can select
> the "administrators" role, even if they are not a member,
> successfully login, and then gain access to areas of the application
> they should not.

They will get permission errors from the server when trying to access
objects they don't have sufficient privileges on. As explained above,
although you can login using any role, you are only holding privileges
granted to the role if you actually have been granted the membership to the
role.

If you need to disable/enable your client UI elements based on role
membership, you can check the system tables, e.g. create a stored procedure
to be called from the client after logon:

CREATE PROCEDURE AM_I_MEMBER_OF (ROLENAME CHAR(31))
RETURNS (RESULT SMALLINT)
AS
DECLARE VARIABLE TEST CHAR(31);
BEGIN
RESULT = 0;
SELECT RDB$USER FROM RDB$USER_PRIVILEGES WHERE RDB$RELATION_NAME =
:ROLENAME AND RDB$USER = USER INTO :TEST;
IF (:TEST = USER) THEN
RESULT = 1;
END

Not tested, but perhaps this helps as a starting point.
TOndrej