Subject Re: [IBO] Re: User Manager
Author Geoff Worboys
> I wouldn't know ISC4 if it hit me in the head. Security is also
> something I don't feel I know enough about now. Can you point me to
> some links or docs to get me up to speed on this?

The ISC4 database is the security database - the GDB where all the
base user and group information is stored. Every server installation
has one, usually (always?) stored in the root IB/FB installation

The confusing aspect of the ISC4 database is that all users must be
defined to that GDB, and yet the roles and permissions are defined to
the individual application GDBs. This means that it is possible to
copy a GDB onto a system with mismatching user definitions, which
IB/FB essentially ignore. It also means that deleting a user does not
update all the various application GDB role/permission definitions,
which was why I suggested you may like to try and provide a
synchronisation capability.

The ISC4 database has several problems, not least of which is the fact
that it does not use any form of surrogate key for user identities.
This means that you cannot rename a user logon (when someone gets
married or whatever) without losing all the various tracking you may
have performed in your own database. I have gone to considerable
lengths in my own applications to avoid such problems.

There is a good series of articles on this site...
which describe various things you can do to help improve the security
of the ISC4 database.

Whether any of those articles are applicable to your project depends
on how far you want to take this (and how difficult you want to make
it for yourself :-).

Geoff Worboys
Telesis Computing