Subject Re: [IBO] Role
Author Helen Borrie (TeamIBO)
At 03:39 PM 25-04-02 +0200, you wrote:
>I'm new in IBO and test it.
>Is's possible with IBO create new users with
> IB_Connection.AlterUser ( uaAddUser,
> newUserName,
> newPassword,
> newGroupName,
> newFirstName,
> newMiddleName,
> newLastName );
>But what can I do to put it in one ROLE ?

You don't.

USER is defined at the level of the server (actually, AlterUser inserts,
updates or deletes a row in the security database, isc4.gdb, and it can
only be done by the SYSDBA user).

A ROLE is an object in a database, and it has to be CREATED in order to
exist, viz.
CREATE ROLE Accounts_mgr;

Once it exists, then the SYSDBA or the database owner uses other DDL
statements to grant privileges on various objects to the ROLE. That sets
up a group of privileges which can be conferred on a user through the
role. That happens via another DDL statement to GRANT that role to a user
- it has to be a user which already exists on the server:

GRANT ROLE Accounts_mgr TO mickeymouse;

You can do this kind of thing in a wouldn't use a dataset
component for it. You could also construct a script to do it, and use a
TIB_Script component to submit it. You cannot do it in a stored procedure.

All of this is fairly essential basic SQL knowledge - anything further, and
we are OFF-TOPIC for IBO. You can find about all this privileges stuff by
reading the manuals, esp. the Language Reference and the Operations
Guide. You can raise SQL questions in the ib-support list - subscribe at

Helen Borrie (TeamIBO Support)

** Please don't email your support questions privately **
Ask on the list and everyone benefits
Don't forget the IB Objects online FAQ - link from any page at