| Subject | Re: [IBO] add Role to user |
|---|---|
| Author | Helen Borrie |
| Post date | 2006-02-22T05:19:55Z |
At 05:19 AM 22/02/2006, you wrote:
that happens to be available as an API function: under the hood, it
updates the security database.
SQL permissions on the other hand are database-specific. A role is a
package of permissions, so you don't "add/change role for a
user". You grant a role to a user, AND you must be logged in as the
owner of the role (or sysdba) to do it.
impersonation when accessing a database on a POSIX server, i.e. if
the user is logged in to the POSIX network and is already
authenticated, its Unix username and group will be accepted as
authenticated on the Firebird server.. It's been broken for years,
although it has been restored (with strict rules) in Fb 2. It has
absolutely no meaning on a Windows server.
Helen
>D7 + IBO 4.6AThey are not schematically similar. A user is a server-level thing
>
>Is there any way via IBO to add/change a role for a user. I know I can
>do it with a Grant.
>
>I see the AlterUser(Action: TIB_AlterUserAction; AUserName, AUserPass,
>AGroupName, AFirstName, AMiddleName, ALastName: string) method, but
>nothing for a role.
that happens to be available as an API function: under the hood, it
updates the security database.
SQL permissions on the other hand are database-specific. A role is a
package of permissions, so you don't "add/change role for a
user". You grant a role to a user, AND you must be logged in as the
owner of the role (or sysdba) to do it.
>What is the "AGroupName"? I checked the source code and am stillIt's the Unix group name of a Unix OS user. It's used for client
>clueless.
impersonation when accessing a database on a POSIX server, i.e. if
the user is logged in to the POSIX network and is already
authenticated, its Unix username and group will be accepted as
authenticated on the Firebird server.. It's been broken for years,
although it has been restored (with strict rules) in Fb 2. It has
absolutely no meaning on a Windows server.
Helen