Subject Re: [IBO] add Role to user
Author Helen Borrie
At 05:19 AM 22/02/2006, you wrote:
>D7 + IBO 4.6A
>Is there any way via IBO to add/change a role for a user. I know I can
>do it with a Grant.
>I see the AlterUser(Action: TIB_AlterUserAction; AUserName, AUserPass,
>AGroupName, AFirstName, AMiddleName, ALastName: string) method, but
>nothing for a role.

They are not schematically similar. A user is a server-level thing
that happens to be available as an API function: under the hood, it
updates the security database.

SQL permissions on the other hand are database-specific. A role is a
package of permissions, so you don't "add/change role for a
user". You grant a role to a user, AND you must be logged in as the
owner of the role (or sysdba) to do it.

>What is the "AGroupName"? I checked the source code and am still

It's the Unix group name of a Unix OS user. It's used for client
impersonation when accessing a database on a POSIX server, i.e. if
the user is logged in to the POSIX network and is already
authenticated, its Unix username and group will be accepted as
authenticated on the Firebird server.. It's been broken for years,
although it has been restored (with strict rules) in Fb 2. It has
absolutely no meaning on a Windows server.