Hello Neagu,
Monday, November 30, 2015, 3:58:51 PM, you wrote:
> Hi
> Firebird 2.5 introduces the RDB$ADMIN ROLE. In the security database,
> it means, the ability to create, drop and alter user accounts. For this
> we can use SQL command CREATE or ALTER USER with parameter GRANT/REVOKE
> ADMIN ROLE to manage users RDB$ADMIN ROLE in the security database.
> When I connect to a database with SYSDBA, I can obtain a list of users,
> using an SQL SELECT from RDB$USER_PRIVILEGES, but how can i know if a
> user have or not the ADMIN ROLE in the security database ?
When you use CREATE / ALTER USER, even though you are logged into a
regular database, you are actually working in the security database,
to which you otherwise do not have SQL access.
When you query RDB$USER_PRIVILEGES, you are looking at the privileges
that are stored in the current database (CURRENT_CONNECTION). You
cannot see privileges that apply to other databases, including
security2.fdb.
You can find out which users have been granted RDB$ADMIN in the
security database, using the gsec tool. Here we are in Windows but the
output looks the same in Linux or MacOSX.
In isql, logged in as SYSDBA:
...
SQL> create user helen password 'rapunzel' GRANT ADMIN ROLE;
SQL> commit;
...
C:\Programs64\Firebird_2_5\bin>gsec -user sysdba -password U65rtwer
GSEC> display
user name uid gid admin full name
----------------------------------------------------------
----------------
SYSDBA 0 0 Sql Server Administrator
JOEBLO 0 0 Joe Bloggs
HELEN 0 0 admin
GSEC>
Helen
Posted by: Helen Borrie <helebor@iinet.net.au>
| Reply via web post | • | Reply to sender | • | Reply to group | • | Start a New Topic | • | Messages in this topic (2) |
Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu. Try FAQ and other links from the left-side menu there.
Also search the knowledgebases at http://www.ibphoenix.com/resources/documents/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
No comments:
Post a Comment