You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to firebird-net-provider
Hello,
I would like to solve following issue:
Currently there is only
one role setup in my DB. All tables etc. have permissions set in this role
I need to add a new role
for readonly access –> np, I set it up and configure the permissions
The actual user of the
system does not know about roles
The ideal scenario would
be that he logs in into my app (and from there into Firebird) without
specifying the role
The best idea I had so far:
Login without a role
Check the assigned roles
by: SELECT u.RDB$USER, u.RDB$RELATION_NAME FROM
RDB$USER_PRIVILEGES u WHERE u.RDB$PRIVILEGE = 'M' AND
u.RDB$USER = ‚mycurrentuser‘
Logout
Login with the previous
identified role
Most of the users work with trusted authentication or
Win_Sspi.
Please let me know what you think about it.
Thanks
Niko
Mark Rotteveel
unread,
Aug 6, 2021, 4:55:28 AM8/6/21
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to firebird-n...@googlegroups.com
On 06-08-2021 10:35, baur...@gmail.com wrote:
> I would like to solve following issue:
>
> * Currently there is only one role setup in my DB. All tables etc.
> have permissions set in this role
> * I need to add a new role for readonly access –> np, I set it up and
> configure the permissions
> * The actual user of the system does not know about roles
> * The ideal scenario would be that he logs in into my app (and from
> there into Firebird) without specifying the role
>
> The best idea I had so far:
>
> 1. Login without a role
> 2. Check the assigned roles by: SELECT u.RDB$USER,
> u.RDB$RELATION_NAME FROM RDB$USER_PRIVILEGES u WHERE
> u.RDB$PRIVILEGE = 'M' AND u.RDB$USER = ‚mycurrentuser‘
> 3. Logout
> 4. Login with the previous identified role
>
> Most of the users work with trusted authentication or Win_Sspi.
>
> Please let me know what you think about it.
In Firebird 3.0, you can use authentication mapping[1] to assign a role
on login (though I don't think it offers enough flexibility to do this
without creating a mapping rule per user). In Firebird 4.0, you can
assign a role as a default role[2],[3] which means it will be used
automatically.
On Fri, Aug 6, 2021, at 10:35, baur...@gmail.com wrote:
> Hello,
>
>
> I would like to solve following issue:
>
> * Currently there is only one role setup in my DB. All tables etc.
> have permissions set in this role
> * I need to add a new role for readonly access –> np, I set it up and
> configure the permissions
> * The actual user of the system does not know about roles
> * The ideal scenario would be that he logs in into my app (and from
> there into Firebird) without specifying the role
>
> The best idea I had so far:
>
> 1. Login without a role
> 2. Check the assigned roles by: SELECT u.RDB$USER,
> u.RDB$RELATION_NAME FROM RDB$USER_PRIVILEGES u WHERE u.RDB$PRIVILEGE =
> 'M' AND u.RDB$USER = ‚mycurrentuser‘
> 3. Logout
> 4. Login with the previous identified role
> Most of the users work with trusted authentication or Win_Sspi.
>
> Please let me know what you think about it.
>
> Thanks
>
> Niko
>
>
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to firebird-net-provider
Hello Jiri,
the current desktop client is build for reading and writing all data. There are requests from customers, the have a readonly role as well.
On aspect is the security on database level via the Firebird role, another on to get the desktop program to handle readonly users: forbid and/or catch all writing attempts with a clear error message.
Niko
Jiří Činčura
unread,
Aug 6, 2021, 1:48:10 PM8/6/21
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to 'Mr. John' via firebird-net-provider
On database level because access happens not only via desktop app? The reason I'm asking is whether it wouldn't be easier to handle this in the application.