On 03/29/15 17:19, Ann Harrison wrote: >> On Mar 29, 2015, at 8:58 AM, Alex Peshkoff <peshk...@mail.ru> wrote: >> >> Currently access to sequences/generators and exceptions is not limited, >> i.e. user not granted explicitly any rights can access sequences and >> exceptions. I wonder - who added that privileges in such way? Is it WIP >> or a bug that requires fixing? > I can only speak to generators which were added a long time ago. At that > time, InterBase had two security models - a permissive mode that assumed all > usage and allowed the administrator to restrict access, and the beginning of > the SQL model which was used only to the extent it was defined in the > standard, which didn't recognize generators. So all access was allowed to > generators by default. I guess if somebody had asked, we'd have added the > ability to restrict access. > > Adding SQL style permissions will require some thought, since nobody has > granted all rights to all on generators and suddenly restricting access to > them will be a serious nuisance.
I remember that GDML security model enabled all access by default. And we live with all generators available by default for many years. The main problem I see in current code is that we already have a command: grant usage on sequence gen_name to some_user; but it does not affect user rights to access gen_name - generators may be access with this command or without it (i.e. as it was before). I.e. looks like somebody started with limiting access to generators but did not complete that job. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
