I'm working on the Firebird 3 Language Reference, and I'm currently
writing documentation for SET TRUSTED ROLE. I have tried reading the
Firebird 3 release notes, and a Google-translated version of the Russian
Firebird 3 Language Reference, but the meaning and intent of this
feature is unclear to me.
For example, the release notes say:
"""
The idea of a separate SET TRUSTED ROLE command is that, when the
trusted user attaches to a database without providing any role info, SET
TRUSTED ROLE makes a trusted role (if one exists) the CURRENT_ROLE
without any additional activity, such as setting it in the DPB.
"""
How is that different from what SET ROLE does (which AFAIU also doesn't
have _"any additional activity, such as setting it in the DPB"_)? What
does _"a trusted role (if one exists)"_ mean?
It continues:
"""
A trusted role is not a specific type of role but may be any role that
was created using CREATE ROLE, or a predefined system role such as
RDB$ADMIN. It becomes a trusted role for an attachment when the security
objects mapping subsystem finds a match between the authentication
result passed from the plug-in and a local or global mapping for the
current database. The role may be one that is not even granted
explicitly to that trusted user.
"""
This description is not helping me understand what a trusted role is,
and how a user is allowed to set that role or not, that is: what makes
it that a role is trusted for said user, and why is using SET ROLE not
adequate for this? It also contradicts how I understand the mapping
sub-system to work (see below).
It then continues with
"""
A trusted role is not assigned to the attachment by default. It is
possible to change this behaviour using an appropriate authentication
plug-in and a CREATE/ALTER MAPPING command.
"""
This seems to contradict the previous part, which specifies that a
trusted role is derived from the mapping sub-system, while the mapping
sub-system only defines mappings to CURRENT_USER or CURRENT_ROLE (as
described in "Mapping of Users to Objects" in the Firebird 3 release notes).
It then provides an example
"""
An example of the use of a trusted role is assigning the system role
RDB$ADMIN to a Windows administrator when Windows trusted authentication
is in use.
"""
Which seems to me to be in direct contradiction of the documented
behavior of AUTO ADMIN MAPPING and its CREATE MAPPING equivalent.
In short, I want to know:
* Why is SET TRUSTED ROLE necessary, why can't this be handled by SET ROLE?
* What exactly is a trusted role?
* What grants a user the right use a trusted role or not?
* Is there a mechanism to assign additional trusted roles to a user?
(the phrasing suggests the mapping sub-system, but if that is the case,
how?)
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
