We have plans to make it possible to grant and revoke rights to create new database objects (tables, procedures, generators, etc.). The implementation is more or less clear - it may be new system table or new type of ACL. But there is one DDL which does stand separately - CREATE DATABASE. We do not have database with something to analyze when it's executed. Therefore a question comes - how to limit access to this operator? (and certainly appropriate API call)
Possible implementation is as follows. We add a separate table to security database which contains a list of users which are granted CREATE DATABASE right. This table is checked every time when createDatabase() is called - even if authentication is not related to security database. Other suggestions? ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
