18.01.2012 15:20, Alex Peshkoff wrote: > We have plans to make it possible to grant and revoke rights to create > new database objects (tables, procedures, generators, etc.). The > implementation is more or less clear - it may be new system table or new > type of ACL. But there is one DDL which does stand separately - CREATE > DATABASE. We do not have database with something to analyze when it's > executed. Therefore a question comes - how to limit access to this > operator? (and certainly appropriate API call)
While designing the solution, please take into account that there may be other operations that require the same (global) kind of privileges, e.g. access to the services (non-database ones), creation of users in the security database, etc. Dmitry ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
