On 01/23/12 19:43, Dmitry Yemanov wrote: > 18.01.2012 15:20, Alex Peshkoff wrote: > >> We have plans to make it possible to grant and revoke rights to create >> new database objects (tables, procedures, generators, etc.). The >> implementation is more or less clear - it may be new system table or new >> type of ACL. But there is one DDL which does stand separately - CREATE >> DATABASE. We do not have database with something to analyze when it's >> executed. Therefore a question comes - how to limit access to this >> operator? (and certainly appropriate API call) > While designing the solution, please take into account that there may be > other operations that require the same (global) kind of privileges, e.g. > access to the services (non-database ones), creation of users in the > security database, etc. >
Creation of users in the security database is luckily controlled by database itself. But what about access to the non-database services - great idea. ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
