On 10/28/14 17:08, Martijn Tonies (Upscene Productions) wrote: > Hello Alex, > >>> When connecting, I get: >>> Missing security context for E:\TEMP\2014 FB CONFERENCE.FDB >>> >>> When I removed the entry “SecurityDatabase”, I’m able to connect again. >>> >>> How is this supposed to work? >> Fixed > Great. I can download the nightly build tomorrow then?
If snapshot build does not fail - yes. > >>> 2) Is it possible to detect the non-server-based security database is >>> used? >> What means 'non-server-based'? > With that I meant, not "server wide for all databases by default" but > "specific > for 1 or more databases". > > That is, is it possible to use a secondary security database for multiple > normal > databases? Yes. It was designed to be so from the beginning of FB3, but there was a bug which actively showed itself just after adding users' mapping. >>> If possible, I would like to enable a “User Editor” once connect to the >>> database inside Database Workbench >> I suppose it's a kind of client tool, but how can solution be oriented >> for specific one? > Here's Database Workbench: > http://www.upscene.com/database_workbench/ > > This is what many people use for database development. ;) > It's only .exe, that's why I've never used to work with it. >>> , this would then create users only specific for the given security >>> database (CREATE USER) instead of the server security database. >>> >>> This would be similar to the Embedded User Authentication for InterBase. >>> >> Sorry, but looks like I completely misunderstand what do you suggest... > InterBase has two ways of authenticating to databases, just as Firebird now > has: > 1) server wide user name > 2) per database user names: Embedded User Authentication (EUA) > > If you enabled EUA on a database, it's detectable once connected, so in this > case, > Database Workbench enables you to create/modify users on a per database > level > AND it knows where to find the available user names when visually granting > privileges. > > When EUA is enabled (for InterBase), or a similar feature exists for other > database > systems, this "Database Navigator" will support a "Users" node: > http://www.upscene.com/documentation/dbw5/dbnav_navigator.htm > > An example of the Grant Manager, which includes a list of available users: > http://www.upscene.com/documentation/dbw5/tools_grantmanager.htm > > > > Hope this makes things more clear. > Ok, now I've understood that you want to be able to manage users in a database not providing login/password info in order to initialize users list in it. Well, reasonable client application can easily do it right now due to presence of providers architecture. If Database Workbench gets specific error (Install incomplete, please read chapter "Initializing security database" in Quick Start Guide) it should connect to such database in embedded mode, placing isc_dpb_user_name SYSDBA to dpb. In embedded mode you need not specify password parameter (i.e. do exactly the same what isql does when typing 'isql -user sysdba /that/database.fdb'). After it you get full access to that database and among others can issue CREATE USER. This works only for a client running physically on same machine where database file is located (and having OS rw access to that file) but inability to access databases remotely w/o authentication appears very correct for me. A. ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
