[Firebird-devel] [FB-Tracker] Created: (CORE-5269) Teach FBSVCMGR to understand command switch 'role ' ( this is needed for connect with explicit specifying role which has privilege "TRACE_ANY_ATTACHMENT")

Pavel Zotov (JIRA) Fri, 10 Jun 2016 05:49:45 -0700

Teach FBSVCMGR to understand command switch 'role <name>' ( this is needed for 
connect with explicit specifying role which has privilege 
"TRACE_ANY_ATTACHMENT")
----------------------------------------------------------------------------------------------------------------------------------------------------------------


                 Key: CORE-5269
                 URL: http://tracker.firebirdsql.org/browse/CORE-5269
             Project: Firebird Core
          Issue Type: Improvement
          Components: SVCMGR
    Affects Versions: 4.0 Initial
            Reporter: Pavel Zotov
            Priority: Minor


Consider following script:
===
set wng off;
set bail on;
set list on;
set count on;
set echo on;

create or alter user u01 password '123' revoke admin role;
create or alter user u02 password '456' revoke admin role;
revoke all on all from u01;
revoke all on all from u02;
commit;

set term ^;
execute block as
begin
  execute statement 'drop role role_for_trace_any_attachment';
  when any do begin end
end
^
set term ;^
commit;

-- Trace other users' attachments
create role role_for_trace_any_attachment 
    set system privileges to TRACE_ANY_ATTACHMENT;
commit;

grant default role_for_trace_any_attachment to user u01;
grant role_for_trace_any_attachment to user u02;
commit;

show users;
show roles;
show grants;
===

User 'U01' will be able to trace any attachment when he runs FBSVCMGR utility 
just with specifying his user name and password, i.e. WITHOUT need to type his 
default role = "role_for_trace_any_attachment ".

But with the same keys for FBSVCMGR user 'U02' can watch only for his own 
activity. 
In order to get trace info about other users he must issue this command:

fbsvcmgr.exe localhost:service_mgr ^
      user u02 ^
      password 456 ^
      role role_for_trace_any_attachment ^
      action_trace_start trc_cfg 1runtrace.conf

(NOTE on "role role_for_trace_any_attachment").
But this command can not be executed: FBSVCMGR issues:
===
unknown switch "-role" encountered
===
(and the same if we specify switch with hyphen prefix: "-role").


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

[Firebird-devel] [FB-Tracker] Created: (CORE-5269) Teach FBSVCMGR to understand command switch 'role ' ( this is needed for connect with explicit specifying role which has privilege "TRACE_ANY_ATTACHMENT")

Reply via email to