05.03.2017 15:37, Mark Rotteveel wrote: >>>>> Also curious: initializing the security database for Srp adds two Srp >>>>> SYSDBA accounts (but it might always have done that). >>>> >>>> I think you mixed two SYSDBA accounts created by different plugins. >>>> See below (security4.fdb just copied from gen\dbs\security.fdb) : >>> >>> I have done some more digging. I can reproduce it with gsec if I use: >>> >>> add sysdba -pw masterkey -admin yes >>> >>> not if I use >>> >>> add sysdba -pw masterkey >>> >>> Similar if I use in ISQL: >>> >>> create user sysdba password 'masterkey' grant admin role; >>> >>> not if I use >>> >>> create user sysdba password 'masterkey'; >> >> Thanks, I'll look at it a bit later > > http://tracker.firebirdsql.org/browse/CORE-5496
Fortunately, there is no two SYSDBA accounts. The issue is that SYSDBA have granted ADMIN privilege two times and query (behind the SEC$USERS) returns it two times. The first grant is granted by NULL grantor and exists before security database initialized by SRP. The second one is granted by SYSDBA when CREATE USER SYSDBA GRANT ADMIN ROLE statement is executed. Regards, Vlad ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
