[Firebird-devel] [FB-Tracker] Created: (CORE-5770) User who is allowed to manage other users must have this ability WITHOUT need to grant him RDB$ADMIN role (which is related to admin tasks in "main" database rather than in security_db)

[Pavel Zotov (JIRA)]

User who is allowed to manage other users must have this ability WITHOUT need 
to grant him RDB$ADMIN role (which is related to admin tasks in "main" database 
rather than in security_db)
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                 Key: CORE-5770
                 URL: http://tracker.firebirdsql.org/browse/CORE-5770
             Project: Firebird Core
          Issue Type: Improvement
          Components: Engine, Security
    Affects Versions: 4.0 Beta 1
            Reporter: Pavel Zotov
            Priority: Minor


It will be good if SYSDBA may to grant other user (say, "foo") to manage other 
users but do this WITHOUT granting him rdb$admin role.
Currently it is impossible.

case-1:
======

set list on;
connect 'localhost:employee' user sysdba password 'masterkey';
create or alter user foo password '123' using plugin Srp grant admin role;
create or alter user bar password '456' inactive using plugin Srp;
commit;
 
connect 'localhost:employee' user foo password '123';
select current_user as who_am_i, current_role as whats_my_role from 
rdb$database;
 
WHO_AM_I                        FOO
WHATS_MY_ROLE                   NONE

commit;
 
alter user bar active using plugin Srp; ---------- this statement relates to 
security_db where 'foo' was granted to work as admin
Statement failed, SQLSTATE = 28000
modify record error
-no permission for UPDATE access to COLUMN PLG$SRP_VIEW.PLG$ACTIVE
commit;


case-2:
======

connect 'localhost:employee' user sysdba password 'masterkey';
 
create or alter user foo password '123' using plugin Srp grant admin role;
grant rdb$admin to foo;
create or alter user bar password '456' inactive using plugin Srp;
commit;
 
connect 'localhost:employee' user foo password '123' role 'RDB$ADMIN';
select current_user as who_am_i, current_role as whats_my_role from 
rdb$database;
 
WHO_AM_I                        FOO
WHATS_MY_ROLE                   RDB$ADMIN
 
 
commit;
 
alter user bar active using plugin Srp; -------------------------- [1] 
commit;
 
connect 'localhost:employee' user sysdba password 'masterkey';
drop user foo using plugin Srp;
drop user bar using plugin Srp;
commit;


Statement [1] passed only when 'foo' has TWO roles: 
1) admin in security_db and 
2) rdb$admin in employee

But this statement (alter user ...) has not anything with 'employee' database. 
Granting role 'rdb$admin' looks here as excessive and even dangerous: we allow 
to foo make admin tasks not only in security_db but also in the "main" database.



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel