Hi,
can you point me if i understand correctly
that if user need to see all data in e.g. mon$attachement
i cannot grant he/se privilege or add this privilege to currently existed role
instead i must create separate role for this and grant this role to user or
grant that role to other role?
If this is true - why complicate simple thing like that?
this should be as usual as normal grant revoke operations
i like proposition from http://tracker.firebirdsql.org/browse/CORE-2233
GRANT VIEWALL ON {MON$TABLE} TO {USER|ROLE}
only name should be changed to
GRANT SYSTEM_PRIVILEGES ON {MON$TABLE} TO {USER|ROLE}
or maybe
GRANT ADMIN ON {MON$TABLE} TO {USER|ROLE}
or the best as is for WITH GRANT OPTION add name ADMIN or SYSTEM or whatever
do this as:
----------------------------------------
GRANT SELECT ON {MON$TABLE} TO {USER|ROLE} WITH ADMIN OPTION
GRANT DELETE ON {MON$TABLE} TO {USER|ROLE} WITH ADMIN OPTION
----------------------------------------
this is clear and convinent way to do this
regards,
Karol Bieniaszewski------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
