CREATE [OR ALTER] USER statement with GRANT ADMIN ROLE: TAGS is allowed to be specified only in the end of statement in such case (discrepancy with documentation) -------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: CORE-6183 URL: http://tracker.firebirdsql.org/browse/CORE-6183 Project: Firebird Core Issue Type: Bug Affects Versions: 4.0 Beta 1, 3.0.4 Reporter: Pavel Zotov Priority: Minor According to doc, CREATE USER statement can contain GRANT ADMIN ROLE, and the syntax is: 1) in FB 2.5.x ( https://firebirdsql.org/refdocs/langrefupd25-security-sql-user-mgmt.html ): CREATE USER username PASSWORD 'password' [FIRSTNAME 'firstname'] [MIDDLENAME 'middlename'] [LASTNAME 'lastname'] [GRANT ADMIN ROLE] ------------------------- 2) in FB 3.x ( https://firebirdsql.org/file/documentation/reference_manuals/firebird-language-reference-30-rus.pdf (NOTE: this doc is in RUSSIAN)), page 518: CREATE USER username PASSWORD 'password' [FIRSTNAME 'firstname'] [MIDDLENAME 'middlename'] [LASTNAME 'lastname'] [ACTIVE | INACTIVE] [USING PLUGIN pluginname] ----------------------------- 1 [TAGS (<tag>[, <tag>[, <tag>...]] )] ------------------ 2 [GRANT ADMIN ROLE] ------------------------------------ 3 ; /* Reference to FB 2.5 here is only for those who can not read doc in russian (unfort., I could not find similar to "firebird-language-reference-30-rus.pdf" in english; may be it was not (yet) translated ?) */ So, we can specify all three clauses in FB 3.x: 'USING PLUGIN', 'TAGS', and 'GRANT ADMIN ROLE' Unfortunately, current FB releases force to specify these clauses in fixed positions; furthermore, statement will be considered as valid only when positions violate the order that is shown above. It seems to me that it is "TAG( ... )" clause that is the reason of this problem. Please look: C:\FB\30SS>isql /:e30 Database: /:e30, User: SYSDBA SQL> create user tmp20191103_150701 password '123' using plugin Srp grant admin role; -- NO tags here ==> no problem SQL> drop user tmp20191103_150701 using plugin Srp; ### Examples WITH TAGS(....) clause ### SQL> create user tmp20191103_150701 password '123' tags ( foo = 'bar' ) using plugin Srp grant admin role; Statement failed, SQLSTATE = 42000 Dynamic SQL Error -SQL error code = -104 -Token unknown - line 1, column 68 -using SQL> rollback; SQL> create user tmp20191103_150701 password '123' using plugin Srp tags ( foo = 'bar' ) grant admin role; Statement failed, SQLSTATE = 42000 Dynamic SQL Error -SQL error code = -104 -Token unknown - line 1, column 85 -grant SQL> rollback; SQL> create user tmp20191103_150701 password '123' using plugin Srp grant admin role tags ( foo = 'bar' ); SQL> drop user tmp20191103_150701 using plugin Srp; SQL> create user tmp20191103_150701 password '123' grant admin role using plugin Srp tags ( foo = 'bar' ); SQL> drop user tmp20191103_150701 using plugin Srp; So, currently valid order of clauses is: 1) USING PLUGIN <...>; 2) GRANT ADMIN ROLE; 3) TAGS( ... ) == or == 1) GRANT ADMIN ROLE; 2) USING PLUGIN <...>; 3) TAGS( ... ) -- i.e. TAGS must be specified at the end of the whole statement. The same in CREATE OR ALTER user (rather than just "CREATE'). Checked on: WI-T4.0.0.1639 Firebird 4.0 Beta 1 ; WI-V3.0.5.33183 Firebird 3.0 PS. I've set priority to "minor" because workaround does exist, see examples above. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tracker.firebirdsql.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel