On 12/13/21 12:56, Adriano dos Santos Fernandes wrote:
On 12/12/2021 14:55, Dimitry Sibiryakov wrote:
Alex Peshkoff via Firebird-devel wrote 12.12.2021 18:52:
If it does not return sensitive information, I see no problem in add
it to examples UDR project.
With a check for SYSDBA I see no security risk with this UDR
   Isn't GRANT EXECUTE to RDB$ADMIN enough?

It's just not needed. RDB$ADMINS can execute everything without additional grants.

Or UDRs are not subject of
SQL rights?

The problem is that if it's available in the server, it can be declared
in all databases.

But since v.3 we have control on access to UDR. I suppose DS meant something like this:

# ./isql -user guest employee
Database: employee, User: GUEST
SQL> select sum_args(1,2,3) from rdb$database;
Statement failed, SQLSTATE = 28000
no permission for EXECUTE access to FUNCTION SUM_ARGS
SQL>




Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to