At 11:31 a.m. 6/06/2013, micheus.vieira wrote: >I was working on a database grants (Firebird 2.5.2) and I just noticed >that it's possible to assign an role to a user that not exists without >raise any exception. >Is that supposed to be right?
Yes; as long as the security database applies to any user database on the server, i.e., in all released versions of Firebird. Remember, a ROLE (like all SQL privileges) is a database object (inside a specific database, doesn't cross database boundaries), while a USER is a server object (a record inside the security database). You can't connect to a database using a role alone: a role is NOT a user group. You get onto the server using valid USER credentials and you get access to objects inside specific databases by way of SQL privileges. In Firebird 3 comes the capability to have a security database that applies to only one database. In that configuration, you'll need to be less sloppy about the user/privilege mappings in your security design or you're likely to have a few unhappy users. ;-) Helen Borrie, Support Consultant, IBPhoenix (Pacific) Author of "The Firebird Book" and "The Firebird Book Second Edition" http://www.firebird-books.net __________________________________________________________________
