13.10.2013 16:09, Alan McDonald wrote: > I have been using RDB$ADMIN role for a while. > > I can grant it to users, they then have the ability to create and delete > other users and grant roles to them. > > But I see now that RDB$ADMIN is not enough to revoke roles from all users > > I get an exception saying the USERNAME was not the user which granted > ROLENAME to OTHERUSERNAME > > Now it’s a task to find the user who actually granted the role > > SYSDBA does not overwrite this either. SYSDBA logged as any role > including RD B$ADMIN does not give me the ability to revoke the role. It > must be the user (not just the RDB$ADMIN role) who granted the role.
It may be SYSDBA or RDB$ADMIN as well, provided that you specify the GRANTED BY clause for the REVOKE statement. > So is this the way it’s meant to happen? Yes. > Can anyone tell me which system table gives me a clue as to who granted > the role so I can get that person to login and revoke it? In RDB$USER_PRIVILEGES, search for 'M' (membership) privileges. Dmitry ------------------------------------ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Visit http://www.firebirdsql.org and click the Resources item on the main (top) menu. Try Knowledgebase and FAQ links ! Also search the knowledgebases at http://www.ibphoenix.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/firebird-support/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/firebird-support/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://info.yahoo.com/legal/us/yahoo/utos/terms/
