>Hi,
>
> I noticed that for standard users with firebird trusted
authentication, we need to mention the role name with the connection
parameters.
>
> Can somebody give more details about it.
>
> Thank you.
>
> Regards,
>
> Sabu Hariharan
Hi Sabu!
I'm answering since no-one seems to have answered you.
I think this simply is the way roles work with Firebird. Think of it as
"What kind of access do I want for this connection?", rather than "What
are the sum of all access rights my user have been given through roles?".
Sometimes, I know that I simply want to read data and then it is safer
to connect using a role that have reading access only (then it doesn't
harm if I accidentally do a DELETE FROM <table>). Other times, I want to
update things, then I have to connect using a role that can update (but
need to be a bit more careful regarding which queries I throw at the
database).
If you want access rights that should always be available for a
particular person regardless of roles used with the connection, grant
the access rights directly to the user rather than go through a role.
You could even write a query that would get you the commands to execute
to give the user the same rights as a role (this is not tested by any
means and most likely overly simplified and only suitable for simple cases):
SELECT 'GRANT '||
trim(CASE RDB$PRIVILEGE
WHEN 'S' THEN 'SELECT'
WHEN 'I' THEN 'INSERT'
WHEN 'U' THEN 'UPDATE'
WHEN 'D' THEN 'DELETE'
WHEN 'R' THEN 'REFERENCES'
END) ||
IIF(RDB$FIELD_NAME > '', '('||TRIM(RDB$FIELD_NAME)||')', '')||
' ON ' ||trim(RDB$RELATION_NAME)||' TO MYUSER;'
FROM RDB$USER_PRIVILEGES
WHERE RDB$USER = 'MYROLE';
HTH,
Set
