>Hi, > > I noticed that for standard users with firebird trusted authentication, we need to mention the role name with the connection parameters. > > Can somebody give more details about it. > > Thank you. > > Regards, > > Sabu Hariharan
Hi Sabu! I'm answering since no-one seems to have answered you. I think this simply is the way roles work with Firebird. Think of it as "What kind of access do I want for this connection?", rather than "What are the sum of all access rights my user have been given through roles?". Sometimes, I know that I simply want to read data and then it is safer to connect using a role that have reading access only (then it doesn't harm if I accidentally do a DELETE FROM <table>). Other times, I want to update things, then I have to connect using a role that can update (but need to be a bit more careful regarding which queries I throw at the database). If you want access rights that should always be available for a particular person regardless of roles used with the connection, grant the access rights directly to the user rather than go through a role. You could even write a query that would get you the commands to execute to give the user the same rights as a role (this is not tested by any means and most likely overly simplified and only suitable for simple cases): SELECT 'GRANT '|| trim(CASE RDB$PRIVILEGE WHEN 'S' THEN 'SELECT' WHEN 'I' THEN 'INSERT' WHEN 'U' THEN 'UPDATE' WHEN 'D' THEN 'DELETE' WHEN 'R' THEN 'REFERENCES' END) || IIF(RDB$FIELD_NAME > '', '('||TRIM(RDB$FIELD_NAME)||')', '')|| ' ON ' ||trim(RDB$RELATION_NAME)||' TO MYUSER;' FROM RDB$USER_PRIVILEGES WHERE RDB$USER = 'MYROLE'; HTH, Set