---In [email protected], <cerrogrande69@...> wrote : > In a production environment using Firebird v2.5, we need to delegate > authority of USER CRUD operations to more than one person without these > admins sharing the SYSDBA user and password. Does you read this chapter ?
https://www.firebirdsql.org/file/documentation/release_notes/html/en/2_5/rnfb25-admin.html#rnfb25-prvlgs-super https://www.firebirdsql.org/file/documentation/release_notes/html/en/2_5/rnfb25-admin.html#rnfb25-prvlgs-super > These admins have been created as users with ADMIN ROLE, and are logged in > under the RDB$ADMIN ROLE (eg in Flame Robin or via the .NET Provider, or > '-admin' switch in gsec). With this ROLE, it is possible to perform > Creation, Update, and Deletion operations of CRUD via Flame Robin as well as > gsec. Ok > The roadblock, however, is not being able to list/enumerate the users (ie > Read). In gsec when logged in as SYSDBA all users are displayed via the > 'display' command, whereas using another RDB$ADMIN superuser only the logged > in user is displayed. Does you pass RDB$ADMIN role name to a gsec command line ? > The latter is also the case when using the .NET Provider and making the call > to FirebirdSql.Data.Services.FbSecurity.DisplayUsers(). Does you specify RDB$ADMIN role when using Services API ? > Via Flame Robin menu Server | Manager Users, you are prompted with the > Database Credentials dialog with Username pre-populated with 'SYSDBA' and > read-only. I don't know if Flame Robin ask for role in this dialog. It is enough for start :) Regards, Vlad
