Thanks Vlad for your replies. In response to your first reply:
a) Yes, I had read "Escalating RDB$ADMIN Scope for User Management" but I
appreciate the link and others may too. My users with admin access have already
been granted the RDB$ADMIN ROLE.
b) gsec -role - that is great to know the proper gsec syntax to log in using a
ROLE. Thanks :).
So I am now getting the same result using gsec. Unfortunately in Flame Robin it
is as originally noted:
Now I have a couple of questions for you:
1. Do you know if it is possible in gsec to log in under a custom ROLE? Further
to this, is there a way of GRANTing the custom ROLE the RDB$ADMIN ROLE? I am
guessing this isn't possible for 2 reasons; custom ROLE is in a particular DB
not the Security2.fdb, and you can't GRANT a ROLE to a ROLE.
2. Do you know how things work via the .NET Provider (or rather why they don't
:)? When connecting using SYSDBA I see all users (ie via
FirebirdSql.Data.Services.FbSecurity.DisplayUsers()), however logging in using
another user (eg your ADM1) and the RDB$ADMIN ROLE, I am still only seeing the
the single user ADM1.
Thanks,
David
On Thursday, February 23, 2017 1:17 AM, "[email protected]
[firebird-support]" <[email protected]> wrote:
A little sample with Firebird 2.5
I added ordinary users 'user1' and 'user2' and admin user 'adm1'.
Now try to display list of users
1. Use sysdba account:
firebird\bin>gsec -user sysdba -pass masterkey -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0 Sql Server Administrator
USER1 0 0
USER2 0 0
ADM1 0 0 admin
Of course, sysdba could see all users.
You see - adm1 is really admin user while user1 and user2 are not admins.
2. Ordinary users could see itself only:
firebird\bin>gsec -user user1 -pass u1 -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
USER1 0 0
3. What about non-sysdba admin ?
firebird\bin>gsec -user adm1 -pass adm1 -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
ADM1 0 0 admin
Something wrong ? Let see next sample
4. Specify admin role:
firebird\bin>gsec -user adm1 -pass adm1 -role rdb$admin -display
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0 Sql Server Administrator
USER1 0 0
USER2 0 0
ADM1 0 0 admin
Is it what you need ?
Regards,
Vlad #yiv3993243899 #yiv3993243899 -- #yiv3993243899ygrp-mkp {border:1px solid
#d8d8d8;font-family:Arial;margin:10px 0;padding:0 10px;}#yiv3993243899
#yiv3993243899ygrp-mkp hr {border:1px solid #d8d8d8;}#yiv3993243899
#yiv3993243899ygrp-mkp #yiv3993243899hd
{color:#628c2a;font-size:85%;font-weight:700;line-height:122%;margin:10px
0;}#yiv3993243899 #yiv3993243899ygrp-mkp #yiv3993243899ads
{margin-bottom:10px;}#yiv3993243899 #yiv3993243899ygrp-mkp .yiv3993243899ad
{padding:0 0;}#yiv3993243899 #yiv3993243899ygrp-mkp .yiv3993243899ad p
{margin:0;}#yiv3993243899 #yiv3993243899ygrp-mkp .yiv3993243899ad a
{color:#0000ff;text-decoration:none;}#yiv3993243899 #yiv3993243899ygrp-sponsor
#yiv3993243899ygrp-lc {font-family:Arial;}#yiv3993243899
#yiv3993243899ygrp-sponsor #yiv3993243899ygrp-lc #yiv3993243899hd {margin:10px
0px;font-weight:700;font-size:78%;line-height:122%;}#yiv3993243899
#yiv3993243899ygrp-sponsor #yiv3993243899ygrp-lc .yiv3993243899ad
{margin-bottom:10px;padding:0 0;}#yiv3993243899 #yiv3993243899actions
{font-family:Verdana;font-size:11px;padding:10px 0;}#yiv3993243899
#yiv3993243899activity
{background-color:#e0ecee;float:left;font-family:Verdana;font-size:10px;padding:10px;}#yiv3993243899
#yiv3993243899activity span {font-weight:700;}#yiv3993243899
#yiv3993243899activity span:first-child
{text-transform:uppercase;}#yiv3993243899 #yiv3993243899activity span a
{color:#5085b6;text-decoration:none;}#yiv3993243899 #yiv3993243899activity span
span {color:#ff7900;}#yiv3993243899 #yiv3993243899activity span
.yiv3993243899underline {text-decoration:underline;}#yiv3993243899
.yiv3993243899attach
{clear:both;display:table;font-family:Arial;font-size:12px;padding:10px
0;width:400px;}#yiv3993243899 .yiv3993243899attach div a
{text-decoration:none;}#yiv3993243899 .yiv3993243899attach img
{border:none;padding-right:5px;}#yiv3993243899 .yiv3993243899attach label
{display:block;margin-bottom:5px;}#yiv3993243899 .yiv3993243899attach label a
{text-decoration:none;}#yiv3993243899 blockquote {margin:0 0 0
4px;}#yiv3993243899 .yiv3993243899bold
{font-family:Arial;font-size:13px;font-weight:700;}#yiv3993243899
.yiv3993243899bold a {text-decoration:none;}#yiv3993243899 dd.yiv3993243899last
p a {font-family:Verdana;font-weight:700;}#yiv3993243899 dd.yiv3993243899last p
span {margin-right:10px;font-family:Verdana;font-weight:700;}#yiv3993243899
dd.yiv3993243899last p span.yiv3993243899yshortcuts
{margin-right:0;}#yiv3993243899 div.yiv3993243899attach-table div div a
{text-decoration:none;}#yiv3993243899 div.yiv3993243899attach-table
{width:400px;}#yiv3993243899 div.yiv3993243899file-title a, #yiv3993243899
div.yiv3993243899file-title a:active, #yiv3993243899
div.yiv3993243899file-title a:hover, #yiv3993243899 div.yiv3993243899file-title
a:visited {text-decoration:none;}#yiv3993243899 div.yiv3993243899photo-title a,
#yiv3993243899 div.yiv3993243899photo-title a:active, #yiv3993243899
div.yiv3993243899photo-title a:hover, #yiv3993243899
div.yiv3993243899photo-title a:visited {text-decoration:none;}#yiv3993243899
div#yiv3993243899ygrp-mlmsg #yiv3993243899ygrp-msg p a
span.yiv3993243899yshortcuts
{font-family:Verdana;font-size:10px;font-weight:normal;}#yiv3993243899
.yiv3993243899green {color:#628c2a;}#yiv3993243899 .yiv3993243899MsoNormal
{margin:0 0 0 0;}#yiv3993243899 o {font-size:0;}#yiv3993243899
#yiv3993243899photos div {float:left;width:72px;}#yiv3993243899
#yiv3993243899photos div div {border:1px solid
#666666;height:62px;overflow:hidden;width:62px;}#yiv3993243899
#yiv3993243899photos div label
{color:#666666;font-size:10px;overflow:hidden;text-align:center;white-space:nowrap;width:64px;}#yiv3993243899
#yiv3993243899reco-category {font-size:77%;}#yiv3993243899
#yiv3993243899reco-desc {font-size:77%;}#yiv3993243899 .yiv3993243899replbq
{margin:4px;}#yiv3993243899 #yiv3993243899ygrp-actbar div a:first-child
{margin-right:2px;padding-right:5px;}#yiv3993243899 #yiv3993243899ygrp-mlmsg
{font-size:13px;font-family:Arial, helvetica, clean, sans-serif;}#yiv3993243899
#yiv3993243899ygrp-mlmsg table {font-size:inherit;font:100%;}#yiv3993243899
#yiv3993243899ygrp-mlmsg select, #yiv3993243899 input, #yiv3993243899 textarea
{font:99% Arial, Helvetica, clean, sans-serif;}#yiv3993243899
#yiv3993243899ygrp-mlmsg pre, #yiv3993243899 code {font:115%
monospace;}#yiv3993243899 #yiv3993243899ygrp-mlmsg *
{line-height:1.22em;}#yiv3993243899 #yiv3993243899ygrp-mlmsg #yiv3993243899logo
{padding-bottom:10px;}#yiv3993243899 #yiv3993243899ygrp-msg p a
{font-family:Verdana;}#yiv3993243899 #yiv3993243899ygrp-msg
p#yiv3993243899attach-count span {color:#1E66AE;font-weight:700;}#yiv3993243899
#yiv3993243899ygrp-reco #yiv3993243899reco-head
{color:#ff7900;font-weight:700;}#yiv3993243899 #yiv3993243899ygrp-reco
{margin-bottom:20px;padding:0px;}#yiv3993243899 #yiv3993243899ygrp-sponsor
#yiv3993243899ov li a {font-size:130%;text-decoration:none;}#yiv3993243899
#yiv3993243899ygrp-sponsor #yiv3993243899ov li
{font-size:77%;list-style-type:square;padding:6px 0;}#yiv3993243899
#yiv3993243899ygrp-sponsor #yiv3993243899ov ul {margin:0;padding:0 0 0
8px;}#yiv3993243899 #yiv3993243899ygrp-text
{font-family:Georgia;}#yiv3993243899 #yiv3993243899ygrp-text p {margin:0 0 1em
0;}#yiv3993243899 #yiv3993243899ygrp-text tt {font-size:120%;}#yiv3993243899
#yiv3993243899ygrp-vital ul li:last-child {border-right:none
!important;}#yiv3993243899
