Saturday, March 10 [email protected] wrote: > I'm trying to create an external table with a normal user and I'm getting > this error:
> This operation is not defined for system tables. > unsuccessful metadata update. > CREATE TABLE EXT_CTB_LANCAMENTO failed. > There is no privilege for this operation. > How do I grant permission to a regular user to create external > tables? During my tests only sysdba could create them. Access to the database via external tables is a potential vulnerability. If a non-privileged user is allowed to create and manipulate the metadata of database objects, the vulnerabilty escalates. Hence the restriction you are encountering when a non-privileged user tries to create a table. If you are using Firebird 3, you can grant permission to any ordinary user (or a user with a specific role) to create tables. With that privilege, that user can create and manipulate metadata for *any* table. You would have to feel very sure that the appointed user, or users with that role, would not mess with any other tables or abuse the privilege in any way. You can read about metadata privileges (sometimes nicknamed "DDL privileges") here: https://www.firebirdsql.org/file/documentation/release_notes/html/en/3_0/rnfb30-access-sql.html#rnfb30-security-metadataprivs You should restrict the location of external files as heavily as possible, by setting the allowed location in firebird.conf, via the ExternalFileAccess parameter with the RESTRICT argument. Don't forget that you have to restart Firebird after changes to firebird.conf or databases.conf. Helen
