On 10-11-2018 12:57, Tomasz Tyrakowski t.tyrakow...@sol-system.pl [firebird-support] wrote: > On 09.11.2018 at 16:03, Mark Rotteveel m...@lawinegevaar.nl > [firebird-support] wrote: >> On 2018-11-09 15:19, jonatan.laurit...@yahoo.dk [firebird-support] >> wrote: >>> I used to execute GRANT... TO PUBLIC for every new database object I >>> had created in the past, but for some time (I can not tell exactly - >>> whether starting from Firebird 2.1 or from Firebird 3.0 only) this has >>> not effect. I can see in the metadata tables, that PUBLIC has been >>> granted new rights, but individual users (who should inherited all the >>> assigned privilegies from the PUBLIC) have no access to the new >>> objects. It worked as expected in Firebird 1.5. Does something changed >>> here, is it by design now or is it error or I am doing something wrong >>> technically? >> >> It should still work, although possibly some form of metadata-caching >> may be involved (not sure). Please provide a reproduction recipe. >> > > I can confirm it works correctly in 2.5.x (can't say anything about 3.x > though). We're using the same approach (the users of our system are > actually created as FB users, so granting access to PUBLIC is more > convenient than having to execute dozens of grants after adding each new > user; I know it has some downsides, but that's not the point here).
Firebird 4 will introduce default roles (though technically PUBLIC is a default role as well) which will allow more control by granting users a default role. That way they will get the rights of those default roles without having to explicitly specify a role on connect. Mark -- Mark Rotteveel
