On 28-02-2020 05:13, FSPAPA INCA Team [email protected] [firebird-support] wrote: > I'm also using Firebird 3 (3.0.4), with a new test database containing its > own security database. > > The setup is similar: > > create global mapping trusted_auth using plugin win_sspi from any user to > user; > create role foo; > > Mapping a single user to the role works: > > PS C:\Users\adm_sdrake> d:\apps\firebird\isql.exe -u sysdba foo > Database: foo, User: SYSDBA > SQL> create mapping sjd_foo using plugin win_sspi from user > 'foodstuff\adm_sdrake' to role foo; > SQL> exit; > > PS C:\Users\adm_sdrake> d:\apps\firebird\isql.exe localhost/3051:foo > Database: localhost/3051:foo, User: FOODSTUFF\ADM_SDRAKE, Role: FOO > SQL> quit; > > But mapping a group does not: > PS C:\Users\adm_sdrake> d:\apps\firebird\isql.exe -u sysdba foo > Database: foo, User: SYSDBA > SQL> drop mapping sjd_foo; > SQL> create mapping inca_foo using plugin win_sspi from group > 'foodstuff\RBAC_INCA Support' to role foo; > SQL> exit; > > PS C:\Users\adm_sdrake> d:\apps\firebird\isql.exe localhost/3051:foo > Database: localhost/3051:foo, User: FOODSTUFF\ADM_SDRAKE > SQL> set trusted role; > Statement failed, SQLSTATE = 0P000 > Your attachment has no trusted role > SQL> quit; > > I've tried multiple groups that I'm a member of, with and without the domain > prefix, but no luck. > > Any clues… is this sort of mapping supported?
According to the documentation in doc\sql.extensions\README.mapping.html it should be supported. However, I have never used it, and I don't have a domain to experiment on. Maybe Alex Peshkoff knows more, and otherwise I'd suggest creating a ticket in the tracker, because either something is broken, or the current documentation is insufficient. Mark -- Mark Rotteveel
