Re: [firebird-support] Does GRANT... TO PUBLIC has no more effect anymore?
On 10-11-2018 13:33, Mark Rotteveel m...@lawinegevaar.nl [firebird-support] wrote: >> I can confirm it works correctly in 2.5.x (can't say anything about 3.x >> though). We're using the same approach (the users of our system are >> actually created as FB users, so granting access to PUBLIC is more >> convenient than having to execute dozens of grants after adding each new >> user; I know it has some downsides, but that's not the point here). > > Firebird 4 will introduce default roles (though technically PUBLIC is a > default role as well) which will allow more control by granting users a > default role. That way they will get the rights of those default roles > without having to explicitly specify a role on connect. And I just found out that with Firebird 3's authentication mapping, you can define a mapping that will automatically grant and enable a role. Mark -- Mark Rotteveel
Re: [firebird-support] Does GRANT... TO PUBLIC has no more effect anymore?
On 10-11-2018 12:57, Tomasz Tyrakowski t.tyrakow...@sol-system.pl [firebird-support] wrote: > On 09.11.2018 at 16:03, Mark Rotteveel m...@lawinegevaar.nl > [firebird-support] wrote: >> On 2018-11-09 15:19, jonatan.laurit...@yahoo.dk [firebird-support] >> wrote: >>> I used to execute GRANT... TO PUBLIC for every new database object I >>> had created in the past, but for some time (I can not tell exactly - >>> whether starting from Firebird 2.1 or from Firebird 3.0 only) this has >>> not effect. I can see in the metadata tables, that PUBLIC has been >>> granted new rights, but individual users (who should inherited all the >>> assigned privilegies from the PUBLIC) have no access to the new >>> objects. It worked as expected in Firebird 1.5. Does something changed >>> here, is it by design now or is it error or I am doing something wrong >>> technically? >> >> It should still work, although possibly some form of metadata-caching >> may be involved (not sure). Please provide a reproduction recipe. >> > > I can confirm it works correctly in 2.5.x (can't say anything about 3.x > though). We're using the same approach (the users of our system are > actually created as FB users, so granting access to PUBLIC is more > convenient than having to execute dozens of grants after adding each new > user; I know it has some downsides, but that's not the point here). Firebird 4 will introduce default roles (though technically PUBLIC is a default role as well) which will allow more control by granting users a default role. That way they will get the rights of those default roles without having to explicitly specify a role on connect. Mark -- Mark Rotteveel
Re: [firebird-support] Does GRANT... TO PUBLIC has no more effect anymore?
On 09.11.2018 at 16:03, Mark Rotteveel m...@lawinegevaar.nl [firebird-support] wrote: > On 2018-11-09 15:19, jonatan.laurit...@yahoo.dk [firebird-support] > wrote: >> I used to execute GRANT... TO PUBLIC for every new database object I >> had created in the past, but for some time (I can not tell exactly - >> whether starting from Firebird 2.1 or from Firebird 3.0 only) this has >> not effect. I can see in the metadata tables, that PUBLIC has been >> granted new rights, but individual users (who should inherited all the >> assigned privilegies from the PUBLIC) have no access to the new >> objects. It worked as expected in Firebird 1.5. Does something changed >> here, is it by design now or is it error or I am doing something wrong >> technically? > > It should still work, although possibly some form of metadata-caching > may be involved (not sure). Please provide a reproduction recipe. > I can confirm it works correctly in 2.5.x (can't say anything about 3.x though). We're using the same approach (the users of our system are actually created as FB users, so granting access to PUBLIC is more convenient than having to execute dozens of grants after adding each new user; I know it has some downsides, but that's not the point here). Tomasz -- __--==--__ __--== Tomasz Tyrakowski==--__ __--==SOL-SYSTEM==--__ __--== http://www.sol-system.pl ==--__ __--==--__
