[fpc-pascal] Re: Connecting to Firebird using FPC/Lazarus over a LAN with user creation privilege
Reinier Olislagers
reinierolislagers at gmail.com
Sun Mar 10 07:50:23 CET 2013
On 9-3-2013 19:56, Mark Morgan Lloyd wrote:
> Reinier Olislagers wrote:
>> On 9-3-2013 17:31, Mark Morgan Lloyd wrote:
> It identifies itself as 2.5, and by that I explicitly mean that I'm
> querying it rather than trusting any claims by the Debian package
> maintainer, and according to the documentation that's the version at
> which rdb$admin system role was added.
>
> I suspect that I'm supposed to be doing something like granting
> rdb$admin to the user concerned in the security database, but so far I
> can't work out how.
Glad you trust the Debian maintainers then ;)
Well...
Background: Create user via SQL:
http://www.firebirdsql.org/refdocs/langrefupd25-security-sql-user-mgmt.html
CREATE USER mark PASSWORD '8charmax' -- if you want to let that user add
other users, add GRANT ADMIN ROLE
GRANT ADMIN ROLE gives the new user the RDB$ADMIN role in the security
database. This allows him to manage user accounts, but doesn't give him
any special privileges in regular databases.
Yes granting rdb$admin for full control seems like a good idea:
http://www.firebirdsql.org/file/documentation/reference_manuals/reference_material/html/langrefupd25-security-rdbadmin.html
Connect to the target db
GRANT RDB$ADMIN TO mark
(execute as e.g. SYSDBA)
Don't forget this:
To make use of his RDB$ADMIN privileges, the grantee simply specifies
the role when connecting to the database.
i.e. TIBConnection.Role:='RDB$ADMIN'
More information about the fpc-pascal
mailing list