Issue Details (XML | Word | Printable)

Key: CORE-1660
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Control assignment of SYSDBA rights to windows administrators during trusted auth on per-database basis

Created: 20/Dec/07 10:33 AM   Updated: 12/Nov/09 04:01 PM
Component/s: Engine, Security
Affects Version/s: None
Fix Version/s: 2.5 Alpha 1

Time Tracking:
Not Specified

Environment: Primarily windows

Target: 2.5.0


 Description  « Hide
We have 2 main problems with trusted authentication - users can't control, should Domain Admins be mapped to SYSDBA and (related with first) real login names are not visible when mapped to SYSDBA.

A solution to both problems is to add system role RDB$ADMIN, using which gives one the same rights as being SYSDBA in particular database. Mapping Domain Admins to this role will be done using
ALTER ROLE "RDB$ADMIN" ADD/DROP OS_NAME 'Domain Admins';
Given syntax matches future full mapping control SQL statement. With this role supported there is no need to change OS login name to SYSDBA any more.

Presence of system role RDB$ADMIN is useful feature itself. SYSDBA can grant this role to any user, letting him have SYSDBA rights for particular database.

 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 04/Jan/08 01:08 PM
Added minimum support of users mapping.