Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Control assignment of SYSDBA rights to windows administrators during trusted auth on per-database basis [CORE1660] #2085

Closed
firebird-automations opened this issue Dec 20, 2007 · 5 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

We have 2 main problems with trusted authentication - users can't control, should Domain Admins be mapped to SYSDBA and (related with first) real login names are not visible when mapped to SYSDBA.

A solution to both problems is to add system role RDB$ADMIN, using which gives one the same rights as being SYSDBA in particular database. Mapping Domain Admins to this role will be done using
ALTER ROLE "RDB$ADMIN" ADD/DROP OS_NAME 'Domain Admins';
Given syntax matches future full mapping control SQL statement. With this role supported there is no need to change OS login name to SYSDBA any more.

Presence of system role RDB$ADMIN is useful feature itself. SYSDBA can grant this role to any user, letting him have SYSDBA rights for particular database.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Added minimum support of users mapping.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5 Alpha 1 [ 10224 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 13711 ] => Firebird [ 15542 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants