Issue Details (XML | Word | Printable)

Key: CORE-1660
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 1

If you were logged in you would be able to see more operations.
Firebird Core

Control assignment of SYSDBA rights to windows administrators during trusted auth on per-database basis

Created: 20/Dec/07 10:33 AM   Updated: 19/Jan/16 05:01 AM
Component/s: Engine, Security
Affects Version/s: None
Fix Version/s: 2.5 Alpha 1

Environment: Primarily windows

Target: 2.5.0
QA Status: No test

 Description  « Hide
We have 2 main problems with trusted authentication - users can't control, should Domain Admins be mapped to SYSDBA and (related with first) real login names are not visible when mapped to SYSDBA.

A solution to both problems is to add system role RDB$ADMIN, using which gives one the same rights as being SYSDBA in particular database. Mapping Domain Admins to this role will be done using
Given syntax matches future full mapping control SQL statement. With this role supported there is no need to change OS login name to SYSDBA any more.

Presence of system role RDB$ADMIN is useful feature itself. SYSDBA can grant this role to any user, letting him have SYSDBA rights for particular database.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 04/Jan/08 01:08 PM
Added minimum support of users mapping.