Issue Details (XML | Word | Printable)

Key: CORE-1900
Type: Improvement Improvement
Status: Closed Closed
Resolution: Duplicate
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Bruno Marx
Votes: 3
Watchers: 1

If you were logged in you would be able to see more operations.
Firebird Core

Windows authentication: grant privileges to Windows groups

Created: 13/May/08 10:43 AM   Updated: 23/May/14 08:07 AM
Component/s: Security
Affects Version/s: 2.1.0
Fix Version/s: 3.0 Beta 1

Environment: Windows platform

Target: 3.0 RC2

 Description  « Hide
It would be very desirable to be able to grant a role to a Windows user group regrouping several individual domain/local users. This would simplify the administrative burden of granting/revoking privileges on a per domain/local user basis: e.g. GRANT MyRole TO GROUP "MyDomain\MyDomainGroup";

This is possible under Unix but not on Windows for now.

This would also provide a workaround under Windows for those "domain\USERname" strings exceeding the 31 characters limitation in Firebird. The workaround would consist in creating a "domain\GROUPname" < 31 characters which could regroup "domain\USERname" > 31 characters.


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 14/May/08 03:25 AM
There are plans to provide even more flexible mapping.

The full syntax of new command is supposed to be:
ALTER {ROLE | USER} <name> {ADD | DROP} OS_NAME 'name'
This will make it possible to map any OS name - user, group or even host:)),
what else can be imagined in security plugin, to any database security name -
user, role, group (when/if we add them).

Alexander Peshkov added a comment - 22/May/14 01:27 PM - edited
Use CREATE MAPPING to map windows groups to appropriate DB roles.