Issue Details (XML | Word | Printable)

Key: CORE-1900
Type: Improvement Improvement
Status: Closed Closed
Resolution: Duplicate
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Bruno Marx
Votes: 3
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Windows authentication: grant privileges to Windows groups

Created: 13/May/08 10:43 AM   Updated: 23/May/14 08:07 AM
Component/s: Security
Affects Version/s: 2.1.0
Fix Version/s: 3.0 Beta 1

Environment: Windows platform

Target: 3.0 RC2


 Description  « Hide
It would be very desirable to be able to grant a role to a Windows user group regrouping several individual domain/local users. This would simplify the administrative burden of granting/revoking privileges on a per domain/local user basis: e.g. GRANT MyRole TO GROUP "MyDomain\MyDomainGroup";

This is possible under Unix but not on Windows for now.

This would also provide a workaround under Windows for those "domain\USERname" strings exceeding the 31 characters limitation in Firebird. The workaround would consist in creating a "domain\GROUPname" < 31 characters which could regroup "domain\USERname" > 31 characters.

Thanks.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Bruno Marx made changes - 13/May/08 10:50 AM
Field Original Value New Value
Affects Version/s 2.1.0 [ 10041 ]
Alexander Peshkov made changes - 14/May/08 03:20 AM
Assignee Alexander Peshkov [ alexpeshkoff ]
Alexander Peshkov added a comment - 14/May/08 03:25 AM
There are plans to provide even more flexible mapping.

The full syntax of new command is supposed to be:
ALTER {ROLE | USER} <name> {ADD | DROP} OS_NAME 'name'
This will make it possible to map any OS name - user, group or even host:)),
what else can be imagined in security plugin, to any database security name -
user, role, group (when/if we add them).

Alexander Peshkov made changes - 14/May/08 03:25 AM
Fix Version/s 3.0.0 [ 10048 ]
Status Open [ 1 ] Open [ 1 ]
Alexander Peshkov made changes - 14/May/08 03:26 AM
Fix Version/s 3.0.0 [ 10048 ]
Alexander Peshkov made changes - 14/May/08 03:26 AM
Target 3.0.0 [ 10048 ]
Status Open [ 1 ] Open [ 1 ]
Alexander Peshkov added a comment - 22/May/14 01:27 PM - edited
Use CREATE MAPPING to map windows groups to appropriate DB roles.

Alexander Peshkov made changes - 22/May/14 01:27 PM
Status Open [ 1 ] Resolved [ 5 ]
Fix Version/s 3.0 Beta 1 [ 10332 ]
Resolution Duplicate [ 3 ]
Pavel Cisar made changes - 23/May/14 08:07 AM
Status Resolved [ 5 ] Closed [ 6 ]