Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add field in SEC$USERS reflecting whether a user has RDB$ADMIN role in security database [CORE4469] #4789

Closed
firebird-automations opened this issue Jun 20, 2014 · 8 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Robert (rjm1102)

I like to request a new field in SEC$USERS that reflects whether a user has the RDB$ADMIN role in the security database (as a result of CREATE USER GRANT ADMIN ROLE).

Suggested names for this new field: SEC$ADMIN_ROLE or SEC$ADMIN, value 0/1 or boolean.

This is the only user info missing now in sec$users, that can be obtained by the service manager (isc_action_svc_display_user_adm).

Note: special consideration is needed for user SYSDBA because this user is of course an administrator, but has not the RDB$ADMIN role been assigned in the security database. I suggest to assign 0 for this user to the new field because this is also the case for fbsvcmgr action_display_user_adm.

Commits: adb0480 FirebirdSQL/fbt-repository@2a4e70e

@firebird-automations
Copy link
Collaborator Author

Commented by: Sean Leyne (seanleyne)

Why is this necessary?

Can't you query to the User_Role data to determine that?

@firebird-automations
Copy link
Collaborator Author

Commented by: Robert (rjm1102)

Hi Sean.
No, that is not possible, since the role RDB$ADMIN is granted in the *security* database for which I have no access.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

To be precise almost everything regarding rdb$admin is still broken.
Initially we expected to have a whole set of system roles in FB3, therefore I did not hurry with admin implementation. Now it's clear that this feature has to wait for the next release. And hopefully something can be done.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0 Beta 1 [ 10332 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @pavel-zotov

Was this request really implemented ?

SQL> create user boss password '123'; commit;
SQL> set list on;
SQL> select * from sec$users where sec$user_name='BOSS';

SEC$USER_NAME BOSS
SEC$FIRST_NAME <null>
SEC$MIDDLE_NAME <null>
SEC$LAST_NAME <null>
SEC$ACTIVE <true>
SEC$ADMIN <false>
SEC$DESCRIPTION <null>
SEC$PLUGIN Srp

SQL> grant rdb$admin to boss;
SQL> commit;
SQL> select * from sec$users where sec$user_name='BOSS';

SEC$USER_NAME BOSS
SEC$FIRST_NAME <null>
SEC$MIDDLE_NAME <null>
SEC$LAST_NAME <null>
SEC$ACTIVE <true>
SEC$ADMIN <false> ----------------------------- still FALSE.
SEC$DESCRIPTION <null>
SEC$PLUGIN Srp

PS. LI-T3.0.0.31797

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

#⁠ ./isql employee
Database: employee
SQL> create user boss password '123';
SQL> select SEC$ADMIN from sec$users where sec$user_name='BOSS';

SEC$ADMIN

<false>

SQL> alter user boss grant admin role;
SQL> commit;
SQL> select SEC$ADMIN from sec$users where sec$user_name='BOSS';

SEC$ADMIN

<true>

SQL>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: Done successfully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants