New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no permission for CREATE access to DATABASE (for RDB$ADMIN) [CORE4648] #4962
Comments
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
Commented by: @AlexPeshkoff Volker, if "xy *can* restore using gbak -C ... -role RDB$ADMIN" what is a problem? BTW, using legacy applications you still can use new security model. They should work wih fresh fbclient. If not - it's a bug. |
Commented by: Volker Rehn (vr2_s18) > if "xy *can* restore using gbak -C ... -role RDB$ADMIN" what is a problem? applications do not always have access to the command line, it should not be necessary for restore. Please try this in Flamerobin: connect as a user who is rdb$admin, use this role, and I get Engine Code : 336723987 related: admin xy only sees his own record when doing select sec$user_name from sec$users in Flamerobin. Running the same query in isql as admin xy shows all users. > using legacy applications you still can use new security model. They should work wih fresh fbclient. If not - it's a bug. this is the complete error msg trying to restore using Flamerobin |
Commented by: @AlexPeshkoff Please avoid placing information about more than one bug in single issue. |
Modified by: @AlexPeshkoffstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0 Beta 2 [ 10586 ] |
Commented by: Volker Rehn (vr2_s18) The issue with restoring a database as rdb$admin is not resolved, tested with snapshot 31529, please reopen subtask CORE4651 I still get the same error msg as in my last comment. Are there additional requirements (configuration, placement of files) for this to work? The other two bugs are resolved: Sorry for reporting several bugs in one ticket, I thought they were all symptoms of the same root cause. |
Commented by: @AlexPeshkoff I've made required fixes to firebird but that DOES NOT mean that it will be AT ONCE possible to restore database using flamerobin as you want. Some fixes are needed in flamerobin to make it learn to pass role name when restoring database (and to other services). |
Commented by: Volker Rehn (vr2_s18) Great, thanks, I understand. Any application using the services_mgr for restore needs to call the API differently for this to work. |
Modified by: @pavel-zotovstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pavel-zotovstatus: Closed [ 6 ] => Closed [ 6 ] QA Status: Done successfully => Done with caveats Test Details: NB! Needs to be re-implemented because `grant create database to u4648;` cant be run on current FB version:Statement failed, SQLSTATE = 0A000
|
Submitted by: Volker Rehn (vr2_s18)
Jira_subtask_outward CORE4651
Jira_subtask_outward CORE4652
Jira_subtask_outward CORE4662
Jira_subtask_outward CORE5360
RDB$ADMIN can't restore a database, which worked in Firebird 3 alpha build 31152.
Used isql of Firebird3 beta as sysdba to setup a new user xy, made xy admin by doing grant RDB$ADMIN to xy; alter user xy grant admin role.
This new user, although admin, is not allowed to restore a database. Verified in isql that xy is RDB$ADMIN by doing select * from sec$users.
This user does not have privilege to perform this operation on this http://object.no permission for CREATE access to DATABASE C:\WEB\DATA\DATA4.FDB.
sysdba *can* restore this database. xy *can* restore using gbak -C ... -role RDB$ADMIN ...
firebird.conf is modified, since I use legacy applications (php, Flamerobin, SQLHammer)
AuthServer = Legacy_Auth
AuthClient = Legacy_Auth
UserManager = Legacy_UserManager
CryptPlugin =
WireCrypt = Disabled
Perhaps something with the service mgr? This worked in Build 31152
====== Test Details ======
NB! Needs to be re-implemented because `grant create database to u4648;` cant be run on current FB version:
Statement failed, SQLSTATE = 0A000
unsuccessful metadata update
-GRANT failed
-feature is not supported
-Only grants to USER or ROLE are supported for CREATE DATABASE
The text was updated successfully, but these errors were encountered: