Issue Details (XML | Word | Printable)

Key: CORE-5785
Type: Improvement Improvement
Status: Open Open
Priority: Minor Minor
Assignee: Unassigned
Reporter: Tony Whyman
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
Firebird Core

Provision of a gbak Restore Option to ignore grants to users

Created: 05/Apr/18 10:06 AM   Updated: 05/Apr/18 10:07 AM
Component/s: GBAK
Affects Version/s: 3.0.3
Fix Version/s: None

Environment: All

QA Status: No test

 Description  « Hide
Currently, gbak includes grants to Firebird users in a backup archive and restores these grants when a database is restored from a gbak archive. Restoring grants to Firebird users may be undesirable because e.g.

a) The database is being moved to a different server with a different set of users.

b) A database is being restored from an archive and the archive was taken before one or more users were removed from the server.

In both of the above cases, the restored database will include "stale" access rights. That is rights granted to non-existent users. There is then a long term risk that the DBA may create a user with the same user name as a "stale" user resulting in the user being granted inappropriate access rights.

In order to reduce the risk of this situation occurring, it is proposed that two new options be added to the gbak restore options:

1. Do not restore grants to users
2. Do not restore grants to unknown users.

The first being appropriate when moving a database to a new server and with a different set of users, while the second is appropriate when a database is being restored from an archive copy. The second case may also be useful when tidying up a database grants e.g. to remove grants resulting from mis-typed user names.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.