You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, gbak includes grants to Firebird users in a backup archive and restores these grants when a database is restored from a gbak archive. Restoring grants to Firebird users may be undesirable because e.g.
a) The database is being moved to a different server with a different set of users.
b) A database is being restored from an archive and the archive was taken before one or more users were removed from the server.
In both of the above cases, the restored database will include "stale" access rights. That is rights granted to non-existent users. There is then a long term risk that the DBA may create a user with the same user name as a "stale" user resulting in the user being granted inappropriate access rights.
In order to reduce the risk of this situation occurring, it is proposed that two new options be added to the gbak restore options:
1. Do not restore grants to users
2. Do not restore grants to unknown users.
The first being appropriate when moving a database to a new server and with a different set of users, while the second is appropriate when a database is being restored from an archive copy. The second case may also be useful when tidying up a database grants e.g. to remove grants resulting from mis-typed user names.
The text was updated successfully, but these errors were encountered:
Submitted by: Tony Whyman (twhyman)
Currently, gbak includes grants to Firebird users in a backup archive and restores these grants when a database is restored from a gbak archive. Restoring grants to Firebird users may be undesirable because e.g.
a) The database is being moved to a different server with a different set of users.
b) A database is being restored from an archive and the archive was taken before one or more users were removed from the server.
In both of the above cases, the restored database will include "stale" access rights. That is rights granted to non-existent users. There is then a long term risk that the DBA may create a user with the same user name as a "stale" user resulting in the user being granted inappropriate access rights.
In order to reduce the risk of this situation occurring, it is proposed that two new options be added to the gbak restore options:
1. Do not restore grants to users
2. Do not restore grants to unknown users.
The first being appropriate when moving a database to a new server and with a different set of users, while the second is appropriate when a database is being restored from an archive copy. The second case may also be useful when tidying up a database grants e.g. to remove grants resulting from mis-typed user names.
The text was updated successfully, but these errors were encountered: