Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provision of a gbak Restore Option to ignore grants to users [CORE5785] #6048

Open
firebird-automations opened this issue Apr 5, 2018 · 1 comment

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Tony Whyman (twhyman)

Currently, gbak includes grants to Firebird users in a backup archive and restores these grants when a database is restored from a gbak archive. Restoring grants to Firebird users may be undesirable because e.g.

a) The database is being moved to a different server with a different set of users.

b) A database is being restored from an archive and the archive was taken before one or more users were removed from the server.

In both of the above cases, the restored database will include "stale" access rights. That is rights granted to non-existent users. There is then a long term risk that the DBA may create a user with the same user name as a "stale" user resulting in the user being granted inappropriate access rights.

In order to reduce the risk of this situation occurring, it is proposed that two new options be added to the gbak restore options:

1. Do not restore grants to users
2. Do not restore grants to unknown users.

The first being appropriate when moving a database to a new server and with a different set of users, while the second is appropriate when a database is being restored from an archive copy. The second case may also be useful when tidying up a database grants e.g. to remove grants resulting from mis-typed user names.

@firebird-automations
Copy link
Collaborator Author

Modified by: Tony Whyman (twhyman)

security: Managers [ 10013 ] =>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant