Issue Details (XML | Word | Printable)

Key: CORE-6152
Type: Improvement Improvement
Status: Open Open
Priority: Minor Minor
Assignee: Unassigned
Reporter: Pavel Zotov
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Provide ability to manage users from security.db when connected to read-only (user)-DB

Created: 07/Oct/19 01:16 PM   Updated: 07/Oct/19 01:16 PM
Component/s: Security
Affects Version/s: None
Fix Version/s: None

QA Status: No test


 Description  « Hide
Connect as SYSDBA to any read-only database.
Then:

SQL> set list on;
SQL> select mon$read_only from mon$database;
 
MON$READ_ONLY 1
 
SQL> select * from sec$users;
 
SEC$USER_NAME SYSDBA
. . .
SEC$PLUGIN Legacy_UserManager
 
SEC$USER_NAME SYSDBA
. . .
SEC$PLUGIN Srp
 
SQL> drop user sysdba using plugin Srp;
Statement failed, SQLSTATE = 42000
Dynamic SQL Error
-attempted update on read-only database
 
SQL> drop user foo using plugin Srp;
Statement failed, SQLSTATE = 42000
Dynamic SQL Error
-attempted update on read-only database

It will be useful to have ability create/alter/drop users by granting this priviledge to some user (for example, from HR department), but without giving to him any other rights.
Ideally he must be able only to establish connect to some read-only DB.


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.