Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide ability to manage users from security.db when connected to read-only (user)-DB [CORE6152] #6401

Open
firebird-automations opened this issue Oct 7, 2019 · 0 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @pavel-zotov

Connect as SYSDBA to any read-only database.
Then:

SQL> set list on;
SQL> select mon$read_only from mon$database;

MON$READ_ONLY 1

SQL> select * from sec$users;

SEC$USER_NAME SYSDBA
. . .
SEC$PLUGIN Legacy_UserManager

SEC$USER_NAME SYSDBA
. . .
SEC$PLUGIN Srp

SQL> drop user sysdba using plugin Srp;
Statement failed, SQLSTATE = 42000
Dynamic SQL Error
-attempted update on read-only database

SQL> drop user foo using plugin Srp;
Statement failed, SQLSTATE = 42000
Dynamic SQL Error
-attempted update on read-only database

It will be useful to have ability create/alter/drop users by granting this priviledge to some user (for example, from HR department), but without giving to him any other rights.
Ideally he must be able only to establish connect to some read-only DB.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant