revoke user from role is impossible if rolen name is reserved word (SYSDBA) [CORE6383] #6622
Comments
Modified by: Frank Reim (dataspider)security: Developers [ 10012 ] => |
|
Commented by: @hvlad Try to run REVOKE statement using embedded connection, i.e. don't start Firebird server and use local connection string. BTW, except of not needed record(s) in rdb$user_privileges - what real problems it creates ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: Frank Reim (dataspider)
Last week I did an upgrade of all my databases from 2,59 to 3.07.
At some point I managed to create a role "SYSDBA".
The basic version of my databases goes back to version 1.5.
Unfortunately, I have only now discovered, that ther is a wrong record in table rdb$user_privileges.
rdb$user = 'AISSYSTEM'
rdb$relation_name = 'SYSDBA'
Because rdb$user_privileges is now readonly, I tryed:
revoke sysdba from aissystem
The error message:
This operation is not defined for system tables.
unsuccessful metadata update.
REVOKE failed.
SQL role SYSDBA does not exist.
Creating the role "SYSDBA" is prohibited.
And now I don' t see any possibility to clean up my databases.
The solution should be:
the command: revoke "ROLE" from "USER" should delete the record from rdb$user_privileges if role does not exists but a record exists.
Frank Reim
The text was updated successfully, but these errors were encountered: