Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implicitly active roles (and their permissions summarized) [CORE751] #1125

Closed
firebird-automations opened this issue Sep 17, 2003 · 18 comments
Closed

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @pcisar

Is duplicated by CORE2610
Is replaced by CORE1815

Votes: 13

SFID: 807938#⁠
Submitted By: pcisar

Database rights can be assigned to Groups. Groups can be assigned to users. The resulting user database rights are the combination of the group rights as well as user rights. All this must work without roles.

====== Test Details ======

See test for CORE1815

@firebird-automations
Copy link
Collaborator Author

Commented by: Alice F. Bird (firebirds)

Date: 2004-10-22 00:43
Sender: smace
Logged In: YES
user_id=522214

I know an easy way of doing "Groups of grants" in Firebird.

--

One way is adding RDB$GROUPS table like RDB$ROLES.

CREATE TABLE RDB$GROUPS (
RDB$GROUP_NAME CHAR(31) CHARACTER SET UNICODE_FSS,
RDB$OWNER_NAME CHAR(31) CHARACTER SET UNICODE_FSS
);

And then replacing RDB$SECURITY_CLASSES by one View instead of table. This view catches all data from RDB$RELATION_FIELDS and *automatically adds grants (from the groups) (thought one select, union (whatever). I belive. It's not so hard doing. As you can see. So, I'd like to implement it. But I am not sure about changing RDB$ tables. And how we can add it to the default firebird distro.

@firebird-automations
Copy link
Collaborator Author

Commented by: Alice F. Bird (firebirds)

Date: 2004-07-29 21:58
Sender: smace
Logged In: YES
user_id=522214

I'd like to have Firebird behaving this way:

- accepting multiple roles at the same time.
- having an option for switch between passive roles and active roles. (one gets effective just by specifing it to a user, the other must be specified during the connection to the DB)
- groups of roles. ie. grant a role to another role. (when you grant a "master role" to a user, this user will have all privileges of all roles granted to the "master role".

Is the same thing you want? If yes, how can we implement it?

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Component: Security [ 10071 ]

assignee: Alexander Peshkov [ alexpeshkoff ]

SF_ID: 807938 =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 10775 ] => Firebird [ 15148 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Link: This issue is duplicated by CORE2610 [ CORE2610 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: Jacques (zerocool)

where can i find a step by step guide to implment the above.

I am looking into building a security model, and from there, granting roles to users, which the users can use to see data as needed.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

If you need "granting roles to users, which the users can use to see data as needed" this already works in firebird.

Noone will write you step by step guide - it's easier to write required program, but even to provide generic advice what to start with I need to get full understanding what you really need.

@firebird-automations
Copy link
Collaborator Author

Modified by: Sean Leyne (seanleyne)

description: SFID: 807938#⁠
Submitted By: pcisar

Database rights can be assigned to Groups. Groups can
be assigned to users. The resulting user database
rights are the combination of the group rights as well
as user rights. All this must work without roles.

=>

SFID: 807938#⁠
Submitted By: pcisar

Database rights can be assigned to Groups. Groups can be assigned to users. The resulting user database rights are the combination of the group rights as well as user rights. All this must work without roles.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 4.0 Beta 1 [ 10750 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @romansimakov

Recently implemented ability to grant a role to another role (CORE1815) covers this feature in case of using DEFAULT ROLE. I guess this ticket can be closed.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Link: This issue is replaced by CORE1815 [ CORE1815 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Alexander Peshkov [ alexpeshkoff ] => Roman Simakov [ roman-simakov ]

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 4.0 Alpha 1 [ 10731 ]

Fix Version: 4.0 Beta 1 [ 10750 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

summary: Groups of users and rights => Implicitly active roles (and their permissions summarized)

@firebird-automations
Copy link
Collaborator Author

Commented by: @sim1984

Please add a description of the system functions RDB$ROLE_IN_USE in README.cumulative_roles.txt file.

@firebird-automations
Copy link
Collaborator Author

Commented by: @romansimakov

f9c8887

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: Covered by another test(s)

Test Details: See test for CORE1815

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants