grant create database to ROLE doesn`t work: "no permission for CREATE access to
DATABASE ..."
---------------------------------------------------------------------------------------------
Key: CORE-4821
URL: http://tracker.firebirdsql.org/browse/CORE-4821
Project: Firebird Core
Issue Type: Bug
Components: Security
Reporter: Pavel Zotov
Prepare:
=======
set bail on;
shell del c:\temp\e30_bill_scott.fdb 2>nul;
set wng off;
set term ^;
execute block as
begin
begin execute statement 'drop role db_creator'; when any do begin end end
end^
set term ;^
commit;
create or alter user bill_scott password '123';
create role db_creator;
commit;
revoke all on all from bill_scott;
revoke all on all from role db_creator;
commit;
grant create database to role db_creator;
grant db_creator to bill_scott;
--grant rdb$admin to bill_scott;
commit;
show grants;
commit;
EXIT;
Output:
======
/* Grant permissions for this database */
GRANT DB_CREATOR TO BILL_SCOTT
GRANT CREATE DATABASE TO ROLE DB_CREATOR
Run:
====
set bail on;
set echo on;
connect 'localhost/3333:e30' user 'bill_scott' password '123' role 'DB_CREATOR';
set list on; select current_user, current_role, m.*, a.* from mon$database m
join mon$attachments a on a.mon$attachment_id = current_connection;
commit;
create database 'localhost/3333:c:\temp\e30_bill_scott.fdb' user 'bill_scott'
password '123' role 'DB_CREATOR';
commit;
set list on; select current_user, current_role, m.*, a.* from mon$database m
join mon$attachments a on a.mon$attachment_id = current_connection;
commit;
drop database;
STDOUT:
========
connect 'localhost/3333:e30' user 'bill_scott' password '123' role 'DB_CREATOR';
set list on; select current_user, current_role, m.*, a.* from mon$database m
join mon$attachments a on a.mon$attachment_id = current_connection;
USER BILL_SCOTT
ROLE DB_CREATOR
MON$DATABASE_NAME C:\FBTESTING\qa\fbt-repo\tmp\E30.fdb
. . .
MON$OWNER SYSDBA
MON$SEC_DATABASE Default
. . .
MON$USER BILL_SCOTT
MON$ROLE DB_CREATOR
MON$REMOTE_PROTOCOL TCPv4
MON$REMOTE_ADDRESS 127.0.0.1
. . .
MON$REMOTE_PROCESS C:\1INSTALL\FIREBIRD\fb30sS\isql.exe
MON$CLIENT_VERSION WI-T3.0.0.31845 Firebird 3.0 Beta 2
MON$REMOTE_VERSION P13
MON$REMOTE_HOST balaha
MON$REMOTE_OS_USER john smith
MON$AUTH_METHOD Srp
MON$SYSTEM_FLAG 0
commit;
create database 'localhost/3333:c:\temp\e30_bill_scott.fdb' user 'bill_scott'
password '123' role 'DB_CREATOR';
========
STDERR:
========
Statement failed, SQLSTATE = 28000
no permission for CREATE access to DATABASE C:\TEMP\E30_BILL_SCOTT.FDB
(on attempt to perform statement: "create database
'localhost/3333:c:\temp\e30_bill_scott.fdb' user 'bill_scott' password '123'
role 'DB_CREATOR';").
PS. firebird.conf:
===
RemoteServicePort = 3330
SharedCache = false
SharedDatabase = true
DefaultDbCachePages = 256
AuthClient = Srp,Legacy_Auth,Win_Sspi
AuthServer = Srp,Legacy_Auth
ExternalFileAccess = Restrict C:\1INSTALL\FIREBIRD\FB30SNAP
FileSystemCacheThreshold = 65536K
LockHashSlots = 22111
MaxUserTraceLogSize = 99999
UserManager = Srp
#WireCrypt = Disabled
===
FB version: WI-T3.0.0.31845
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
