GRANT ADMIN ROLE (in CREATE USER statement) can be specified only before 'USING
PLUGIN' if clause TAGS present
--------------------------------------------------------------------------------------------------------------
Key: CORE-5826
URL: http://tracker.firebirdsql.org/browse/CORE-5826
Project: Firebird Core
Issue Type: Bug
Components: Engine, Security
Affects Versions: 3.0.3, 4.0 Alpha 1
Reporter: Pavel Zotov
Consider following samples:
SQL> create user foo password '123' grant admin role using plugin Srp;
SQL> drop user foo using plugin srp;
SQL> create user foo password '123' using plugin Srp grant admin role;
SQL> drop user foo using plugin Srp;
-- all above will be performed without errors.
Note that we can specify 'GRANT ADMIN ROLE' both *before* and *after* 'USING
PLUGIN' clause.
This also works Ok:
SQL> create user foo password '123' grant admin role using plugin Srp tags(
key1 = 'val1' );
SQL> drop user foo using plugin srp;
But this fails:
SQL> create user foo password '123' using plugin Srp tags( key1 = 'val1' )
grant admin role;
Statement failed, SQLSTATE = 42000
Dynamic SQL Error
-SQL error code = -104
-Token unknown - line 1, column 71
-grant
So, 'GRANT ADMIN ROLE' can be specified only BEFORE 'using plugin Srp' if TAGS
clause present in the statement.
It seems that this contradicts to syntax from langref30.pdf & langref40.pdf
(unfortunately, this docs still only in russian):
CREATE USER username PASSWORD 'password'
[FIRSTNAME 'firstname']
[MIDDLENAME 'middlename']
[LASTNAME 'lastname']
[ACTIVE | INACTIVE]
[USING PLUGIN pluginname] --------------------------------- [1]
[TAGS (<tag>[, <tag>[, <tag>...]] )]
[GRANT ADMIN ROLE] ------------------------------------------ [2]
Checked on:
* WI-V3.0.4.32972
* WI-T4.0.0.977
PS.
Please look in:
*
https://firebirdsql.org/file/documentation/reference_manuals/user_manuals/html/qsg3-config.html#qsg3-config-gsec
*
https://firebirdsql.org/file/documentation/reference_manuals/user_manuals/Firebird-3-QuickStart.pdf
* %FB_HOME%\doc\sql.extensions\README.user_management
IMO, existing documentation of 'CREATE/ALTER USER' should explicitly point
about necessity of USING PLUGIN clause if we want to use any new features that
appeared in 3.0+ (TAGS clause; ALTER USER INACTIVE / ACTIVE etc). All of them
will be ignored if user is created / altered with legacy plugin.
Currently we have only phrase: "*some* options are ignored when using legacy
user management plugin." (see
%FB_HOME%\doc\sql.extensions\README.user_management )
Only langref30.pdf & langref40.pdf (rus) have warnings about necessity to use
plugin that differs from legacy one
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
