On 09-02-2021 15:52, Alex Peshkoff via Firebird-devel wrote:
On 2/9/21 5:42 PM, Mark Rotteveel wrote:
I'm working on the Firebird 3 Language Reference, and I'm currently
writing documentation for SET TRUSTED ROLE. I have tried reading the
Firebird 3 release notes, and a Google-translated version of the
Russian Firebird 3 Language Reference, but the meaning and intent of
this feature is unclear to me.
Please first of all read (in doc/sql.extensions/) README.mapping.html &
README.set_role.
They contain answers to your questions, but if something remains unclear
anyway, I'll be glad to answer.
README.set_role.txt is not helpful. The README.mapping.html is also not
really explicit about trusted roles, the only mention of trusted roles
is this example:
"""
Map windows group to trusted firebird role:
CREATE MAPPING WINGROUP1 USING PLUGIN WIN_SSPI FROM GROUP GROUP_NAME TO
ROLE ROLE_NAME;
"""
Exactly what makes this a trusted role?
If I read between the lines, this would indicate that mapping TO ROLE
_role_name_ is what defines a "trusted role", which would mean it does
not actually update CURRENT_ROLE, which would contradict what is
documented in the Firebird 3 release notes:
"""
The single solution for all such cases is mapping the login information
assigned to a user when it connects to a Firebird server to internal
security objects in a database — CURRENT_USER and CURRENT_ROLE.
"""
It also seems to contradict documentation in the Russian Firebird 3
Language Reference (page 508), which indicates that ALTER ROLE RDB$ADMIN
SET AUTO ADMIN MAPPING is a equivalent to:
```
CREATE MAPPING WIN_ADMINS
USING PLUGIN WIN_SSPI
FROM Predefined_Group DOMAIN_ANY_RID_ADMINS
TO ROLE RDB$ADMIN
```
While SET AUTO ADMIN MAPPING will apply RDB$ADMIN automatically if no
explicit role is specified on connect.
In other words, does my confusion derive from the fact the Firebird 3
release notes say that CREATE MAPPING ... TO ROLE ... updates the
CURRENT_ROLE, while in fact it does no such thing?
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel