On 5/11/22 19:40, Adriano dos Santos Fernandes wrote:
On 11/05/2022 11:55, Roman Simakov wrote:
Can you make up or describe a potential case of the situation?
Undoubtedly the feature would be useful but we've lived without it for
all the time.
In the profiler, I will create a role, the tables and views in another
connection. I'll grant privileges to the role and default grant the role
to public (currently not working due to #7178, so I'm testing with
another user instead of public).
But the user connection is already made and is going to use the profiler.
Now I need to see what is its current_role, then "set role plg$profiler"
(or any other role different than current), then "set role
old_current_role" to refresh the current roles.
If a role is revoked from a user, it will affect the
next attachment only, won't it?
I think this can be considered as a not well defined behavior and
changeable, but anyway, if there is simple command to refresh the active
roles instead of automatically, it's not going to be a problem.
If select from some table is revoked from firebird user it will not
affect running requests.
If OS (at least *nix family) user opened file but later access to that
file was revoked from him existing file descriptor remains valid.
I.e. lets not try to make all and any access rights changes propagate
automatically.
On the other hand I see no problems if we have dedicated command
peforming desired action. Suggest syntax:
SET ROLE
without parameters. (but not insist on it)
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
