Thank you, I can connect and now have rights. I will try to follow your advice to sculpt a user (or role) with just the necessary rights.
Meanwhile, I have a couple of questions (should I start a different thread?) The created user appears to belong to the server, not the database, correct? I can create a role, will it belong to the server or the database? The role assignment appears to be assigned per database (but still must be passed in the connection string) During application development, I often recreate the entire database via isql script. It appears I should add some script lines to (create and?) assign the role to the user that will be used in the connection string, correct? and one last question, I don't see much about database "owners". Is that simply the account that was used to connect when the create database command is issued? Thanks, --- Kyle Green On 2016-05-04 04:29, Mark Rotteveel wrote: > On 2016-05-03 23:45, Kyle Green wrote: >> Thank you, I have done as you suggested, and the connection string >> works! >> >> However the user I created has no permissions, not even select >> permissions: >> >> my log shows 5/3/2016 3:36:11 PM: no permission for SELECT access to >> TABLE BLOGS ( and for every other attempt to access data) >> >> I had named my User "LegacyUser" (was that a mistake?). Then, while >> attached to the database through FlameRobin, ran these: >> >> GRANT rdb$admin TO USER LegacyUser; >> >> Above did not allow access, so I tried this: >> >> ALTER USER LegacyUser GRANT ADMIN ROLE; >> >> Even after this, the error at the top still appears. >> >> I have always used SYSDBA account for my web applications, so I have >> no experience with user accounts. >> >> What might be missing? > > You could just create a legacy SYSDBA (it might already exist, in which > case you just need to change the password). However using SYSDBA for a > (web) application is a bad idea, because it has all rights on all > databases on the Firebird server. You should create a user that has the > minimal rights necessary for your application to work. > > As to the specific problem : roles are only applied when you specify > them on connect in the connection string (for Firebird .net provider > property: Role=RDB$ADMIN) or - since 3.0 - after connect with SET ROLE. > No role specified means that you only get the rights assigned to PUBLIC > and the user itself. > > For RDB$ADMIN specifically, you can enable auto admin mapping, which > means that the user will get the role implicitly when logged in. See > http://www.firebirdsql.org/file/documentation/reference_manuals/fblangref25-en/html/fblangref25-security-auth.html#fblangref25-security-autoadminmapping > > But I'd strongly advise you to create a specific role with only the > necessary rights. > > Mark > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into multiple > tiers of > your business applications. It resolves application problems quickly > and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Firebird-net-provider mailing list > Firebird-net-provider@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/firebird-net-provider ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Firebird-net-provider mailing list Firebird-net-provider@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/firebird-net-provider
