Hello, I'd be very grateful if someone could repeat the scenario described below and confirm I'm not daydreaming (should take about 1 minute). I've tested it on FB 2.5.0.26074 CS (Linux 32 and 64 bit).
According to http://www.firebirdsql.org/refdocs/langrefupd25-security-sql-user-mgmt.html any user with RDB$ADMIN role in the security database and at least one other database should be able to create/alter/drop other users. If so, in my opinion the following scenario should complete without errors (creating a new database is not relevant, but I included it to make sure we start from a clean setup). 1. Run isql as SYSDBA and execute: create database 'test.fdb'; 2. Close isql, run it again and connect to test.fdb as sysdba (e.g. isql -user sysdba -password topsecret test.fdb) and execute: create user U1 password '1'; commit; alter user U1 grant admin role; commit; grant RDB$ADMIN to U1; commit; 3. Close isql. At this point, we have a user U1, who satisfies the requirements from the manual mentioned above. So, run isql again, connecting as the new user: isql -user U1 -password 1 -role 'RDB$ADMIN' test.fdb and execute: create user U2 password '1'; commit; alter user U2 password '2'; commit; The last alter user statement fails with message Statement failed, SQLSTATE = HY000 record not found for user: U2 However, the create user works fine (gsec shows, that U2 had been created). Any subsequent attempts to change U1 fail, though. Is there anything I'm missing? Should I somehow tell Firebird that, when connecting as U1, I'd like to assume admin role not only in test.fdb, but also in the security database? Any help appreciated. regards Tomasz -- __--==============================--__ __--== Tomasz Tyrakowski ==--__ __--== SOL-SYSTEM ==--__ __--== http://www.sol-system.pl ==--__ __--==============================--__
