我通过jaybird创建了一个Firebird用户(PIPPO),遵循gsec"display":
GSEC> di
user name uid gid admin full name
------------------------------------------------------------------------------------------------
SYSDBA 0 0 Sql Server Administrator
PIPPO 0 0 GesAll 1.0 User
GSEC>
我在 Firebird DB 中创建了一个角色 (GESALLDB_USER) 并授予了一些权限:
SQL> show grant;
/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COPPIE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_CONFIGURAZIONE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_SOGGETTI TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DEPOSIZIONI TO ROLE GESALLDB_USER
GRANT GESALLDB_USER TO PIPPO
SQL>
我通过 jaybird 将此角色授予新用户(之前的最后一行):
问题是,每当我尝试运行查询时,我都会收到消息:
SQL> select * from anelli;
Statement failed, SQLSTATE = 28000
no permission for read/select access to TABLE ANELLI
SQL>
如果我直接将 TABLE 授予新创建的用户,一切正常。
SQL> grant all on anelli to pippo;
SQL> show grant;
/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO USER PIPPO
SQL> connect "C:UsersteilukeDocumentsOndulatiDBprovagesalldb.fdb" user "p
ippo" password "topolino";
Commit current transaction (y/n)?y
Committing.
Server version:
WI-V2.5.2.26540 Firebird 2.5
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
Database: "C:UsersteilukeDocumentsOndulatiDBprovagesalldb.fdb", User: pi
ppo
SQL> select * from anelli;
PROGRESSIVO FEDERAZIONE RNA TIPO ANNO INIZIO FINE ATTIVA
LAST_USED
============ =========== ====== ====== ====== ============ ============ ====== =
===========
1 FOI 89LR E 2012 1 100 N
0
2 FOI 89LR E 2013 1 100 S
41
对此有任何帮助吗?
在 Firebird 3.0 及更早版本中,分配给角色的权限仅在连接到数据库时指定该角色时才应用。换句话说,如果用户具有角色,则该用户不会自动获得该角色的权限。用户需要明确指示要使用的角色,否则仅分配给PUBLIC和用户本身的权限适用。
对于 ISQL,CONNECT规范为:
CONNECT database name [user username] [password password] [role role_name];
因此,对于您的特定示例,请使用:
SQL> connect "C:UsersteilukeDocumentsOndulatiDBprovagesalldb.fdb" user "p
ippo" password "topolino" role GESALLDB_USER;
用(单引号或双引号)括起来的角色名称区分大小写。因此,使用role 'gesalldb_user'与角色GESALLDB_USER不匹配,而role gesalldb_user会。这就像 Firebird 中其他双引号对象名(如表名和列名)的规则。
这也适用于使用驱动程序或访问组件的情况,但确切的配置和属性名称可能会有所不同(例如,对于 Jaybird,属性为 roleName 或 sqlRole )。
在 Firebird 4.0 及更高版本中,您可以将角色授予为"默认角色"。即使未在连接时显式指定角色,也会自动应用默认角色的权限。