8

我通过 jaybird 创建了一个 Firebird 用户(PIPPO),遵循 gsec“显示”:

GSEC> di
     user name                    uid   gid admin     full name
------------------------------------------------------------------------------------------------
SYSDBA                              0     0           Sql Server Administrator
PIPPO                               0     0           GesAll 1.0 User
GSEC>

我在 Firebird DB 中创建了一个角色(GESALLDB_USER)并授予了一些权限:

SQL> show grant;

/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COPPIE TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_CONFIGURAZIONE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_SOGGETTI TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DEPOSIZIONI TO ROLE GESALLDB_USER
GRANT GESALLDB_USER TO PIPPO
SQL>

我通过 jaybird(之前的最后一行)将此角色授予新用户:

问题是,每当我尝试运行查询时,都会收到以下消息:

SQL> select * from anelli;
Statement failed, SQLSTATE = 28000
no permission for read/select access to TABLE ANELLI
SQL>

如果我直接将 TABLE 授予新创建的用户,一切正常。

SQL> grant all on anelli to pippo;
SQL> show grant;

/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO USER PIPPO

SQL> connect "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb" user "p
ippo" password "topolino";
Commit current transaction (y/n)?y
Committing.
Server version:
WI-V2.5.2.26540 Firebird 2.5
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
Database:  "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb", User: pi
ppo
SQL> select * from anelli;
 PROGRESSIVO FEDERAZIONE RNA    TIPO   ANNO         INIZIO         FINE ATTIVA
  LAST_USED
============ =========== ====== ====== ====== ============ ============ ====== =
===========
           1 FOI         89LR   E      2012              1          100 N
          0
           2 FOI         89LR   E      2013              1          100 S
         41

对此有什么帮助吗?

4

1 回答 1

10

在 Firebird 3.0 和更早版本中,分配给角色的权限仅在连接到数据库时指定该角色时应用。换句话说,如果用户具有角色,则该用户不会自动获得该角色的权限。用户需要明确指出要使用的角色,否则只有分配给的权限PUBLIC和用户本身适用。

对于 ISQL,CONNECT规范是:

CONNECT database name [user username] [password password] [role role_name];

因此,对于您的具体示例,请使用:

SQL> connect "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb" user "p
ippo" password "topolino" role GESALLDB_USER;

用(单引号或双引号)括起来的角色名称区分大小写。所以 usingrole 'gesalldb_user'不会匹配角色GESALLDB_USER,而role gesalldb_user会。这就像 Firebird 中其他双引号对象名(如表和列名)的规则。

这也适用于使用驱动程序或访问组件时,但确切的配置和属性名称可能会有所不同(例如,对于 Jaybird,该属性是roleNamesqlRole)。

在 Firebird 4.0 及更高版本中,您可以将角色授予“默认角色”。即使未在连接上明确指定角色,也会自动应用默认角色的权限。

于 2013-10-23T10:38:41.177 回答