Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#102 Separate User and Role options in Privileges dialog

open
nobody
None
5
2012-10-20
2007-11-13
Dave Albiston
No

If I use the grant/revoke privileges utility to grant privileges on a table to a role, FR(?) treats the role as a user. It appears to work because the rolename appears in the list but users with that role do not get the privileges.

0.8.1 on Windows

Discussion

  • Milan Babuskov
    Milan Babuskov
    2007-11-21

    Logged In: YES
    user_id=1940200
    Originator: NO

    Roles do work as users, i.e. GRANTing the privileges works the same for roles and users (and you should also try to aviod having the same username and role).

    Please note that roles are not 'user groups'. If you grant something to the role, users that have that role granted do not gain the privileges. When user wants to use a role's privilege, (s)he needs to connect under that role (in Connect As dialog, you can choose a role).

    This is just the way roles work in Firebird and is not FlameRobin specific.

     
  • Dave Albiston
    Dave Albiston
    2007-11-21

    Logged In: YES
    user_id=1206258
    Originator: YES

    Milan

    When assigning or revoking privileges to a role, you get different results using upper case and lower case. When entering a valid role name in upper case the privilege is granted to the role. In lower case, it is granted to a (non existent) user.

    That's the problem I was trying to describe. I just noticed the upper/lower case aspect.

    Dave

     
  • Milan Babuskov
    Milan Babuskov
    2007-11-21

    Logged In: YES
    user_id=1940200
    Originator: NO

    Yes, the field in dialog is case sensitive. Technically, this is not a bug, so I'll move it into feature requests.

    We should separate the User and Role into two options (radio buttons) in dialog, and provide a dropdown list for roles. Then the FR user would only be able to select a valid role and such confusion will be avoided.

     
  • Milan Babuskov
    Milan Babuskov
    2007-12-20

    Logged In: YES
    user_id=1940200
    Originator: NO

    The entry box is no longer quoted, thus it is no longer case sensitive (this is a side-effect of fixing another bug), so it now works the way you expected initially. (Still, separation of users and roles might be a good idea)

     


Anonymous


Cancel   Add attachments