Menu
▾
▴
Re: [Firebird-net-provider] Fb 3 connection string upgrade
|
From: Mark R. <ma...@la...> - 2016-05-04 11:29:12
|
On 2016-05-03 23:45, Kyle Green wrote: > Thank you, I have done as you suggested, and the connection string > works! > > However the user I created has no permissions, not even select > permissions: > > my log shows 5/3/2016 3:36:11 PM: no permission for SELECT access to > TABLE BLOGS ( and for every other attempt to access data) > > I had named my User "LegacyUser" (was that a mistake?). Then, while > attached to the database through FlameRobin, ran these: > > GRANT rdb$admin TO USER LegacyUser; > > Above did not allow access, so I tried this: > > ALTER USER LegacyUser GRANT ADMIN ROLE; > > Even after this, the error at the top still appears. > > I have always used SYSDBA account for my web applications, so I have > no experience with user accounts. > > What might be missing? You could just create a legacy SYSDBA (it might already exist, in which case you just need to change the password). However using SYSDBA for a (web) application is a bad idea, because it has all rights on all databases on the Firebird server. You should create a user that has the minimal rights necessary for your application to work. As to the specific problem : roles are only applied when you specify them on connect in the connection string (for Firebird .net provider property: Role=RDB$ADMIN) or - since 3.0 - after connect with SET ROLE. No role specified means that you only get the rights assigned to PUBLIC and the user itself. For RDB$ADMIN specifically, you can enable auto admin mapping, which means that the user will get the role implicitly when logged in. See http://www.firebirdsql.org/file/documentation/reference_manuals/fblangref25-en/html/fblangref25-security-auth.html#fblangref25-security-autoadminmapping But I'd strongly advise you to create a specific role with only the necessary rights. Mark |
