具有授予权限的firebird用户无法访问表

时间:2013-10-23 09:07:00

标签: database firebird privileges role jaybird

我通过jaybird创建了一个Firebird用户(PIPPO),跟随gsec“display”:

GSEC> di
     user name                    uid   gid admin     full name
------------------------------------------------------------------------------------------------
SYSDBA                              0     0           Sql Server Administrator
PIPPO                               0     0           GesAll 1.0 User
GSEC>

我在Firebird DB中创建了一个角色(GESALLDB_USER)并授予了一些权限:

SQL> show grant;

/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COPPIE TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_CONFIGURAZIONE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_SOGGETTI TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DEPOSIZIONI TO ROLE GESALLDB_USER
GRANT GESALLDB_USER TO PIPPO
SQL>

通过jaybird(之前的最后一行)将此角色授予新用户:

问题在于,每当我尝试运行查询时,我都收到了消息:

SQL> select * from anelli;
Statement failed, SQLSTATE = 28000
no permission for read/select access to TABLE ANELLI
SQL>

如果我直接将TABLE授予新创建的用户,一切正常。

SQL> grant all on anelli to pippo;
SQL> show grant;

/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO USER PIPPO

SQL> connect "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb" user "p
ippo" password "topolino";
Commit current transaction (y/n)?y
Committing.
Server version:
WI-V2.5.2.26540 Firebird 2.5
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
Database:  "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb", User: pi
ppo
SQL> select * from anelli;

PROGRESSIVO FEDERAZIONE RNA TIPO ANNO INIZIO FINE ATTIVA   LAST_USED

============ =========== ====== ====== ====== ====== ====== ============ ====== = 

       1 FOI         89LR   E      2012              1          100 N
      0
       2 FOI         89LR   E      2013              1          100 S
     41

对此有何帮助?

感谢Gianluca。

1 个答案:

答案 0 :(得分:7)

在Firebird中,仅在连接到数据库时指定了该角色时才应用分配给角色的权限。换句话说,如果用户具有角色,则该用户不会自动获得该角色的权限。用户需要明确指出要使用的角色,否则只有分配给PUBLIC的权限和用户本身适用。

对于ISQL,CONNECT specification是:

CONNECT database name [user username] [password password] [role role_name];

因此,对于您的具体示例,请使用:

SQL> connect "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb" user "p
ippo" password "topolino" role GESALLDB_USER;

由(单引号或双引号)引号括起的角色名称区分大小写。因此,使用role 'gesalldb_user'GESALLDB_USER角色不匹配,而role gesalldb_user则会。这类似于Firebird中其他双引号对象名(如表和列名)的规则。

这在使用驱动程序或访问组件时也适用,但确切的配置和属性名称可能会有所不同(例如,对于Jaybird,属性为roleNamesqlRole)。

相关问题
最新问题