具有授予权限的firebird用户无法访问表

Question

具有授予权限的firebird用户无法访问表

Gia*_*ato 7 database privileges firebird role jaybird

我通过jaybird创建了一个Firebird用户(PIPPO),跟随gsec"display":

GSEC> di
     user name                    uid   gid admin     full name
------------------------------------------------------------------------------------------------
SYSDBA                              0     0           Sql Server Administrator
PIPPO                               0     0           GesAll 1.0 User
GSEC>

我在Firebird DB中创建了一个角色(GESALLDB_USER)并授予了一些权限:

SQL> show grant;

/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COPPIE TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_CONFIGURAZIONE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_COVE TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DATI_SOGGETTI TO ROLE GESALLDB_USER
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON DEPOSIZIONI TO ROLE GESALLDB_USER
GRANT GESALLDB_USER TO PIPPO
SQL>

通过jaybird(之前的最后一行)将此角色授予新用户:

问题是每当我尝试运行查询时,我收到了消息:

SQL> select * from anelli;
Statement failed, SQLSTATE = 28000
no permission for read/select access to TABLE ANELLI
SQL>

如果我直接将TABLE授予新创建的用户,一切正常.

SQL> grant all on anelli to pippo;
SQL> show grant;

/* Grant permissions for this database */
GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO ROLE GESALLDB_USER

GRANT DELETE, INSERT, SELECT, UPDATE, REFERENCES ON ANELLI TO USER PIPPO

SQL> connect "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb" user "p
ippo" password "topolino";
Commit current transaction (y/n)?y
Committing.
Server version:
WI-V2.5.2.26540 Firebird 2.5
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
WI-V2.5.2.26540 Firebird 2.5/XNet (E7441EA1CA2CF4)/P12
Database:  "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb", User: pi
ppo
SQL> select * from anelli;

Run Code Online (Sandbox Code Playgroud)

PROGRESSIVO FEDERAZIONE RNA TIPO ANNO INIZIO FINE ATTIVA LAST_USED

============ =========== ====== ====== ====== ========= === ============ ====== =

       1 FOI         89LR   E      2012              1          100 N
      0
       2 FOI         89LR   E      2013              1          100 S
     41

Run Code Online (Sandbox Code Playgroud)

对此有何帮助？

谢谢Gianluca.

Answer 1

Mar*_*eel 8

在Firebird中,仅在连接到数据库时指定了该角色时才应用分配给角色的权限.换句话说,如果用户具有角色,则该用户不会自动获得该角色的权限.用户需要明确指出要使用的角色,否则仅PUBLIC应用分配给用户的权限和用户本身.

对于ISQL,CONNECT规范是:

CONNECT database name [user username] [password password] [role role_name];

Run Code Online (Sandbox Code Playgroud)

因此,对于您的具体示例使用:

SQL> connect "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb" user "p
ippo" password "topolino" role GESALLDB_USER;

Run Code Online (Sandbox Code Playgroud)

由(单引号或双引号)引号括起的角色名称区分大小写.所以使用role 'gesalldb_user'将不会匹配角色GESALLDB_USER,而role gesalldb_user将.这类似于Firebird中其他双引号对象名(如表和列名)的规则.

这在使用驱动程序或访问组件时也适用,但确切的配置和属性名称可能会有所不同(例如,对于Jaybird,属性是roleName或sqlRole).

归档时间：	12 年前
查看次数：	13249 次
最近记录：	12 年前