为什么Firebird 2.5.8在SELECT CURRENT_ROLE上不返回NONE? [英] Why does Firebird 2.5.8 return NONE on SELECT CURRENT_ROLE?
问题描述
根据我的问题在这里 如何撤消授予的角色Firebird 2.5.8上的另一个用户?
Following on from my question here How to REVOKE ROLE GRANTED BY another user on Firebird 2.5.8?
和@Arioch的有用建议,用于在命令之前查询实际连接了什么ROLE.
and @Arioch's helpful suggestion to query what ROLE is actually connected prior to the command.
SELECT CURRENT_ROLE FROM RDB$DATABASE
现在,尽管我的连接字符串明确使用"ROLE = RDB $ ADMIN",但在gsec中检查给定用户具有admin选项,当我运行命令时结果为NONE.这是使用Firebird ADO.NET FirebirdSql.Data.FirebirdClient接口v6.6.
Now despite my connection string explicitly using "ROLE=RDB$ADMIN", checking in gsec that the given user has admin option, when I run the command the result is NONE. This was using the Firebird ADO.NET FirebirdSql.Data.FirebirdClient interface v6.6.
因此,我使用FlameRobin进行了类似的检查,并使用相同的用户和指定的RDB $ ADMIN ROLE登录,结果是相同的:
So I performed a similar check by using FlameRobin, logging in with the same user and the RDB$ADMIN ROLE specified, and the result is the same:
有什么主意我为什么做错了为什么不返回"RDB $ ADMIN"?
Any ideas what I am doing wrong as to why this is not returning 'RDB$ADMIN'?
推荐答案
在特定数据库中授予用户权限后,该特定数据库中的用户必须是RDB $ ADMIN,并且必须指定connect上的角色.用户在GSEC中具有管理员角色仅意味着该用户在安全性数据库中具有管理员角色.这并不意味着他们在特定数据库中具有管理员角色.
As user rights are granted in a specific database, the user must be RDB$ADMIN in that specific database and must specify the role on connect. That a user has the admin role in GSEC only means that a user has the admin role in the security database. That doesn't mean they have the admin role in a specific database.
CURRENT_ROLE返回NONE的事实意味着用户未指定角色,或者未在当前数据库中被授予RDB $ ADMIN角色.
The fact CURRENT_ROLE returns NONE means that the user either didn't specify a role, or hasn't been granted the RDB$ADMIN role in the current database.
要引用 Firebird语言参考,用户身份验证,RDB $ ADMIN角色:
内部创建的角色RDB $ ADMIN存在于每个数据库中. 将RDB $ ADMIN角色分配给数据库中的常规用户将授予 该用户仅在当前数据库中具有SYSDBA的特权.
The internally-created role RDB$ADMIN is present in every database. Assigning the RDB$ADMIN role to a regular user in a database grants that user the privileges of the SYSDBA, in the current database only.
提升的特权在用户登录后生效 RDB $ ADMIN角色下的常规数据库,并完全控制 数据库中的所有对象.
The elevated privileges take effect when the user is logged in to that regular database under the RDB$ADMIN role and give full control over all objects in the database.
在安全性数据库中被授予RDB $ ADMIN角色后, 创建,编辑和删除用户帐户的权限.
Being granted the RDB$ADMIN role in the security database confers the authority to create, edit and delete user accounts.
和
要通过SQL管理用户帐户,受赠方必须指定 连接时具有RDB $ ADMIN角色.没有用户可以连接到安全性 数据库,因此解决方案是用户连接到常规数据库 他还拥有RDB $ ADMIN权限的数据库,提供RDB $ ADMIN 他的登录参数中的角色.从那里,他可以提交任何SQL用户 管理命令.
To manage user accounts through SQL, the grantee must specify the RDB$ADMIN role when connecting. No user can connect to the security database, so the solution is that the user connects to a regular database where he also has RDB$ADMIN rights, supplying the RDB$ADMIN role in his login parameters. From there, he can submit any SQL user management command.
对于该用户所在的任何数据库,该用户的SQL路由均被阻止 没有被授予RDB $ ADMIN角色.
The SQL route for the user is blocked for any database in which he has not been the granted the RDB$ADMIN role.
GRANT ADMIN ROLE子句仅适用于安全性数据库(特别适用于CREATE/ALTER/DROP USER SQL用户管理语句),并且仅当用户通过普通数据库连接时,该数据库也具有RDB $ ADMIN角色,该角色指定了该角色.连接.
The GRANT ADMIN ROLE clause applies only to the security database (specifically for the CREATE/ALTER/DROP USER SQL user management statements), and only if the user connects through a normal database where they also have the RDB$ADMIN role specifying that role on connect.
要在特定数据库中授予用户管理员特权,需要使用以下方式在该特定数据库中授予他们该角色:
To grant a user administrator privileges in a specific database, they need to have been granted that role - in that specific database - using:
GRANT [ROLE] RDB$ADMIN TO username
他们需要指定connect上的角色.
And they need to specify the role on connect.
这篇关于为什么Firebird 2.5.8在SELECT CURRENT_ROLE上不返回NONE?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
