Firebird 5.0 - Grant privileges to Windows groups instead of single users #8352
Comments
Yes, it is known issue, see #6271
It doesn't work this way.
No, directly it is not possible.
I've doubt it works correctly when client and server are on different hosts. |
Hello everyone,
now that i have created mappings for my application, i want to be able to sign on to this application with a specific role in mind for a specific subset of users.
My mappings assign users of Windows domain groups to their specific role, but almost every user is in 2 or more groups. This results in multiple mapping errors and i have thought about solving that by connecting to the Firebird server with a specific role stated. This idea stems from reading the Documentation stating: "For roles, the role defined by a mapping rule is only applied when the user does not explicitly specify a role on connect.".
Now i have tried a lot with the Grant command, because i would like to grant my Windows domain groups the privilege of using certain roles. As far as i can tell the syntax supports the idea of creating something like my idea entails. The documentation states: "GROUP Unix_group" as a potential grantee.
An example command i would like to use looks like this:
GRANT ROLE_ADMIN TO GROUP "domain\Windows group";
or
GRANT ROLE_ADMIN TO "domain\Windows group";
Since it works to create mappings for Windows groups and granting roles to single users, id be surprised if granting a role to a windows group doesnt work. Is it possible to assign a Role to a Windows group? Or is it exclusively supported for Unix groups?
The text was updated successfully, but these errors were encountered: