In Firebird 3.0 and earlier the rights assigned to a role are only applied when that role is specified when connecting to the database. In other words if a user has a role, that user does not automatically get the rights of that role. The user needs to explicitly indicate the role to use, otherwise only the rights assigned to PUBLIC
and the user itself apply.
For ISQL the CONNECT
specification is:
CONNECT database name [user username] [password password] [role role_name];
So for your specific example use:
SQL> connect "C:\Users\teiluke\Documents\Ondulati\DB\prova\gesalldb.fdb" user "p
ippo" password "topolino" role GESALLDB_USER;
Role names surrounded by (single or double) quotes are treated case sensitive. So using role 'gesalldb_user'
will not match a role GESALLDB_USER
, while role gesalldb_user
will. This is like the rules for other double quoted objectnames (like table and columnnames) in Firebird.
This also applies when using a driver or access component, but the exact configuration and property name might vary (eg for Jaybird the property is roleName
or sqlRole
).
In Firebird 4.0 and later, you can grant a role as a "default role". Privileges of default roles are automatically applied even when the role is not explicitly specified on connect.