MetriQ Online Training Videos)
|
Introduction > Database
Security (New MetriQ Online Training Videos) |
FAQ | |
 |
Changing the Administrator for your Database If you run MetriQ standalone, then there will in general be little point in you changing any of the advanced administration security features that come with Firebird and Interbase. However, if you share you computer with a co-worker, or are responsible for the maintenance of MetriQ in a client/server environment, then making your database more secure is certainly something to consider. Currently, when MetriQ installs, the default settings for the Firebird database are left untouched. However, at some point you may decide to add some of the more advanced security options for your database system. Using GSEC the Command line Security Utility: GSEC is a command-line utility that provides an interface to InterBase's security database. You must be SYSDBA or the super user (on Unix) to use GSEC. GSEC can be used interactively or from the command-line. The following table summarizes GSEC's commands.
Displaying users - The DISPLAY command will show all authorized users: First open GSEC - You must be the root administrator to perform this task! "C:\Program Files\FireBird\bin\gsec.exe"
-user sysdba -password masterkey Changing the password: "C:\Program Files\FireBird\bin\gsec.exe" -user
sysdba -password masterkey Adding a user - Use the ADD command to add new users to the security database. This example will add user BJONES with specified password. It also stores information for first and last names. GSEC add BJONES
-pw mypassword -fname Bobby -lname Jones user name uid
gid full name Modifying a user - The MODIFY command is used to change existing user information. This example updates the UserID and lastname for user BJONES GSEC modify
BJONES -uid 22 -fname Brad user name uid
gid full name Deleting
a user: GSEC delete
BJONES user name uid
gid full name Using Roles in conjunction with a User Creating a Role: CREATE ROLE FULL_ACCESS; //FULL_ACCESS in this instance is the name of the role we are creatng. Granting Privileges to a Role: When a role is created it has no privileges to any objects in the database. This follows the SQL security model of providing no access unless explicitly granted. To assign privileges to a role you must use the grant statement. The basic syntax for granting privileges to a role is: GRANT <priviliges> ON [TABLE] {tablename | viewname} TO rolename; To grant privileges to a role you must be: * SYSDBA Here are some examples of granting privileges to a role: GRANT ALL ON TEST_SCORES TO FULL_ACCESS; Granting a Role to a User: The syntax for granting a role to a user is: GRANT {rolename [, rolename ...]} TO {PUBLIC| {[USER]
username The WITH ADMIN OPTION clause permits users to grant the role to other users. If it is added to the end of the grant role statement then that user that has just been granted the role can grant the role to other users. For example, if USERA is granted the role DEVELOPER with the WITH ADMIN OPTION clause, then USERA can grant the DEVELOPER role to other users. The following example creates the role FULL_ACCESS, grants ALL privileges on the TEST_SCORES table to this role, and grants the role to user BJONES. CREATE ROLE FULL_ACCESS; BJones is connecting to the database without specifying the role FULL_ACCESS. BJones is denied access to the table TEST_SCORES, because only the role was granted privileges on table TEST_SCORES. SQL connect tempemployee.gdb user bjones password bjones; BJones now connects and specifies the FULL_ACCESS role. Since the role was granted ALL privileges on table TEST_SCORES, Bjones is allowed to select from the table. SQL connect tempemployee.gdb user bjones password bjones role full_access; Database: tempemployee.gdb, User: bjones, Role: full_access See also MetriQ Applet, Database Security, Connection Issues,Installing MetriQ, Firewalls, System Requirements, Troubleshooting, Multi-User Environment
Next: License Agreement
|
