2020-04-08 13:17:02 +02:00
|
|
|
SQL Language Extension: CREATE/ALTER/CREATE_OR_ALTER/RECREATE/DROP USER
|
2008-05-12 18:09:30 +02:00
|
|
|
|
|
|
|
Implements capability to manage users from regular database attachment.
|
|
|
|
|
2013-12-17 16:49:10 +01:00
|
|
|
|
2008-05-12 18:09:30 +02:00
|
|
|
Author:
|
|
|
|
Alex Peshkoff <peshkoff@mail.ru>
|
|
|
|
|
2013-12-17 16:49:10 +01:00
|
|
|
|
2008-05-12 18:09:30 +02:00
|
|
|
Syntax is:
|
|
|
|
|
2020-04-08 13:17:02 +02:00
|
|
|
CREATE USER name [ options ];
|
|
|
|
ALTER USER name [ SET ] [ options ];
|
|
|
|
ALTER CURRENT USER [ SET ] [ options ];
|
|
|
|
CREATE OR ALTER USER name [ SET ] [ options ];
|
|
|
|
RECREATE USER name [ options ];
|
2016-03-22 17:31:44 +01:00
|
|
|
DROP USER name [ USING PLUGIN name ];
|
2008-05-12 18:09:30 +02:00
|
|
|
|
2016-03-28 11:03:26 +02:00
|
|
|
where OPTIONS is a list of following options:
|
2016-03-22 17:31:44 +01:00
|
|
|
- PASSWORD 'password'
|
2013-12-17 16:49:10 +01:00
|
|
|
- FIRSTNAME 'firstname'
|
|
|
|
- MIDDLENAME 'middlename'
|
|
|
|
- LASTNAME 'lastname'
|
|
|
|
- ACTIVE
|
|
|
|
- INACTIVE
|
2014-12-24 16:23:42 +01:00
|
|
|
- USING PLUGIN name
|
2020-04-08 13:17:02 +02:00
|
|
|
- TAGS ( tag [, tag [, tag ...]] )
|
2013-12-17 16:49:10 +01:00
|
|
|
|
|
|
|
and each TAG may have one of two forms:
|
2013-12-17 17:24:49 +01:00
|
|
|
name = 'string value'
|
2013-12-17 16:49:10 +01:00
|
|
|
or:
|
2013-12-17 17:24:49 +01:00
|
|
|
DROP name
|
|
|
|
where NAME is any valid SQL identifier.
|
2013-12-17 16:49:10 +01:00
|
|
|
|
|
|
|
|
2008-05-12 18:09:30 +02:00
|
|
|
Description:
|
|
|
|
|
2013-12-17 16:49:10 +01:00
|
|
|
Makes it possible to add, modify and delete users in security database using SQL language.
|
2008-05-12 18:09:30 +02:00
|
|
|
|
2013-12-17 16:49:10 +01:00
|
|
|
Firebird since version 3.0 supports multiple security databases. gsec utility and services API
|
2014-12-24 16:23:42 +01:00
|
|
|
do not support it and use of them to manage users is deprecated.
|
2008-05-12 18:09:30 +02:00
|
|
|
|
2019-04-13 20:21:56 +02:00
|
|
|
CREATE and DROP clauses are available only for SYSDBA (or other user, having USER_MANAGEMENT
|
|
|
|
privilege in security database). Ordinary user can ALTER his own password, wide names and tags.
|
|
|
|
Attempt to modify another user will fail. Also will fail an attempt to make yourself inactive or
|
|
|
|
active. In order to avoid typing your name each time simplified form ALTER CURRENT USER is present.
|
2008-05-12 18:09:30 +02:00
|
|
|
|
2013-12-17 16:49:10 +01:00
|
|
|
At least one of PASSWORD, FIRSTNAME, MIDDLENAME, LASTNAME, ACTIVE, INACTIVE or TAGS must be present
|
|
|
|
in ALTER USER statement. Also notice that PASSWORD clause is required when creating new user.
|
|
|
|
|
|
|
|
PASSWORD clause is enough self-descripting. Clauses FIRSTNAME, MIDDLENAME and LASTNAME too, but may
|
|
|
|
be also used to store any short information about user. Clauses INACTIVE/ACTIVE are used to disable
|
2014-12-24 16:23:42 +01:00
|
|
|
user's login to server not dropping it from the list and restoring that ability. USING PLUGIN clause
|
|
|
|
makes it possible to work with users not only with default management plugin (first listed in
|
|
|
|
UserManager parameter in firebird.conf) but also with others. gsec utility and services API do not
|
|
|
|
support multiple user management plugins - default one is always used.
|
2008-05-12 18:09:30 +02:00
|
|
|
|
2013-12-17 16:49:10 +01:00
|
|
|
TAGS is a list of end-user defined attributes. Length of the value should not exceed 255 bytes.
|
2014-01-27 08:14:10 +01:00
|
|
|
Assigning name some value sets new or modifies existing tag. To remove the tag use DROP option.
|
2013-12-17 16:49:10 +01:00
|
|
|
Setting a list of tags for the user keeps earlier set tags if they are not mentioned currently.
|
|
|
|
Notice - UID/GID, entered by deprecated gsec, are treated as tags in SQL interface.
|
2008-05-12 18:09:30 +02:00
|
|
|
|
2013-12-17 16:49:10 +01:00
|
|
|
To access list of users please select from virtual tables SEC$USERS and SEC$USER_ATTRIBUTES.
|
|
|
|
|
|
|
|
|
2014-12-24 16:23:42 +01:00
|
|
|
Samples (suppose UserManager=Srp,Legacy_UserManager in firebird.conf):
|
2013-12-17 16:49:10 +01:00
|
|
|
|
|
|
|
Generic:
|
2008-05-12 18:09:30 +02:00
|
|
|
CREATE USER alex PASSWORD 'test';
|
2013-12-17 16:49:10 +01:00
|
|
|
ALTER USER alex SET FIRSTNAME 'Alex' LASTNAME 'Peshkoff';
|
|
|
|
CREATE OR ALTER USER alex SET PASSWORD 'IdQfA';
|
2008-05-12 18:09:30 +02:00
|
|
|
DROP USER alex;
|
2014-12-24 16:23:42 +01:00
|
|
|
ALTER CURRENT USER SET PASSWORD 'SomethingLongEnough' USING PLUGIN srp;
|
2013-12-17 16:49:10 +01:00
|
|
|
|
|
|
|
Working with tags:
|
|
|
|
ALTER USER alex SET TAGS (a='a', b='b');
|
|
|
|
NAME VALUE
|
|
|
|
================ ==============================
|
|
|
|
A a
|
|
|
|
B b
|
|
|
|
|
|
|
|
ALTER USER alex SET TAGS (b='x', c='d');
|
|
|
|
NAME VALUE
|
|
|
|
================ ==============================
|
|
|
|
A a
|
|
|
|
B x
|
|
|
|
C d
|
|
|
|
|
|
|
|
ALTER USER alex SET TAGS (drop a, c='sample');
|
|
|
|
NAME VALUE
|
|
|
|
================ ==============================
|
|
|
|
B x
|
|
|
|
C sample
|
2014-01-27 08:14:10 +01:00
|
|
|
|
|
|
|
Displaying users' list:
|
|
|
|
SELECT CAST(U.SEC$USER_NAME AS CHAR(20)) LOGIN,
|
|
|
|
CAST(A.SEC$KEY AS CHAR(10)) TAG,
|
2014-12-24 16:23:42 +01:00
|
|
|
CAST(A.SEC$VALUE AS CHAR(20)) "VALUE",
|
2016-03-22 17:31:44 +01:00
|
|
|
U.SEC$PLUGIN "PLUGIN"
|
2014-01-27 08:14:10 +01:00
|
|
|
FROM SEC$USERS U LEFT JOIN SEC$USER_ATTRIBUTES A
|
2016-03-22 17:31:44 +01:00
|
|
|
ON U.SEC$USER_NAME = A.SEC$USER_NAME
|
|
|
|
AND U.SEC$PLUGIN = A.SEC$PLUGIN;
|
2014-01-27 08:14:10 +01:00
|
|
|
|
2014-12-24 16:23:42 +01:00
|
|
|
LOGIN TAG VALUE PLUGIN
|
|
|
|
==================== ========== ==================== ===============================
|
|
|
|
SYSDBA <null> <null> Srp
|
|
|
|
ALEX B x Srp
|
|
|
|
ALEX C sample Srp
|
|
|
|
SYSDBA <null> <null> Legacy_UserManager
|
2014-01-27 08:14:10 +01:00
|
|
|
|
|
|
|
Notice!
|
|
|
|
This feature highly depends upon user management plugin. Take into an account that some options
|
2017-10-17 13:14:53 +02:00
|
|
|
are ignored when using legacy user management plugin. For example attributes GID and UID are
|
|
|
|
uppercased (i.e. one gets 'GID' when enters 'gId') by legacy user manager, other - silently ignored.
|