firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 18:03:03 +01:00
Code Issues

Documentation changes for CORE-4607: Add support for having >1 UserManager in firebird.conf and use them from SQL

Browse Source
This commit is contained in:
alexpeshkoff 2014-12-24 15:23:42 +00:00
parent df0ecdac9a
commit 23c9e7e7fe
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
doc/sql.extensions/README.user_management
View File

@ -13,7 +13,7 @@ Syntax is:
ALTER USER name SET [PASSWORD 'password'] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ]
ALTER CURRENT USER SET [PASSWORD 'password'] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ]
CREATE OR ALTER USER name SET [PASSWORD 'password'] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ]
DROP USER name;
DROP USER name [USING PLUGIN name];
where OPTIONS is a (probably empty) list of following options:
- FIRSTNAME 'firstname'
@ -21,6 +21,7 @@ where OPTIONS is a (probably empty) list of following options:
- LASTNAME 'lastname'
- ACTIVE
- INACTIVE
- USING PLUGIN name
and each TAG may have one of two forms:
name = 'string value'
@ -34,7 +35,7 @@ Description:
Makes it possible to add, modify and delete users in security database using SQL language.
Firebird since version 3.0 supports multiple security databases. gsec utility and services API
do not support it and use of them to manage users is deprecated.
do not support it and use of them to manage users is deprecated.
CREATE and DROP clauses are available only for SYSDBA (or other user, granted RDB$ADMIN role in
security database). Ordinary user can ALTER his own password, wide names and tags. Attempt to modify
@ -46,7 +47,10 @@ in ALTER USER statement. Also notice that PASSWORD clause is required when creat
PASSWORD clause is enough self-descripting. Clauses FIRSTNAME, MIDDLENAME and LASTNAME too, but may
be also used to store any short information about user. Clauses INACTIVE/ACTIVE are used to disable
user's login to server not dropping it from the list and restoring that ability.
user's login to server not dropping it from the list and restoring that ability. USING PLUGIN clause
makes it possible to work with users not only with default management plugin (first listed in
UserManager parameter in firebird.conf) but also with others. gsec utility and services API do not
support multiple user management plugins - default one is always used.
TAGS is a list of end-user defined attributes. Length of the value should not exceed 255 bytes.
Assigning name some value sets new or modifies existing tag. To remove the tag use DROP option.
@ -56,14 +60,14 @@ Notice - UID/GID, entered by deprecated gsec, are treated as tags in SQL interfa
To access list of users please select from virtual tables SEC$USERS and SEC$USER_ATTRIBUTES.
Samples:
Samples (suppose UserManager=Srp,Legacy_UserManager in firebird.conf):
Generic:
CREATE USER alex PASSWORD 'test';
ALTER USER alex SET FIRSTNAME 'Alex' LASTNAME 'Peshkoff';
CREATE OR ALTER USER alex SET PASSWORD 'IdQfA';
DROP USER alex;
ALTER CURRENT USER SET PASSWORD 'SomethingLongEnough';
ALTER CURRENT USER SET PASSWORD 'SomethingLongEnough' USING PLUGIN srp;
Working with tags:
ALTER USER alex SET TAGS (a='a', b='b');
@ -88,16 +92,17 @@ Samples:
Displaying users' list:
SELECT CAST(U.SEC$USER_NAME AS CHAR(20)) LOGIN,
CAST(A.SEC$KEY AS CHAR(10)) TAG,
CAST(A.SEC$VALUE AS CHAR(20)) "VALUE"
CAST(A.SEC$VALUE AS CHAR(20)) "VALUE",
SEC$PLUGIN "PLUGIN"
FROM SEC$USERS U LEFT JOIN SEC$USER_ATTRIBUTES A
ON U.SEC$USER_NAME = A.SEC$USER_NAME;
LOGIN TAG VALUE
==================== ========== ====================
SYSDBA <null> <null>
ALEX B x
ALEX C sample
LOGIN TAG VALUE PLUGIN
==================== ========== ==================== ===============================
SYSDBA <null> <null> Srp
ALEX B x Srp
ALEX C sample Srp
SYSDBA <null> <null> Legacy_UserManager
Notice!
This feature highly depends upon user management plugin. Take into an account that some options